Rest API to get token

maryc
Tera Contributor

‎06-12-2015 11:17 AM

Hi,

Is there a REST API to get auth token for basic authentication and reuse that token for subsequent request? Is this kind of design supported in Servicenow REST API?

0 Helpfuls
  • 17,252 Views
3 REPLIES 3

tony_barratt
ServiceNow Employee
ServiceNow Employee

‎06-12-2015 02:00 PM

Hi Mary,



There is some info below which answers some or maybe all of your question



Any questions arising?



Best Regards



Tony



.



REST API - ServiceNow Wiki


..


6 Security

By default, the REST API is required to authenticate using basic authentication for enforcing access controls to web resources. The user ID that is used for authentication is subject to access control in the same way as an interactive user. Each request requires the proper authentication information. There is no support for mutual authentication.


REST supports cookies for binding to the existing session.


6.1 OAuth with REST

Using OAuth, you can pass a user ID and password once, and then use a token for subsequent REST requests instead of submitting credentials with each request. In this way, OAuth can improve system security by reducing the number of times you submit user credentials. You can use OAuth to authenticate REST requests starting with the Fuji release. You must enable the OAuth plugin to use this functionality.


  1. Generate an OAuth token.
  2. Record the client_id and client_secret values from the OAuth token to use when sending a request.
  3. Use your REST client to send a request to the OAuth endpoint (oauth_token.do) to get an access token.
  4. Submit the access token with subsequent REST requests.

..



     


0 Helpfuls

tovvenki
Kilo Explorer
In response to tony_barratt

‎07-09-2015 01:22 AM

Hi Mary,



Are you able to generate token using the rest api calls.


I was using the demoxxx instances but always is getting the 401 :Unauthorised error response.



any help will be appreciated.



Thanks in advance,


Venki


0 Helpfuls

cwilkerbb
Giga Expert
In response to tovvenki

‎07-22-2015 07:31 AM

Most likely the 401 is correct and you'll see the nonce in the REST return.   I believe you can pick that apart and you'll have your token.   I haven't had to go beyond that as we found a solution before I had to consume the token and send it back.   I'm sure you could pick apart the return message and set it as a property.   That would make it "permanent" until you tried to get another token.



-Chris


0 Helpfuls