ServiceNow outbound REST- CSRF token based authentication
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-20-2018 04:27 AM
I have an REST API which provides CSRF based authentication. User needs to provide the CSRF token in the header and it returns the response. Below is my API endpoint and request headers from POSTMAN
GET https://sky.cloud.example.com/v2/profiles?org=sky
Accept:application/json
X-CSRF-Token:4mhC3OZW33myyJgAo2fHYL647F0CcqJAThe issue is I can invoke the API through POSTMAN but when I try it through ServiceNow Background script, I got error. Below is my script:
var request = new sn_ws.RESTMessageV2();
request.setEndpoint('https://sky.cloud.example.com/v2/profiles');
request.setHttpMethod('get');
request.setQueryParameter("org","sky");
request.setRequestHeader("Accept","application/json");
request.setRequestHeader("X-CSRF-Token","4mhC3OZW33myyJgAo2fHYL647F0CcqJA");
var response = request.execute();
responseBody = response.haveError() ? response.getErrorMessage() : response.getBody();
var parser = new global.JSON();
var str = parser.decode(responseBody);
gs.debug(JSON.stringify(str));
Below is the output:
x_dev: "Method" (sys.scripts extended logging)
My Question - Is ServiceNow support authentication where we can pass CSRF token in the request header with authentication as No Auth. If yes, is there something wrong with my script.
- Labels:
-
Integrations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-20-2018 07:22 AM
Hi Arun,
There has been a ServiceNow KB article published where they have made the REST API Client secured against CSRF.
KB0565021: As per this article, try implementing the 1st work around
- Set glide.security.use_csrf_token to false (not recommended)
Though its not recommended, you would come to know if it works or not.
It would be great if you can share your outcomes as well.
Regards,
Surendar M
