Is it possible to validate OAuth 2.0 token in Custom Inbound API

Go to solution
Nisar3
Giga Guru

‎01-19-2025 09:40 PM

We have a custom inbound API and under it a resource (sys_ws_operation). When the consumer hits this resource, is there a way to validate if the token received in the header is valid (i.e. the same that ServiceNow gave to the client)?

 

(function process( /*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {

// check token here and verify is it's valid
   
})(request, response);
0 Helpfuls
  • 833 Views
1 ACCEPTED SOLUTION

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎01-19-2025 10:09 PM

@Nisar3 

are you using OAuth 2.0 here?

I think you have created a scripted REST API and willing to check if the endpoint was hit with OAuth details or not

If yes then check this link

Inbound Rest endpoint restricted to OAUTH Authentication 

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

6 REPLIES 6

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎01-19-2025 10:09 PM

@Nisar3 

are you using OAuth 2.0 here?

I think you have created a scripted REST API and willing to check if the endpoint was hit with OAuth details or not

If yes then check this link

Inbound Rest endpoint restricted to OAUTH Authentication 

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to Ankur Bawiskar

‎01-19-2025 10:11 PM

@Nisar3 

Thank you for marking my response as helpful.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Go to solution
Nisar3
Giga Guru
In response to Ankur Bawiskar

‎01-19-2025 10:12 PM

Yes, that helps. It gets me over Step 1 (i.e. retrieving the token value from header). Now step 2 would be  verifying if the token value is valid or not. How can we do that? We have the Manage Tokens table but the value there would be encrypted, right?

 

For example, we received the token value "abc" in Authorization header. Now where do I compare this "abc" value with?

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to Nisar3

‎01-19-2025 10:18 PM

@Nisar3 

but why you wish to validate?

ServiceNow will handle this OOB and if token they retrieved isn't valid they won't be able to consume the endpoint.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls