- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2024 06:02 AM
Hello!
We have an API that we would like to connect to via REST but one of the requirements is to encrypt some of the values using AES256-GSM. In our case, the endpoint contains some information that we want to encrypt so the requirement is to generate a one time key and nonce, encrypt the data with the key, and send the key as part of the body of the API request. Our plan is to use scripting to generate the key, encrypt the data, create the rest message and handle the response.
The main challenge in this request is that there doesn't appear to be any JavaScript utilities in ServiceNow that support this requirement. The closest we found was CyrptoJS, which we were able to get working, but that library doesn't support AES256-GCM. Is there any way that this could be done with an existing library or maybe importing our own library?
There is a KMF module in ServiceNow that supports AES256-GCM so it seems like there must be some support for this encryption type but we're not sure if that is exposed to customers for scripting.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2024 07:27 AM
I did ask ServiceNow for help and was unable to obtain an answer that met our requirements.
We ended up using the CryptoJS library and falling back to a different encryption mode. Encryption is a key way to protect data in API calls. I'm not sure why there is little support for this feature set using scripting. I'm sure ServiceNow wants to push people more toward Integration Hub but in reality, there's an infinite number of API's we could integrate with in ServiceNow so there should be more effort into ensuring the basic scripting tools are available in the platform.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-16-2024 07:29 AM
Any thoughts?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2024 07:27 AM
I did ask ServiceNow for help and was unable to obtain an answer that met our requirements.
We ended up using the CryptoJS library and falling back to a different encryption mode. Encryption is a key way to protect data in API calls. I'm not sure why there is little support for this feature set using scripting. I'm sure ServiceNow wants to push people more toward Integration Hub but in reality, there's an infinite number of API's we could integrate with in ServiceNow so there should be more effort into ensuring the basic scripting tools are available in the platform.
