REST Message

Go to solution
siliveri praval
Tera Contributor

‎10-07-2023 05:10 AM

Hello. All

                                                                                                                                                                                      

        How to Securely Passing User ID and Password in REST Message Calls Through Scripting

 

Thanks.

0 Helpfuls
  • 1,178 Views
1 ACCEPTED SOLUTION

Go to solution
Anand Kumar P
Giga Patron
Giga Patron

‎10-07-2023 06:00 AM

Hi @siliveri praval ,

  • You wanted to call a REST service using RESTMessageV2.
  • By using setBasicAuth('userid', 'password') to provide credentials.
  • However, this approach was not secure because it exposed the password in your script, making it vulnerable to unauthorized access.
  •  Below is more secure way to handle this situation.
  • Create a REST Outbound Message in ServiceNow, which is a preconfigured way to send REST requests.
  • Inside this message, you defined a POST HTTP method to meet your requirements.
  • You set up the authentication profile within this method.
  • In your script, you invoked this REST message/method, and you didn't need to explicitly pass credentials because they were already defined in the authentication profile.
  • This approach allowed you to send dynamic parameters while maintaining a high level of security without compromising access.

    Thanks,
  • Anand

View solution in original post

2 REPLIES 2

Go to solution
Danish Bhairag2
Tera Sage
Tera Sage

‎10-07-2023 05:48 AM

Hi @siliveri praval ,

 

Please check this below link

https://www.servicenow.com/community/developer-forum/how-to-pass-user-id-and-password-securely-when-...

 

Mark my answer helpful & accepted if it helps you resolve your query.

 

Thanks,

Danish

0 Helpfuls

Go to solution
Anand Kumar P
Giga Patron
Giga Patron

‎10-07-2023 06:00 AM

Hi @siliveri praval ,

  • You wanted to call a REST service using RESTMessageV2.
  • By using setBasicAuth('userid', 'password') to provide credentials.
  • However, this approach was not secure because it exposed the password in your script, making it vulnerable to unauthorized access.
  •  Below is more secure way to handle this situation.
  • Create a REST Outbound Message in ServiceNow, which is a preconfigured way to send REST requests.
  • Inside this message, you defined a POST HTTP method to meet your requirements.
  • You set up the authentication profile within this method.
  • In your script, you invoked this REST message/method, and you didn't need to explicitly pass credentials because they were already defined in the authentication profile.
  • This approach allowed you to send dynamic parameters while maintaining a high level of security without compromising access.

    Thanks,
  • Anand