Set an encrypted field through the REST API
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-12-2018 11:10 AM
Hi,
I'm trying to do a a PUT the Table rest endpoint as described in:
https://developer.servicenow.com/app.do#!/rest_api_doc?v=jakarta&id=r_TableAPI-PUT
so that I can set the value of an encrypted field. I'm setting the parameter "sysparm_input_display_value" to true as described in the docs, but it's not persisting the value to the field. My API user does have a role that has an encryption context. But how do you even pick which encryption context to use for your API user when submitting requests? If you have multiple encryption context roles on your user, how would the API determine which one to use to encrypt the field value?
The documentation states:
"To set the value of an encrypted field, you must set this parameter (sysparm_input_display_value) to true. If this parameter is not set to true, values submitted to encrypted fields are not saved. Additionally, the requesting user must have the appropriate encryption context prior to submitting the request."
How does your user (which you are using to submit requests to the API) obtain the "appropriate encryption context"? In the UI you can have the encryption context dropdown where you can select, but how do you do that for an API submission?
I have seen some posts pointing to GlideRecord / GlideEncryptor scripts where you can in that scritpting world get and set the contextID, but those scripting approaches are not helpful to me as I'm submitting the API requests from a .NET console application.
What am I missing? Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2018 10:22 PM
Hi Taj,
The "appropriate encryption context" is assigned to the user. Since the table API call requires an existent and authorized user within ServiceNow; it is that user the one that needs to have appropriate encryption context assigned.
In other words... the encryption context is not assigned within an API call, but previously assigned to the user the one you're using to make your API calls.
Thanks,
Berny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2018 10:28 PM
Here goes the documentation that explains the steps to assign the encryption context to a given role (the one then needs to be assigned to the user )
Thanks,
Berny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2018 10:29 PM
I hope this helps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2018 03:20 PM
Berny,
Thanks so much for your reply. I checked my user and it does have an active role which has the encryption context set on it. So I think I'm good as far as the instructions in that article.
I'm making the PUT request to: _https://myportal.service-now.com/api/now/table/incident/6b45f31a13634740a990b86f3zzzzzze?sysparm_dis...
and passing JSON:
{
"u_my_field": "test 1 2 3"
}
The request returns no error and the result is that it just clears the value of the field to a blank value. Interestingly, as soon as the form auto-updates from the PUT, the value does show in the field, but it doesn't persist. As soon as form is loaded again you can see that the value is gone. Also after that when I hover over the little lock icon, it just says "encrypted" instead of the name of the encryption context (it says the name of the encryption context when I save through the User interface -- all works fine in the user interface using the same user). Note also that I can succesfully do a GET to read the encrypted value in plain-text using the API with my user (via sysparm_display_value=true)
Did I make some kind of mistake in the request or JSON in the PUT request ? Thanks again!
