Hello @Vamshi_ch123 

In ServiceNow’s implementation of OAuth 2.0, you cannot omit grant_type in the token request.
The OAuth spec requires a grant type to indicate the flow being used, and ServiceNow’s OAuth engine expects it in the POST /oauth_token.do call. There is no official way to generate credentials or access tokens without specifying a grant type, even if a client claims it’s “deprecated” — the token endpoint requires it as part of the OAuth protocol.

According to ServiceNow’s official documentation on OAuth 2.0, these grant types are supported:

• Authorization Code — for user‑interactive flows where consent/user login is involved.

• Resource Owner Password Credentials — where username/password are directly submitted.

• Client Credentials — machine‑to‑machine/token flow for server‑to‑server integrations.

ServiceNow’s docs list these grant types and explain them as part of configuring OAuth applications in the Application Registry.

Without specifying a grant_type, the OAuth token endpoint won’t know how to issue a token, so there’s no alternate ServiceNow flow that completely removes it.
If this response proves useful, please mark it as Accept as Solution and Helpful. Doing so benefits both the community and me. 👍🙂

Hi @Vamshi_ch123,

ServiceNow does not support OAuth 2.0 authentication without a grant type.

In OAuth 2.0, the grant type is a mandatory parameter defined by the OAuth 2.0 specification (RFC 6749). It identifies which authorization flow the client is using. Without a grant type, the token request is invalid, and ServiceNow will reject it.

The grant type itself is not deprecated. Only certain grant types—such as password and implicit—are deprecated. ServiceNow fully supports modern and recommended OAuth 2.0 grant types, including:

• client credentials – for system-to-system integrations

• authorization code with PKCE – for user-based access

• JWT bearer – for secure server-to-server authentication

If a client wants authentication without a grant type, then they are not using OAuth 2.0 and must use a different authentication mechanism, such as Basic Authentication or mutual TLS .

References

• ServiceNow OAuth 2.0 Documentation:
  https://docs.servicenow.com/bundle/washingtondc-platform-security/page/integrate/authentication/conc...

If you find this helpful, please give a 👍 and accept the solution.

Regards,
Abhishek Wangate
Technical Consultant

@Vamshi_ch123 

OAuth 2.0 authentication doesn't work without grant_type

If your client doesn't want grant type then possibly they are not clear on OAuth 2.0 concept

grant_type = password is not widely used nowadays

Your customer might be thinking about this

ServiceNow supports other grant types for Inbound such as Authorization Code, Client Credentials

you can refer those

How to configure Client Credentials grant type for inbound OAuth 

Up Your OAuth2.0 Game: Inbound Client Credentials with Washington DC              

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏