Integrate ServiceNow with Azure API Manager

tim2222 · ‎02-26-2021

Goal

To present the ServiceNow SOAP interface via the Azure API Manager with OAuth 2.0 authentication. You might want to do this so you can present all your enterprise applications through a single developer portal.

Setup

ServiceNow

All steps require admin permissions.

OAuth Registry

Navigate to System OAuth > Application Registry. Click New to create a new entry. Select Create an OAuth API endpoint for external clients.

Field	Value
Name	Azure API Manager
Client ID	auto-generated
Client Secret	leave blank

Click Save. Note the Client ID and Client Secret for later. Once you have created the Azure API Manager you will need to return to this record to set the Redirect URL.

SOAP WSDL

Navigate to /incident.do?WSDL

Save the resulting WSDL content to a file.

Azure

You will require an Azure subscription with permission to create an API Manager.

API Manager

On https://portal.zure.com create or open an existing Resource Group. Click Add to create a new resource and select API Manager. It can take 30+ minutes for this to complete.

Open your new API Manager instance.

In the APIs blade click Add API. Select WSDL type.

Select the WSDL XML file you previously saved from ServiceNow.

Change Import method to SOAP to REST (this will create a REST version of the ServiceNow SOAP API).

Click Create.

Modify POST to GET

For REST APIs you use a GET method to retrieve data. Because all SOAP requests are POST the API Manager has created all our front-ends as POST methods. Instead we want to translate a frontend RESTful GET into a backend SOAP POST.

In your new API open the get operation, which is currently a POST method.

In the Frontend settings change the URL from POST to GET.

Add two Query parameters of type string, sys_id and view. Make sys_id required:

Save the changes.

In the Inbound Processing panel open the policy editor ().

Modify the inbound section to (note additional set-method to change the request to a POST):

    <inbound>
        <base />
        <rewrite-uri template="/incident.do?SOAP" copy-unmatched-params="false" />
        <set-header name="SOAPAction" exists-action="override">
            <value>"http://www.service-now.com/incident/get"</value>
        </set-header>
        <set-body template="liquid">
			<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns="http://www.service-now.com/incident" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
				<soap:Body>
					<get>
                {% if context.Request.OriginalUrl.Query.sys_id %}
                <sys_id>{{context.Request.OriginalUrl.Query.sys_id}}</sys_id>
                {% else %}
                <sys_id xsi:nil="true" />
                {% endif %}
                {% if context.Request.OriginalUrl.Query.view %}
                <__use_view>{{context.Request.OriginalUrl.Query.view}}</__use_view>
                {% else %}
                <__use_view xsi:nil="true" />
                {% endif %}
            </get>
				</soap:Body>
			</soap:Envelope>
		</set-body>
        <set-header name="Content-Type" exists-action="override">
            <value>text/xml</value>
        </set-header>
        <set-method>POST</set-method>
    </inbound>

Open the All operations and open the policy editor for Inbound processing. Modify this to show:

<inbound>
        <base />
        <set-header name="Authorization" exists-action="override">
            <value>@(context.Request.Headers.GetValueOrDefault("Authorization","").Replace("bearer", "Bearer"))</value>
        </set-header>
    </inbound>

This will allow us to pass-through an OAuth2 authentication to ServiceNow and fix a case-sensitivity issue.

Click Save.

OAuth 2.0 Service

Click the OAuth 2.0 + OpenID Connect blade. Click Add.

Fill out the form as follows:

Field	Value
Display name	e.g. ServiceNow-Dev
Client registration page URL	https://{instance name}.service-now.com
Authorization endpoint URL	https://{instance name}.service-now.com/oauth_auth.do
Token endpoint URL	https://{instance name}.service-now.com/oauth_token.do
Client ID	Client ID from ServiceNow application registry
Client secret	Client secret from ServiceNow application registry

Copy the Authorization code grant flow URL into the Redirect URL value of the ServiceNow Application Registry you created earlier.

Click Save.

Open the APIs blade and open your ServiceNow API. Open Settings.

Add the Starter and Unlimited products (this will publish the API to the developer portal).

Change Security to OAuth 2.0. Select the new OAuth 2.0 service you just created.

Click Save.

Developer Portal

In API Manager open the Portal overview blade. Click Publish and Enable CORS.

In the Overview blade copy the URL for the Developer portal URL. Open an Incognito/Private browser and open the developer portal.

Navigate through Explore APIs, ServiceNow_incident and open the get operation. Click Try it.

Under Authorization change it to authorization_code. Assuming all the OAuth is configured correctly you will be prompted to log into ServiceNow and to Allow access to the API Manager.

Enter the sys_id of an Incident in your instance.

Click Send to send the query.

You should get a 200 response and the content of the Incident in JSON format.