Scripted REST API: How to forward Basic Auth header to a subsequent REST call?

Smith Johnson · 22 hours ago

Hello,

I have 2 instances, where Instance 1 calls a scripted rest API in instance 2, which subsequently calls the Service Catalog API (of instance 2) (shown below). Instead of calling directly the catalog API, there is a pre-processing and error-handling in the scripted rest API.

The use case that I am trying to implement is around the used authorization:
From Instance 1, when I trigger the Scripted REST API of instance 2, a combination of username and password is used as authorization header (i.e., Basic Auth). Then, I want to use the same authorization to the second call to the Service Catalog API.

I tried the following but it doesn't seem to work. This is code that I use in the scripted rest API in instance 2:

var authHeader = request.getHeader("Authorization"); //Authorization header received from instance 1, e.g., Basic Y3N...
var encoded = authHeader.substring(6); // strip "Basic "
var decoded = String(GlideStringUtil.base64Decode(encoded));
var idx = decoded.indexOf(':');
var user = decoded.substring(0, idx); //get username
var pswd = decoded.substring(idx + 1); //get password
var authCombo = "Basic "+GlideStringUtil.base64Encode(user + ':' + pswd);
var serviceCatalogRequest = new sn_ws.RESTMessageV2();
serviceCatalogRequest.setEndpoint("https://xxxxxxx.service-now.com/api/sn_sc/servicecatalog/items/xxxxxxxx/order_now");
serviceCatalogRequest.setHttpMethod("POST");
serviceCatalogRequest.setRequestHeader("Authorization", authCombo); //Authorization for the second API call

In a nutshell, what I am trying to achieve is the following: Instance 1 sends a Basic Auth Authorization header when calling the Scripted REST API on Instance 2. I want to extract those credentials and reuse them for the subsequent call to the Service Catalog API. Essentially a pass-through of the same authorization.

How can I achieve this?

Thank you,
Smith.

Ankur Bawiskar · 18 hours ago

@Smith Johnson

when you don't pass any authentication details does it throw error?

why not use Cart API or CartJS API?

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader

Smith Johnson · 18 hours ago

@Ankur Bawiskar
If i don't pass any authentication details for the service catalog API, then there is indeed an error "User is not authenticated".

Ankur Bawiskar · 17 hours ago

@Smith Johnson

Got it

But any reason you don't wish to use Cart API or Cart JS?

try this once

var authHeader = request.getHeader('Authorization'); // Basic abcdef...
    if (!authHeader || authHeader.indexOf('Basic ') !== 0) {
        response.setStatus(400);
        response.setBody({error: 'Missing Basic Authorization header'});
        return;
    }

    var encoded = authHeader.substring(6);
    var decoded = GlideStringUtil.base64Decode(encoded); // username:password

    var parts = decoded.split(':');
    var user = parts[0];
    var password = parts.slice(1).join(':');

var request = new sn_ws.RESTMessageV2();
request.setEndpoint('https://xxxxxxx.service-now.com/api/sn_sc/servicecatalog/items/xxxxxxx/order_now');
request.setHttpMethod('POST');

request.setBasicAuth(user,password);
request.setRequestHeader("Accept","application/json");

var response = request.execute();
gs.log(response.getBody());

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader

Tanushree Maiti · 21 hours ago

var authCombo = request.getHeader('Authorization');

if (authCombo) {

var serviceCatalogRequest = new sn_ws.RESTMessageV2();

serviceCatalogRequest.setHttpMethod('POST');

serviceCatalogRequest.setEndpoint("https://xxxxxxx.service-now.com/api/sn_sc/servicecatalog/items/xxxxxxxx/order_now");

serviceCatalogRequest.setRequestHeader('Authorization', authCombo);

serviceCatalogRequest.setRequestHeader('Content-Type', 'application/json');

var response = serviceCatalogRequest.execute();

var responseBody = response.getBody();

var statusCode = response.getStatusCode();

}

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti

Smith Johnson · 18 hours ago

Hello @Tanushree Maiti ,

thank you for your reply.

With your proposed approach, I still have the issue "User is not authenticated".