Keeping session open when using JSON API to third party

PeterWiles · ‎01-14-2014

Hi all,

I am currently creating a JSON Web Service integration with a third party but came across an issue when using the REST API.

To get data from the third party, you call their log in servlet with the credentials which returns a JSON response confirming the user details. You can then call other servlets to get various results back.

This works fine when placing the URLs in a browser but when using the REST API, the session is not held and the second call comes back with a 401 showing it's not autherised. The first call to log in works fine.

I have the third party looking into changing the API so that I can pass the session ID in the URL but has anyone got any pointers of how ServiceNow can hold the session?

Logged a call with HI and they advised it's just the way that ServiceNow works.

Pete

cwilker10 · ‎01-14-2014

If I understand the issue correctly, I believe your response from HI is accurate. ServiceNow will typically kill the session when it gets the response. Can you call the login REST message and then another to get the additional information you need? I know it's a bit clunky, but essentially what I'm envisioning is that you create a new session for each thing you need to grab via REST.

john_andersen · ‎01-14-2014

Typically these types of API's return a session handle either in the response body or the response HTTP header. In your subsequent calls, you reference that token To leverage your prior authentication.

this is most likely the case in your situation. I recommend you look at the http header for such a token.

PeterWiles · ‎01-15-2014

Hi cwilker10 I have looked at that but it doesn't look like you can chain the requests.

john.andersen I have requested the third party to amend the API to provide the session ID in the response which they have done then use that in the other API calls. Just need to test.

Thanks for the responses. Just wanted to make sure I wasn't missing something.