The CreatorCon Call for Content is officially open! Get started here.

Access scripted rest api only using OAuth2

Felix20
Mega Guru

‎11-27-2020 07:05 AM

Hallo,

we have a scripted rest api, that accepts incoming post requests.

At the moment we are using basic authentication. We create user profile with "Web service access only" set to true.

But there is a new policy from our customer, that prevents using basic auth. Activating OAuth on the instance is not a big deal. I already get a token requesting the oauth_token.do endpoint.

But how to configure scripted rest api to only allow requests with valid oauth token? How to prevent our rest api consumers from sending request with basic auth?

And second question. When I create a new "Create an OAuth API endpoint for external clients", grant type is using passwort credentials. So I need to set my servicenow user as well beside the OAuth clientId and secret. How to configure  "Client Credentials" so I only need clientId and secret?

 

Best regards,

 

0 Helpfuls
  • 2,773 Views
1 REPLY 1

Ankur Bawiskar
Tera Patron
Tera Patron

‎11-27-2020 07:12 AM

@Felix 

Out of the box you cannot force 3rd party to consume Scripted REST Using OAuth only.

There is this workaround worth trying

Inbound Rest endpoint restricted to OAUTH Authentication

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls