Third-Party Integration with ServiceNow - Best Practice

RodHill11 · ‎04-04-2025

Hi Community.

I was recently tasked with integrating a third-party application with our Servicenow instance. The use case is to create incidents in ServiceNow based on certain conditions. I've accomplished this setup many times in the past with other applications. We have always required the third-party application to pass username/password, clientid and client secret.

My question to the community is this: What is best practice for this use case? The requester is wanting to bypass using oauth, which I know is possible, but doing so would increase security risks.

Thanks.

Shivalika · ‎04-06-2025

Hello @RodHill11

If they are bypassing Oauth , are they using Basic Auth ?

These are the security concerns and reasons why we use "Oauth in place of Basic Auth and why its recommended"

Its taken from my linkedin post - https://www.linkedin.com/feed/update/urn:li:activity:7299697519624605696/

For these above reasons Oauth is recommended for third party integrations. Now if your client is fine with sending the credentials again and again and no issues with security "only password" offers, then its fine. As long as thye keep the password protected and fine it shouldn't cause much issues. Recommended is Oauth.

Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for the efforts and also move this questions from unsolved to solved bucket.

Regards,

Shivalika

My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194

My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY

View solution in original post

Shivalika · ‎04-06-2025

Hello @RodHill11

Thanks for marking my answer as helpful. Kindly accept solution as well. This will help me be recognized for my efforts in this platform and also move this question from unsolved to solved bucket.

Regards,

Shivalika

My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194

My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeE

View solution in original post

Shivalika · ‎04-06-2025

Hello @RodHill11

If they are bypassing Oauth , are they using Basic Auth ?

These are the security concerns and reasons why we use "Oauth in place of Basic Auth and why its recommended"

Its taken from my linkedin post - https://www.linkedin.com/feed/update/urn:li:activity:7299697519624605696/

For these above reasons Oauth is recommended for third party integrations. Now if your client is fine with sending the credentials again and again and no issues with security "only password" offers, then its fine. As long as thye keep the password protected and fine it shouldn't cause much issues. Recommended is Oauth.

Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for the efforts and also move this questions from unsolved to solved bucket.

Regards,

Shivalika

My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194

My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY

Ankur Bawiskar · ‎04-06-2025

@RodHill11

Hope you are doing good.

Did my reply answer your question?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Shivalika · ‎04-06-2025

Hello @RodHill11

Thanks for marking my answer as helpful. Kindly accept solution as well. This will help me be recognized for my efforts in this platform and also move this question from unsolved to solved bucket.

Regards,

Shivalika

My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194

My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeE

RodHill11 · ‎04-07-2025

Thank you all for your responses. They are extremely helpful.