- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
02-25-2024 11:24 PM - edited 02-25-2024 11:26 PM
Hi ServiceNow Gigs,
Things which we need to be aware of while doing any kind of Integration and we have to ask the requestor the below information:-
- Decide what we want to use and what our third party supports : REST or SOAP. If it supports both, we will go for REST.
- End point details for this third party tool.
- If there is any requirement to use Mid Server or not. If on same network then not needed. If on the other network then we should use mid-server.(in case of AIRBUS , we are using MID-Server as their 3rd party is hosted locally on their network.
- Request Body is needed(JSON details ).
- User name and password for third party if you are pushing or pulling the data to third party tool.(Authentication details can be given as a token also).
- We need to decide how we want to integrate, Workflow, Business rules, Script includes or scripted web services.(in our case we can use Workflow to call the Rest Message in run-script)
- We need to decide on Actions which we have to perform, such as get, put, post, update, delete, etc.
|
HTTP Methods Used |
Meanings |
|
GET |
The GET method is used to retrieve information from the given server using a given URI. |
|
POST |
POST request is used to send data to the server. |
|
PUT |
Replaces all current representations of the target resource with the uploaded content. |
|
DELETE |
Removes all current representations of the target resource given by a URI. |
Sample Example what we need from Client/requestor:-
Endpoints:- https://xxx.service-now.com/api/now/table/incident
Authorization Details:- username and Password or token(bearer token)
Request Body:-
{
"caller_id":"ravi.gaurav",
"short_description":"new to api"
}
Content Type:- application/json
Accept :- application/json
Methods:- POST/GET/PUT/Delete
I hope all are clear on the above point. If any of the info is missing from the requestor end then it will be a blocker for our story. So make sure that we need to get the details from the requestor as soon as we analyze the API story.
Demo Video :-
https://www.youtube.com/watch?v=q0z8sZ6l3JY&list=PLKH9bPqlw1nfPpLULqorWsRiCKD2nNKUP
Thanks
Ravi Gaurav
ServiceNow MVP 2024
- 3,426 Views
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi @Ravi Gaurav ,
Comeing to authentication types they are:
NO authentication -
Basic - nedd user name password for authentication
OAuth -
can u explain this one , and which Authentication is best
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Choosing the best authentication method among "No authentication," "Basic authentication," and "OAuth" depends on various factors such as security, user experience, and the specific requirements of your application or integration. Let's evaluate each option:
-
No Authentication:
- Advantages: Simple to implement and lightweight. There's no need for users to remember or provide any credentials.
- Disadvantages: Offers no security as there's no validation of the user's identity. It leaves your system vulnerable to unauthorized access, data breaches, and other security threats. Not suitable for applications where data protection is crucial.
-
Basic Authentication:
- Advantages: Easy to implement and understand. Requires only a username and password for authentication.
- Disadvantages: Less secure compared to OAuth. User credentials are sent with each request, potentially exposing them to interception or unauthorized access if not transmitted over HTTPS. Also, users may need to share their credentials directly with third-party applications, raising privacy concerns.
-
OAuth:
- Advantages: Provides a more secure and flexible approach to authentication and authorization. Users don't need to share their credentials with third-party applications, reducing the risk of credential exposure. OAuth allows for granular access control, enabling users to grant specific permissions to applications. It also supports token expiration and refresh mechanisms, enhancing security.
- Disadvantages: More complex to implement compared to basic authentication. It requires additional setup, including registering OAuth clients and handling token management. However, the added security and flexibility usually outweigh the complexity, especially for applications dealing with sensitive data or requiring user privacy.
Conclusion: In most cases, OAuth is considered the best authentication method among the three options mentioned. It offers a good balance between security, usability, and flexibility. However, the choice ultimately depends on your specific use case, considering factors such as the sensitivity of the data being accessed, compliance requirements, and the user experience you aim to provide. For applications where simplicity is a priority and security risks are minimal, basic authentication might suffice. However, for integrations involving sensitive data or where user privacy is critical, OAuth is generally the preferred choice.
Mark Helpful !! if you feel so
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello all
Exalate is a decentralized integration solution, where you can granuarly decide which data will be send over.
It performs authentication through the underlying platform. Whenever there is a need to log into the application, Exalate will check with the platform if the authenticated user is authorized to perform configuration tasks or not. The authentication protocol is either 'Basic Authentication' or 'Oauth' based. Since Exalate doesn’t have a user directory concept, there is no need for an SSO Solution integration.
In a result, integrations become way smoother and easier.
