Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

REST Message

Go to solution
siliveri praval
Tera Contributor

‎10-07-2023 05:10 AM

Hello. All

                                                                                                                                                                                      

        How to Securely Passing User ID and Password in REST Message Calls Through Scripting

 

Thanks.

0 Helpfuls
  • 1,497 Views
1 ACCEPTED SOLUTION

Go to solution
Anand Kumar P
Giga Patron

‎10-07-2023 06:00 AM

Hi @siliveri praval ,

  • You wanted to call a REST service using RESTMessageV2.
  • By using setBasicAuth('userid', 'password') to provide credentials.
  • However, this approach was not secure because it exposed the password in your script, making it vulnerable to unauthorized access.
  •  Below is more secure way to handle this situation.
  • Create a REST Outbound Message in ServiceNow, which is a preconfigured way to send REST requests.
  • Inside this message, you defined a POST HTTP method to meet your requirements.
  • You set up the authentication profile within this method.
  • In your script, you invoked this REST message/method, and you didn't need to explicitly pass credentials because they were already defined in the authentication profile.
  • This approach allowed you to send dynamic parameters while maintaining a high level of security without compromising access.

    Thanks,
  • Anand

View solution in original post

2 REPLIES 2

Go to solution
Danish Bhairag2
Tera Sage

‎10-07-2023 05:48 AM

Hi @siliveri praval ,

 

Please check this below link

https://www.servicenow.com/community/developer-forum/how-to-pass-user-id-and-password-securely-when-...

 

Mark my answer helpful & accepted if it helps you resolve your query.

 

Thanks,

Danish

0 Helpfuls

Go to solution
Anand Kumar P
Giga Patron

‎10-07-2023 06:00 AM

Hi @siliveri praval ,

  • You wanted to call a REST service using RESTMessageV2.
  • By using setBasicAuth('userid', 'password') to provide credentials.
  • However, this approach was not secure because it exposed the password in your script, making it vulnerable to unauthorized access.
  •  Below is more secure way to handle this situation.
  • Create a REST Outbound Message in ServiceNow, which is a preconfigured way to send REST requests.
  • Inside this message, you defined a POST HTTP method to meet your requirements.
  • You set up the authentication profile within this method.
  • In your script, you invoked this REST message/method, and you didn't need to explicitly pass credentials because they were already defined in the authentication profile.
  • This approach allowed you to send dynamic parameters while maintaining a high level of security without compromising access.

    Thanks,
  • Anand