use X-UserToken instead of credentials in REST API Calls

Hamza Berouil2
Tera Guru

‎09-15-2017 02:57 AM

Hi all,

I was thinking that X-UserToken can be used instead of using credentials in REST calls.

Let me elaborate, we need to implement an interface with 3rd party application (a portal where users can have access to their incidents).

Users log into the portal through SSO (the same is used for ServiceNow).

The issue they may not have an existing session in ServiceNow so they don't have existing cookies that could be reused for the REST calls an those users don't have password that can be use as credentials for

So we thought maybe we can retrieve a token trough the API GideSession (gs.getSessionToken()) and then reuse it in the X-UserToken header.

Before that, I wanted to make sure X-UserToken can replace credentials, but I still unable to succeed this test.

I am using SoapUI for my test, first I generate a X-UserToken value (through REST API Explorer).

find_real_file.png

copy/paste this value in Soap UI as follow and I put nothing in Username/password properties :

find_real_file.png

As you can see I get a failure status with the error "User Not Authenticated"

What's wrong with my test ? I tought that X-User

Thank's guy

Preview file
39 KB
Preview file
187 KB
0 Helpfuls
  • 21,158 Views
15 REPLIES 15

Asbj_rn
Mega Expert
In response to Community Alums

‎10-19-2020 03:46 AM

Hi, the premis do not really apply to server side scripting.

In order execute server side you would need to signed in. The user context is then fully managed by ServiceNow depending on where and how you implemented the code. 

This would only apply if you try to reuse credentials from outside ServiceNow.

 

0 Helpfuls