@dd31, Ok. I achieved that also without using UserID and Password.
Step 1)
All that you need to do is, in your Target Instance from where you got your Client ID and Secret, ensure the "Default Grant type" is set to "Client Credentials" and "OAuth Application User" as your Rest User profile with right level of API access/roles. Like example below.
I gave my Rest User service account "snc_platform_rest_api_access" role. It allows access to Rest APIs:
- Table API
- Import Set API
- Aggregate API
- Attachment API
Step 2) In your source instance, from where you're calling the target instance for Token(s), ensure to set "Grant type" in your OAuth Entity Profile as "Client Credentials".
Save the record and go to your REST Message record and click on "Get OAuth Token" related link. It will auto fetch the "Access token" and "Refresh token".
I just tried and it worked for me!
Let me know if any issues.
Regards,
Vikas K
@dd31:
Here are the step by step guide on how you integrate with ServiceNow instance or any other 3rd party application.
I am not sure if you have created "OAuth Provider" record in your Instance A (caller). Since you have not mentioned I guess you've not.
That could be the missing part in your Instance A (caller) I believe.
Step 1) Create one "OAuth Provider" record in Application Registry as shown below in your Instance A (caller).. Pass in the following info that you got from your Instance B (target):
a) Client ID
b) Secret
c) Token URL - https://<Instance B (target)>.service-now.com/oauth_token.do
d) Redirect URL - https://<Instance A (caller)>.service-now.com/oauth_redirect.do
Redirect URL will be your Instance A (caller) URL. It gets auto populated. Don't change it. Rest of the fields are defaults, leave them as they are. Above 4 details are enough to start.
One more thing, as soon as you save the "OAuth Provider" record in Application Registry, it will automatically create one "Default OAuth Entity Profile". This record will be used in REST Message to call the "OAuth Provider" record in Application Registry to trigger your OAuth and generate your token. See step 2.
2) Create a REST Message record and add the details as mentioned for example. Type in your Endpoint : https:// Instance B (target).service-now.com.
Select Authentication type as OAuth 2.0 and select the Profile Entity profile from Step 1.
3) Next, save the record and click on "Get OAuth Token" in the related link. It will show you the Pop Up window to Authenticate first time as you don't have your Access Token and Refresh Token yet. (Mentioned in the REST Message record info message on top).
4) You would need a "UserID" and "Password" from Instance B (target) with right API permissions (Roles) assigned to it to get you first Access Token and Refresh Token and click on "Get OAuth Token". If all goes well you will see a successful message in green and Access Token/Refresh Token will get saved in Manage Token table.
You should NEVER hard-code or create any Property to save these Tokens, Client ID's and Secrets because ServiceNow has already created the required feature and functionalities to assist you with these things with low code and secure your platform with right security posture.
After the Tokens are granted they will live in Manage Token table. Like example below.
And finally your script will look like below. Change or adjust variables as per your use case. I am just pasting the example script.
try {
var r = new sn_ws.RESTMessageV2('GetUserInfo', 'Default GET'); // Replace REST Message name "GetUserInfo" and Method Name "Default GET" with whatever name you have given in REST Message record.
//override authentication profile
var authentication_type = 'oauth2';
r.setAuthenticationProfile(authentication_type, "125ce63ce4001410f877ce457cda6b55"); // SysID of your OAuth Entity Profile
//set a MID server name if one wants to run the message on MID
//r.setMIDServer('MY_MID_SERVER');
//if the message is configured to communicate through ECC queue, either
//by setting a MID server or calling executeAsync, one needs to set skip_sensor
//to true. Otherwise, one may get an intermittent error that the response body is null
//r.setEccParameter('skip_sensor', true);
var response = r.execute();
var responseBody = response.getBody();
var httpStatus = response.getStatusCode();
gs.info("httpStatus : " + httpStatus);
} catch (ex) {
var message = ex.message;
}You can get this script from the related method records related link called "Preview Script Usage". See snip below.
Status Code 200 meaning we are good to proceed with other methods to either GET any other info from that API or POST/PATCH/PUT/DELETE as per use case and access provided on that API.
These are the steps to integrate between 2 ServiceNow instances.
Hope this helps.
Let me know if it worked.
Regards,
Vikas K
@dd31, Ok. I achieved that also without using UserID and Password.
Step 1)
All that you need to do is, in your Target Instance from where you got your Client ID and Secret, ensure the "Default Grant type" is set to "Client Credentials" and "OAuth Application User" as your Rest User profile with right level of API access/roles. Like example below.
I gave my Rest User service account "snc_platform_rest_api_access" role. It allows access to Rest APIs:
- Table API
- Import Set API
- Aggregate API
- Attachment API
Step 2) In your source instance, from where you're calling the target instance for Token(s), ensure to set "Grant type" in your OAuth Entity Profile as "Client Credentials".
Save the record and go to your REST Message record and click on "Get OAuth Token" related link. It will auto fetch the "Access token" and "Refresh token".
I just tried and it worked for me!
Let me know if any issues.
Regards,
Vikas K
