Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Flow Action, REST step, Issue adding Credential

Jamsta1912
Tera Guru

‎09-27-2023 04:04 AM

Hi all,

I'm trying to create a flow action to make an API call.

I have created a credential record (API Key), a connection record, and an alias.

I'm using the connection alias in my REST step, and I'm using the data pill to add the credential value to the header:

restStep.jpg

 

When I test the step, I get an error: code: 401 - Invalid username/password combo.

If I paste the API token directly into the value for the token header (in lieu of the Credential value data pill) the API call is made successfully.

 

And here's the thing: when I look at the Request headers in the outbound HTTP log, I can see that ServiceNow is adding the text 'authorization=' in front of the actual API key, and it's leaving the 'token' header without a value:

outboundHTTPLog.jpg

 

So I can make this work, by simply pasting the API key directly into the value for the token header, but I would like to avoid having to do this, and would prefer to follow best practice using the connection alias.

 

Any thoughts on this issue?

 

Thanks

 

  • 3,581 Views
6 REPLIES 6

Jeremy Duncan
ServiceNow Employee
ServiceNow Employee

‎01-04-2024 12:42 PM

Want to check this out and see if it works for you? https://www.servicenow.com/community/developer-forum/how-to-access-api-key-credential-in-flow-design...

Jamsta1912
Tera Guru
In response to Jeremy Duncan

‎01-15-2024 10:10 AM

Hi Jeremy,

Thanks for your reply. That is the methodology I was using but I still had the strangeness with the headers. In the end I reached out to ServiceNow support. It seems like a peculiar bug with the instance I'm working on (neither I nor support could replicate the issue in a PDI). In the end they suggested using a Lookup Record step as a workaround, to get the credential record itself rather than the alias. I am happy with that - not much effort and it still avoids having to paste in the API key directly into the action.👍

0 Helpfuls

Alex153
Tera Contributor
In response to Jamsta1912

‎06-24-2024 02:17 AM

Hi, can you please share how did you configure Lookup Record step as a workaround?
Thanks.

0 Helpfuls

Jamsta1912
Tera Guru
In response to Alex153

‎06-25-2024 05:48 AM

Hi Alex,

 

Yes, the first step is to use 'Lookup record' against the 'API Key Credentials' table, like so:

Jamsta1912_0-1719319138485.png

Notice that the 'API Key' field is then available in the datapicker.

 

Then, in the REST step, I was able add the API Key as the value to the 'token' header:

Jamsta1912_1-1719319253250.png

 

So, this workaround is secure and still as easily maintainable as using a connection alias, as the actual value of the API Key is still abstracted away from the flow itself.