REST API: Request Token without sending user/password in the Request Body

Go to solution
SN Emy
Tera Guru

‎01-11-2023 08:44 PM

Hey everyone,

I can't figure out the best way to pass the user/password to this post request. Has anyone done this before? The API works just fine when I pass the user/password on the Request body, but I am pretty sure this is not the best way to do this  -  

 

POST https://{appl}/rest/login-sessionsX-Api-Version: 1000
{
    "password":"mypassword",
    "userName":"administrator",
    "loginMsgAck":"true"
}

 

Thanks,

0 Helpfuls
  • 1,955 Views
1 ACCEPTED SOLUTION

Go to solution
Richard Hine
Tera Guru
Tera Guru

‎01-12-2023 01:49 PM

SN Emy,

 

You can pass the username and password in an Authorization header, you concatenate them with a colon between and then base64 encode them before putting it into the header in the form

 

'Authorization' : 'Basic <base64encodedString>'

 

For example if the username is scott, password is tiger, you would then concatenate them to scott:tiger and base64 encode that for the basic authorization header.

 

Perhaps if you can advise what API you are sending to we can offer further advice.

 

Hope this helps,

Richard

View solution in original post

3 REPLIES 3

Go to solution
jaheerhattiwale
Mega Sage
Mega Sage

‎01-11-2023 09:47 PM

@SN Emy You can create basic auth profile. please check below link.

 

https://docs.servicenow.com/bundle/rome-application-development/page/integrate/outbound-rest/task/t_...

 

Please mark as correct answer if this solves your issue.

Please mark the answer as correct or helpful based on impact
ServiceNow Community Rising Star, Class of 2023
0 Helpfuls

Go to solution
SN Emy
Tera Guru
In response to jaheerhattiwale

‎01-11-2023 09:53 PM

POST https://{appl}/rest/login-sessions

X-Api-Version: 1000
{
    "password":"mypassword",
    "userName":"administrator",
    "loginMsgAck":"true"
}

This 3rd party API requires the user/pwd to be sent on the request body. When I try with basic authentication only I keep getting an error 

Method failed: (/rest/login-sessions) with code: 400

{"errorCode":"INVALID_ARGUMENT_ERROR","message":"Invalid argument error.","recommendedActions":["Please supply a valid argument and try again."],"details":"","errorSource":null,"nestedErrors":[],"data":[],"canForce":false}

0 Helpfuls

Go to solution
Richard Hine
Tera Guru
Tera Guru

‎01-12-2023 01:49 PM

SN Emy,

 

You can pass the username and password in an Authorization header, you concatenate them with a colon between and then base64 encode them before putting it into the header in the form

 

'Authorization' : 'Basic <base64encodedString>'

 

For example if the username is scott, password is tiger, you would then concatenate them to scott:tiger and base64 encode that for the basic authorization header.

 

Perhaps if you can advise what API you are sending to we can offer further advice.

 

Hope this helps,

Richard