Is it okay to pass Bearer token through script despite it deals automatically in REST message??

KM SN
Tera Expert

I have opted OAuth authentication in Rest message whenever I am calling the rest message automatically validates token if it expired it gets new token if not it will use the existed token.

 

But third party asking me to send bearer token separately through body or header? Is that works? Is it best practice sending bearer token again whenever making rest call?

 

How to get this bearer token when I am using client ID credentials method? 

 

 

 

12 REPLIES 12

Shivalika
Mega Sage

Hello @KM SN 

 

Yes you can send directly in the Content Header , you need to pass. But the way to pass that third party would have configured. Check their API documentation. 

 

We are using it. 

 

You can make the value field dynamic and keep updating the parameters to pass fresh everytime as best practices. Hardcoding is not preferred. 

 

Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for the efforts and also move this questions from unsolved to solved bucket. 

 

Regards,

 

Shivalika 

 

My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194

 

My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY

As I opted OAuth Getting access token and using it/ sending it is a default mechanism, right? I need not to pass it separately.

Actually, the issue is we are doing integration with power automate. To trigger the flow, we need to make call to their side endpoint when I make it first it goes to Azure validation once it is validated then it goes back to power automate.

In this process what power automate people are saying is Azure passing only body and required parameters and cutting down all the headers while passing to power automate so they are unable to get this access token through headers.

so, this is the reason they are expecting us again to pass as a parameter inside a body. for this I need to glide OAuth Credentials and need to get the access token to pass it.? Does it have any negative consequence servicenow side? 

In case token expired I can't pass valid token, right? 

Ok @KM SN Now I got your whole thing. 

 

So, this is expected actually that they will not be getting the headers because it's for Azure use and not their use. Their use is Parameters and body. If they would have created their own ApI documentation where they have their own content headers and everything then they would be getting. But here a middleman is involved, so thats why they are not getting and it's default mechanism. 

 

So, they are telling to pass access token in parameters, you can of course do that. However I am curious about, what's the business requirement ? Do they need it to test something. ? 

 

What I am sure about is there shouldn't be any issue - why because Azure is their own partner which they are using for authentication handling instead of creating their own. Microsoft Azure is used by sooo many tenants for this purpose. There are some who create it from scratch on their own and use it. So, feasibility wise there isn't any issue. 

 

As for consequence on servicenow side, I don't think so, because see it practically, if they had had their own authentication mechanism they would anyway be getting the access token in headers right ? So, per servicenow this is just another parameter you are passing and nothing else. 

 

But they should make sure who have access to this access token, because it could be used to retrieve data if they have endpoints on their hand. 

 

Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for the efforts and also move this questions from unsolved to solved bucket. 

 

Regards,

 

Shivalika 

 

My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194

 

My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY

Thanks for response,

May I know how pass it through script? Do I still need to attach OAuth profile in rest message when I am passing parameter through script?

There are few concerns I have please address them to proceed further as I am having no clue how to go forward. Hope you understand the issue might knew the solution as well.



As I have opted OAuth authentication in Rest message whenever I am calling the rest message automatically validates token if it expired it gets new token if not it will use the existed token.

How can I get access token through script to forward it as a parameter??

@Shivalika  Please let me know this.