How to get access token by using OAuth configuration using client credentials to make Outbound call?

Go to solution
KM SN
Tera Expert

‎02-13-2025 05:51 AM - edited ‎02-13-2025 05:56 AM

When I click on Get OAuth token, I am getting OAuth flow successful and seeing access token in the OAuth Credentials but when I did same by going into the get token http method and testing the connection I am again getting the 401 error. I am not sure why this is happening?

 

If I want to leverage the access token produced by rest message how I need to get it for furthermore actions as I need to pass it as a header to make outbound call? 



R-1.png

R-2.png

R-3.png

0 Helpfuls
  • 4,983 Views
1 ACCEPTED SOLUTION

Go to solution
Rajesh Chopade1
Mega Sage
In response to KM SN

‎02-18-2025 06:10 AM

Create an OAuth Profile:

Navigate to: System OAuth > Application Registry. If you haven’t already created an OAuth Profile, you need to do so. This profile will store the OAuth credentials, such as the Client ID, Client Secret, and other authentication details.

 

OAuth provider details. (this info you can see when you going to create OAuth application registry)

  • Name: A unique name.
  • Client ID: Client ID of application registered in third-party OAuth server.
  • Client Secret: Client secret of application registered in third-party OAuth server.
  • Refresh Token Lifespan: Time in seconds the Refresh Token will be valid.
  • Authorization URL: OAuth Server's auth code flow endpoint. Required only for Authorization Code grant type.
  • Token URL: OAuth Server's token endpoint.
  • Token Revocation URL: OAuth Server's token revocation endpoint.
  • Redirect URL: OAuth callback endpoint. Leave it empty for auto-generation.

Attach the OAuth Profile to the REST Message:

Navigate to: System Web Services > Outbound > REST Message.
Either create a new REST Message or edit an existing one.
In the Authentication tab, under OAuth 2.0, select the OAuth Profile you created earlier. This links the REST message to the OAuth Profile, which will automatically handle token management for you.
Token Management: ServiceNow will automatically fetch, refresh, and append the access token to the Authorization header for all REST API calls made using this REST Message.

 

Using the REST Message in Scripts (Flow/BR/Script Include/Sjob): Once the OAuth Profile is linked to the REST Message, you can simply call the REST message from a Flow, Business Rule (BR), Script Include, or Scheduled Job.

You do not need to manually pass the Authorization header in your API calls anymore.

Also you can refer following links for same :
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0693451

 


https://www.servicenow.com/docs/de-DE/bundle/vancouver-api-reference/page/integrate/outbound-rest/ta...

 

View solution in original post

14 REPLIES 14

Go to solution
KM SN
Tera Expert
In response to Rajesh Chopade1

‎02-18-2025 01:22 AM

Obviously, I need to call the Rest message either from flow/BR or from Script include/Sjob so in this case if I don't want to send Authorization parameter every time when I make a call what is the configuration I need to be do in OAuth Profile Configuration.?

0 Helpfuls

Go to solution
Rajesh Chopade1
Mega Sage
In response to KM SN

‎02-18-2025 06:10 AM

Create an OAuth Profile:

Navigate to: System OAuth > Application Registry. If you haven’t already created an OAuth Profile, you need to do so. This profile will store the OAuth credentials, such as the Client ID, Client Secret, and other authentication details.

 

OAuth provider details. (this info you can see when you going to create OAuth application registry)

  • Name: A unique name.
  • Client ID: Client ID of application registered in third-party OAuth server.
  • Client Secret: Client secret of application registered in third-party OAuth server.
  • Refresh Token Lifespan: Time in seconds the Refresh Token will be valid.
  • Authorization URL: OAuth Server's auth code flow endpoint. Required only for Authorization Code grant type.
  • Token URL: OAuth Server's token endpoint.
  • Token Revocation URL: OAuth Server's token revocation endpoint.
  • Redirect URL: OAuth callback endpoint. Leave it empty for auto-generation.

Attach the OAuth Profile to the REST Message:

Navigate to: System Web Services > Outbound > REST Message.
Either create a new REST Message or edit an existing one.
In the Authentication tab, under OAuth 2.0, select the OAuth Profile you created earlier. This links the REST message to the OAuth Profile, which will automatically handle token management for you.
Token Management: ServiceNow will automatically fetch, refresh, and append the access token to the Authorization header for all REST API calls made using this REST Message.

 

Using the REST Message in Scripts (Flow/BR/Script Include/Sjob): Once the OAuth Profile is linked to the REST Message, you can simply call the REST message from a Flow, Business Rule (BR), Script Include, or Scheduled Job.

You do not need to manually pass the Authorization header in your API calls anymore.

Also you can refer following links for same :
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0693451

 


https://www.servicenow.com/docs/de-DE/bundle/vancouver-api-reference/page/integrate/outbound-rest/ta...

 

Go to solution
KM SN
Tera Expert
In response to Rajesh Chopade1

‎02-19-2025 11:36 AM

People keep on saying I need to pass the authentication header if I am calling the Rest Message inside the script. (Despite saying I have opted OAuth and attached OAuth Profile.).

This made me to find the script for getting access token and pass it as an authorization header.

But after this Answer Using the REST Message in Scripts (Flow/BR/Script Include/Sjob): Once the OAuth Profile is linked to the REST Message, you can simply call the REST message from a Flow, Business Rule (BR), Script Include, or Scheduled Job.

You do not need to manually pass the Authorization header in your API calls anymore.

I did check with background script, and I am able to hit the http method and getting back response and body just with calling the Rest Message.

Thank you....&... thank you very much for it!!

0 Helpfuls

Go to solution
AbhirupD
Tera Contributor
In response to Rajesh Chopade1

‎04-17-2025 04:00 AM

Hi @Rajesh Chopade1 

 

Do I need to pass Header as Authorization: Bearer <token> in REST Message call after getting Bearer Token from GetToken or it will be automatically taken care?

0 Helpfuls

Go to solution
Rajesh Chopade1
Mega Sage
In response to AbhirupD

‎04-24-2025 06:12 AM

hi @AbhirupD 
You need to explicitly include the Authorization: Bearer <token> header in your REST Message call unless you’ve configured the REST Message to use an OAuth 2.0 profile, which automates token handling. For manual control, add the header in the REST Message configuration or use a script to set it dynamically. If you’re using an OAuth profile, ensure it’s correctly linked to the REST Message to avoid manual header management.

0 Helpfuls