Re: How to get access token by using OAuth configu...

Rajesh Chopade1 · ‎02-17-2025

Once you attach the OAuth Profile to the REST Message, ServiceNow will automatically manage the OAuth token for you, including:

Fetching the access token from the OAuth provider.
Refreshing the token when it expires (if the OAuth provider supports refresh tokens).
Including the token in the Authorization header for every REST call made using this REST Message.

You don’t need to manually pass the Authorization header in each API call. ServiceNow will handle that for you based on the OAuth Profile configuration.

KM SN · ‎02-18-2025

Obviously, I need to call the Rest message either from flow/BR or from Script include/Sjob so in this case if I don't want to send Authorization parameter every time when I make a call what is the configuration I need to be do in OAuth Profile Configuration.?

Rajesh Chopade1 · ‎02-18-2025

Create an OAuth Profile:

Navigate to: System OAuth > Application Registry. If you haven’t already created an OAuth Profile, you need to do so. This profile will store the OAuth credentials, such as the Client ID, Client Secret, and other authentication details.

OAuth provider details. (this info you can see when you going to create OAuth application registry)

Name: A unique name.
Client ID: Client ID of application registered in third-party OAuth server.
Client Secret: Client secret of application registered in third-party OAuth server.
Refresh Token Lifespan: Time in seconds the Refresh Token will be valid.
Authorization URL: OAuth Server's auth code flow endpoint. Required only for Authorization Code grant type.
Token URL: OAuth Server's token endpoint.
Token Revocation URL: OAuth Server's token revocation endpoint.
Redirect URL: OAuth callback endpoint. Leave it empty for auto-generation.

Attach the OAuth Profile to the REST Message:

Navigate to: System Web Services > Outbound > REST Message.
Either create a new REST Message or edit an existing one.
In the Authentication tab, under OAuth 2.0, select the OAuth Profile you created earlier. This links the REST message to the OAuth Profile, which will automatically handle token management for you.
Token Management: ServiceNow will automatically fetch, refresh, and append the access token to the Authorization header for all REST API calls made using this REST Message.

Using the REST Message in Scripts (Flow/BR/Script Include/Sjob): Once the OAuth Profile is linked to the REST Message, you can simply call the REST message from a Flow, Business Rule (BR), Script Include, or Scheduled Job.

You do not need to manually pass the Authorization header in your API calls anymore.

Also you can refer following links for same :
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0693451

https://www.servicenow.com/docs/de-DE/bundle/vancouver-api-reference/page/integrate/outbound-rest/ta...

View solution in original post

KM SN · ‎02-19-2025

People keep on saying I need to pass the authentication header if I am calling the Rest Message inside the script. (Despite saying I have opted OAuth and attached OAuth Profile.).

This made me to find the script for getting access token and pass it as an authorization header.

But after this Answer Using the REST Message in Scripts (Flow/BR/Script Include/Sjob): Once the OAuth Profile is linked to the REST Message, you can simply call the REST message from a Flow, Business Rule (BR), Script Include, or Scheduled Job.

You do not need to manually pass the Authorization header in your API calls anymore.

I did check with background script, and I am able to hit the http method and getting back response and body just with calling the Rest Message.

Thank you....&... thank you very much for it!!

AbhirupD · ‎04-17-2025

Hi @Rajesh Chopade1

Do I need to pass Header as Authorization: Bearer <token> in REST Message call after getting Bearer Token from GetToken or it will be automatically taken care?