REST API (OAuth2.0-Client Credential Grant) using RESTMessageV2 in a script security consideration

Alex H
Tera Contributor

‎05-23-2023 12:19 PM

Hi all,

Just wondering if there are any security considerations I need to account for when calling the RESTMessageV2 API in a script to call a REST Message using OAuth2.0-Client Credential Grant. For example, I need to make sure that Client ID, Client Secrets and Access Tokens are not exposed in any logs. The OAuth Application Registry has been set up in ServiceNow with an external application being the 3rd party OAuth provider with Client Credential Grant type and the REST message authentication is set up using OAuth 2.0 using the OAuth provider and profile. Here is the sample script I am attempting to call in my business rule:

 

//BR REST call sample
var sm = new sn_ws.RESTMessageV2("REST_MESSAGE_RECORD_SAMPLE","post");

var response = sm.execute();

Thank you!

0 Helpfuls
  • 969 Views
1 REPLY 1

Mehta
Kilo Sage
Kilo Sage

‎05-24-2023 12:00 AM

Usually if you have not put any gs.info message to print these information then nothing will be logged. 

The tokens are managed separately  in a different module. Setting Authentication Method  as Oauth in the Rest Method will make it secure. 

0 Helpfuls