OAuth 2.0 Client Credentials Flow for Middleware Integration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
6 hours ago
Hi Community,
We are working on a custom middleware service (hosted on our own HTTPS endpoint) that needs to connect to ServiceNow APIs using OAuth 2.0 Client Credentials flow.
Here’s what I’ve done so far:
Created an Application Registry in ServiceNow (System OAuth → Application Registry → OAuth API endpoint for external clients) with the default settings.
Tried generating an access token in Postman using grant_type = client_cedentials (with Client ID and Secret in Basic Auth).
Issue:
The request fails and I do not receive a valid token.
What I need:
A valid client credentials token that my middleware can use to call ServiceNow APIs.
Token should have all required scopes/permissions (or guidance on how to configure the right ones).
My Questions:
How should I correctly configure the Application Registry to allow client credentials flow?
Is there a way to assign all scopes/roles to the token, so the middleware can access APIs like incidents, tables, comments, attachments, etc.?
Are there limitations in ServiceNow where some APIs cannot be accessed using client credentials flow (and require a user-context token instead)?
Additional context:
We are not looking for direct Jira → ServiceNow connectivity.
Instead, we have a custom middleware that handles synchronization between Jira and ServiceNow.
For this to work, we want ServiceNow to authenticate with our middleware via OAuth (preferably Client Credentials grant) so that the integration runs in the background without user intervention.
Regards,
Naveen
@majo.francis@mgtechsoft.com, @Rohan.k@mgtechsoft.com
