How to build the connection between oauth authentication and scripted Rest API

Go to solution
Ramanjaneyulu
Tera Contributor

‎02-21-2024 06:09 AM

When we are working on inbound integration we build the scripted Rest API.

Is there any ServiceNow existing relation between oauth authentication between scripted Rest API?
I did not see any direct relation to point the oauth authentication from scripted rest api.
How to build the connection between oauth authentication and scripted Rest API?

example :
If third party application team hit the oauth endpoint they will get token and the same token they will use in the header and trigger the main endpoint with payload.

I am doubting if thirdpty team does not follow the process if they are trying hit main endpoint by using basic credentials ( which will provide to access the token api) without token.
even though the ServiceNow is allowed for operation from scripted rest API.

I know there are some ACL's available in scripted REST API but, that will only can be restricted by role base.
It can't check if the inbound call is using token or not.


Appreciate for your response:)

Thanks & Regards,

Ramanjaneyulu.

0 Helpfuls
  • 1,486 Views
2 ACCEPTED SOLUTIONS

Go to solution
Ademir Amaral1
Kilo Sage

‎02-21-2024 11:07 AM

Hi @Ramanjaneyulu 

Take a look at this video, it helped me a lot:
https://www.youtube.com/watch?v=gqqA99rKBJU

View solution in original post

ServiceNow Scripted REST APIs: Part 16 - OAuth 2.0
ServiceNow Scripted REST APIs: Part 16 - OAuth 2.0
youtube.com/watch?v=gqqA99rKBJU
Using basic authentication - providing your account credentials with every request - is inherently insecure. In this video we look at how to enable authentication to our API using OAuth, that is, using temporary access tokens. This video demonstrates only one authentication flow for issuing access
0 Helpfuls

Go to solution
Randheer Singh
ServiceNow Employee
ServiceNow Employee

‎02-21-2024 06:40 PM

Hi @Ramanjaneyulu , 

You should use the REST API access policy and REST API Auth scope feature. Jason's Video on this topic is an excellent resource for learning about it.

 

Thanks,

Randheer

View solution in original post

0 Helpfuls
4 REPLIES 4

Go to solution
Ademir Amaral1
Kilo Sage

‎02-21-2024 11:07 AM

Hi @Ramanjaneyulu 

Take a look at this video, it helped me a lot:
https://www.youtube.com/watch?v=gqqA99rKBJU

ServiceNow Scripted REST APIs: Part 16 - OAuth 2.0
ServiceNow Scripted REST APIs: Part 16 - OAuth 2.0
youtube.com/watch?v=gqqA99rKBJU
Using basic authentication - providing your account credentials with every request - is inherently insecure. In this video we look at how to enable authentication to our API using OAuth, that is, using temporary access tokens. This video demonstrates only one authentication flow for issuing access
0 Helpfuls

Go to solution
Ramanjaneyulu
Tera Contributor
In response to Ademir Amaral1

‎02-22-2024 03:57 AM

Hi Ademir,

Thanks a lot for your response!!!

Yeah you are these the YouTube link are very useful.

 

Just wanted to correct link address.

For my question it would be applicable for part 17.

https://youtu.be/W7VgnaVFmOw?si=GiQULLFnMEvVGPvu

 

0 Helpfuls

Go to solution
Randheer Singh
ServiceNow Employee
ServiceNow Employee

‎02-21-2024 06:40 PM

Hi @Ramanjaneyulu , 

You should use the REST API access policy and REST API Auth scope feature. Jason's Video on this topic is an excellent resource for learning about it.

 

Thanks,

Randheer

0 Helpfuls

Go to solution
Ramanjaneyulu
Tera Contributor
In response to Randheer Singh

‎02-22-2024 03:59 AM

Hi @Randheer Singh 

Thanks a lot for quick response.

Really appreciated 🙂

0 Helpfuls