201 response to inbound web service POST (ACL question)

Go to solution
petercawdron
Kilo Guru

‎09-07-2016 05:54 PM

Hi,

This question relates to another community question, inbound rest without authentication

I have an unauthenticated inbound REST web service (POST) that was previously getting 403 (not authorized). At the suggestion of another community member, I've...

  • turned on public pages for this particular inbound transform table
  • added the originating domain to CORS
  • set up a generic ACL for table.* write and table.* create

Now the POST returns a 201 and inserts a blank row.

  • If I use the REST API Explorer, I can insert a row successfully (200 response).
  • If I put the sample javascript code produced by the REST API Explorer into a UI Action (testing from within ServiceNow), I can insert a row successfully (200 response).
  • If I put the sample javascript code in JSfiddle (testing from outside ServiceNow), a blank row is inserted with a 201 response (replicating what I'm seeing with the actual service)

I think the problem lies with ACLs on the transform table the REST service is inserting its data into, but I'm not sure.

Does anyone have any ideas?

0 Helpfuls
  • 3,738 Views
1 ACCEPTED SOLUTION

Go to solution
petercawdron
Kilo Guru
In response to Geoffrey2

‎09-07-2016 08:41 PM

Geoffrey,



Yes, the row is always blank.



A colleague of mine has just pointed out that a scripted web service avoids this problem entirely, so I've been able to implement this using that approach and will mark this closed.



Thanks for your help.



Cheers,


Peter


View solution in original post

0 Helpfuls
5 REPLIES 5

Go to solution
Geoffrey2
ServiceNow Employee
ServiceNow Employee

‎09-07-2016 06:10 PM

I'm not sure what the problem is you're having.   200 and 201 are both success responses. 200 means "OK" and 201 means "OK Created". When you're doing a POST you would normally expect a 201 response.   Is the issue that the row is always blank?   What does the incoming package look like?


Go to solution
petercawdron
Kilo Guru
In response to Geoffrey2

‎09-07-2016 06:57 PM

Geoffrey,



Yes, the problem is there's no content. The incoming package is simple JSON



{"content":"my content","status":"successful","messageId":"123ABC"}



  • If I run this exact combination from the API Explorer, a row & data insert correctly with response 200
  • If I use the sample javascript created by the API Explorer in a UI Action (ie, testing from inside ServiceNow), the row & data insert correctly with response 200
  • If I use the exact same javascript from jsFiddle (testing from outside ServiceNow)
  • ......nothing is inserted if there are no ACLs on the table, and the error is "403 failed due to security constraints"
  • ......if basic ACLs are in place, a blank row is inserted with response 201 (no data is added)


As you can see, the problem is not the inbound POST or the transform as they work fine. The problem seems to be related to ACLs not liking the unauthenticated post coming in from an external source.



Please note, the user is "guest" as it is unauthenticated.



The ACLs I set up are very simple


  • Type = record
  • Operation = create (and another for write)
  • Name = table name with "-- None --" (and another for *)


I've tried adding individual fields, but that doesn't work either.


0 Helpfuls

Go to solution
Geoffrey2
ServiceNow Employee
ServiceNow Employee
In response to petercawdron

‎09-07-2016 08:32 PM

Have you reviewed the write ACL's? I'm not sure if they matter on an insert, but since you can create a record with no content.... It might be worth looking at.


0 Helpfuls

Go to solution
petercawdron
Kilo Guru
In response to Geoffrey2

‎09-07-2016 08:41 PM

Geoffrey,



Yes, the row is always blank.



A colleague of mine has just pointed out that a scripted web service avoids this problem entirely, so I've been able to implement this using that approach and will mark this closed.



Thanks for your help.



Cheers,


Peter


0 Helpfuls