I have an unusual request... I'm sending an outbound rest service using OAuth that works fine. In some circumstances, however, the third-party service provider sends an initial response with a unique ID, and then at a later point in time, sends a full response as a callback (ie, an inbound rest service in addition to the initial response). The problem is... from their perspective, I'm already authenticated so they don't provide any authentication in their response, but ServiceNow wants the inbound rest service to use either Basic Authentication or OAuth "by default" (but I couldn't figure out how to disable the default for a specific table).

Is there any way to allow inbound web services to a certain (transform) table without the need for security. I thought the CORS option might allow me to "trust" this particular domain, but it didn't work. I thought I could use a transform script to check the REST contents to ensure they're from the correct domain (to avoid fake posts from other domains).

At a high level...

Outbound REST using OAuth ===========>>> Third-Party

Outbound Response <<<================== Third-Party

...works fine, but at some point later...

Inbound REST without auth <<<============ Third-Party (simple response that doesn't have either OAuth or Basic Auth)

...and ServiceNow returns a 401 unauthorized response.

Anyone have any ideas