How to create Api with oauth so any other third party tool can consume

Debasis Pati · yesterday

Hello All,
I want to expose one api with one thirdpart tool but it should also have ouath as authenticaion method.

How i should create this?

Any idea @Ankur Bawiskar ?

Ankur Bawiskar · yesterday

@Debasis Pati

you are using GlideRecordSecure so it will evaluate ACL and ACL must be blocking the READ Access

Please use GlideRecord and it will work fine with Postman

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

View solution in original post

Ankur Bawiskar · yesterday

@Debasis Pati

You can create Scripted REST API and share it with 3rd party team

check my old blog on how to configure OAuth 2.0 within ServiceNow so that ServiceNow can be the provider and 3rd party will consume the Endpoint using OAuth 2.0 authentication

OAuth 2.0 with Inbound REST

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Debasis Pati · yesterday

Hello @Ankur Bawiskar ,
The blog was really nice and very well explained how we can fetch tokens but one thing how i can create one table api for example incident from there i should pass the number and access token then it should give the details of the incident.
How i should create this api and it should have the authorization now i am able ti fetch the refresh token and access token both but how i can fetch incident details how i should creating this api.

Deepak Shaerma · yesterday

hi @Debasis Pati

System Web Services > Scripted REST API

Name: Incident Fetcher (or whatever you prefer).
API ID: incident_fetcher

Scroll down to the Resources related list and click New.

Name: Get Incident by Number.
HTTP Method: GET.

Relative Path: /get_details

(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {

    // 1. Get the incident number from the query parameter
    // Example call: GET /api/x_scope/api_id/get_details?number=INC00001
    var incNumber = request.queryParams.number;

    // 2. Initialize the response object
    var result = {};

    if (!incNumber) {
        response.setStatus(400); // Bad Request
        return {
            "error": "Please provide an incident number parameter."
        };
    }

    // 3. Query the Incident table
    var grInc = new GlideRecord('incident');
    grInc.addQuery('number', incNumber);
    grInc.setLimit(1);
    grInc.query();

    if (grInc.next()) {
        // 4. Build your response object
        // You can choose exactly which fields to send back
        result.number = grInc.getValue('number');
        result.sys_id = grInc.getValue('sys_id');
        result.short_description = grInc.getValue('short_description');
        result.state = grInc.getDisplayValue('state'); // Use getDisplayValue for readable labels
        result.caller = grInc.getDisplayValue('caller_id');
        
        response.setBody(result);
        response.setStatus(200);
    } else {
        // 5. Handle case where incident is not found
        response.setStatus(404);
        return {
            "error": "Incident not found with number: " + incNumber
        };
    }

})(request, response);

Happy to help! ‌‌
To help others in the community find this solution, kindly mark this response as the Correct Answer ‌‌ and Helpful‌‌.
Warm Regards,
Deepak Sharma
Community Rising Star 2025

Debasis Pati · yesterday

Hello @Deepak Shaerma ,

There is no authentication used here to validate right i want to authenticate using oauth i have created the oauth aa Ankur shared the details.
I want to pass the refresh token along with the number so the authentication can be validated