How to auto-notify stakeholders before integration client credentials expire?

NOW_seeker · ‎11-06-2025

Hi all,

I need to automate credential expiry notifications for our SAM Pro integrations (OAuth, Connection & Credential Aliases, etc.).

Goal: Detect credentials expiring within 30 days and automatically:

Email mapped stakeholders
Create a tracking task
(Ideally) test connection post-update

My plan: A scheduled Flow Designer flow that checks a small registry table with integration name, credential alias, expiry date, and owner.

Questions:

Is there an OOTB feature or best practice for this?
Where does ServiceNow normally store expiry_date for OAuth or aliases?
Has anyone built this before and could share a step-by-step outline or lessons learned?

Thanks in advance for any guidance or examples!

Corina Toma · ‎11-10-2025

Hello,

Here are some best practices and partial solutions you can build upon:

Flow Designer with Scheduled Triggers: This is the recommended approach for automating expiry checks and notifications.

Event-based notifications: You can create custom events like oauth_token.expiring and trigger them via Business Rules or Scheduled Jobs. This is documented in KB1287122.

OAuth Credentials: Stored in the oauth_credential table.

I hope this answers some of your questions.

Sr. Data Analyst | Bucharest
ServiceNow Enthusiast & Advocate

iamkurt · ‎11-10-2025

@Corina Toma - I appreciate your efforts to explain however my question still remains unanswered. I am not looking to find expiry token, but "client secret".

Token and client secret are 2 different things.

I see most of the readers of my question quickly jump to conclusion and try to answer from a token perspective.

Check out this question and user stevemac 's comment.

We are talking about the same thing.

https://www.servicenow.com/community/developer-forum/managing-oauth-client-secret-expiry/m-p/2731568