Security constraints prevent ordering of Item

suzie · ‎06-06-2019

Trying to use the REST API to create service catalog items and receiving this response:

Here is the Request:

POST https://<instance-name>/api/sn_sc/servicecatalog/items/3Dbbc694f8db8033403242f9baae9619dc/add_to_cart

Body of Request:

{
"sysparm_quantity": 1,

"variables": 
{
"Short_Description": "Test",
"System": "Workday",
"Requestedby": "3Dfd9a1b54dbd32f001c1079fdae9619c0",
"Subcategory": "Finance",
"Description:": "Test"

}
}

Response:

400 Bad Request

{
  "error": {
    "message": "Security constraints prevent ordering of Item",
    "detail": ""
  },
  "status": "failure"
}

I have tried several different things, including creating my own REST API in ServiceNow and calling that.
Nothing works.
Has anyone ever successfully used these APIs?

Peter de Bock1 · ‎06-06-2019

hi Suzie,

Is the account in the 'Requested by' able to request the item via the Catalog? Just to make sure the Item is active and the Requested User is able to request the item. If the User is not able to request it using the catalog it could be that the "Available for" or "Not Available for" (related list in catalog item) is excluding the item for the Requested by User.

regards, Peter

Please mark this as correct or helpful (in case it is :-)), so other people can find it too

chercm · ‎11-25-2023

@Peter de Bock1 i am using the admin user and it have all the permission group and able to request the catalog item but not from the API Explorer and postman. i even tried with different user account same error .

suzie · ‎06-07-2019

Hi Peter,

Thanks for your response. Yes, the requestedby is an admin. If there is nothing in the 'Available For' and 'Not Available For' related list, does this prevent users from adding to cart?

Peter de Bock1 · ‎06-07-2019

hi Suzie,

I just run a succesfull test using the REST API Explorer. See attached example. It's a simple one, but you could maybe start with a simple one too and add step by step some variable to it. Or try using another catalog item to find if the catalog item is causing it.

The error "Security constraints prevent ordering of Item" in your case is documented as:

indicates that either the cart item sys_id specified in the path parameters is invalid or the user does not have access to the item.

The 'Available' related lists could influence, however is weird as in your case you are using an admin account. Something else, is the catalog item active?

More information you can find at: https://developer.servicenow.com/app.do#!/rest_api_doc?v=madrid&id=r_SCatAPIAddItemToCartPOST

Hopefully you can solve it with above.

regards, Peter

Please mark this as correct or helpful (in case it is :-)), so other people can find it too