Rest API to get token
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-12-2015 11:17 AM
Hi,
Is there a REST API to get auth token for basic authentication and reuse that token for subsequent request? Is this kind of design supported in Servicenow REST API?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-12-2015 02:00 PM
Hi Mary,
There is some info below which answers some or maybe all of your question
Any questions arising?
Best Regards
Tony
.
..
6 Security
By default, the REST API is required to authenticate using basic authentication for enforcing access controls to web resources. The user ID that is used for authentication is subject to access control in the same way as an interactive user. Each request requires the proper authentication information. There is no support for mutual authentication.
REST supports cookies for binding to the existing session.
6.1 OAuth with REST
Using OAuth, you can pass a user ID and password once, and then use a token for subsequent REST requests instead of submitting credentials with each request. In this way, OAuth can improve system security by reducing the number of times you submit user credentials. You can use OAuth to authenticate REST requests starting with the Fuji release. You must enable the OAuth plugin to use this functionality.
- Generate an OAuth token.
- Record the client_id and client_secret values from the OAuth token to use when sending a request.
- Use your REST client to send a request to the OAuth endpoint (oauth_token.do) to get an access token.
- Submit the access token with subsequent REST requests.
..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-09-2015 01:22 AM
Hi Mary,
Are you able to generate token using the rest api calls.
I was using the demoxxx instances but always is getting the 401 :Unauthorised error response.
any help will be appreciated.
Thanks in advance,
Venki
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-22-2015 07:31 AM
Most likely the 401 is correct and you'll see the nonce in the REST return. I believe you can pick that apart and you'll have your token. I haven't had to go beyond that as we found a solution before I had to consume the token and send it back. I'm sure you could pick apart the return message and set it as a property. That would make it "permanent" until you tried to get another token.
-Chris