Rest API to get token

maryc
Tera Contributor

Hi,

Is there a REST API to get auth token for basic authentication and reuse that token for subsequent request? Is this kind of design supported in Servicenow REST API?

3 REPLIES 3

tony_barratt
ServiceNow Employee
ServiceNow Employee

Hi Mary,



There is some info below which answers some or maybe all of your question



Any questions arising?



Best Regards



Tony



.



REST API - ServiceNow Wiki


..


6 Security

By default, the REST API is required to authenticate using basic authentication for enforcing access controls to web resources. The user ID that is used for authentication is subject to access control in the same way as an interactive user. Each request requires the proper authentication information. There is no support for mutual authentication.


REST supports cookies for binding to the existing session.


6.1 OAuth with REST

Using OAuth, you can pass a user ID and password once, and then use a token for subsequent REST requests instead of submitting credentials with each request. In this way, OAuth can improve system security by reducing the number of times you submit user credentials. You can use OAuth to authenticate REST requests starting with the Fuji release. You must enable the OAuth plugin to use this functionality.


  1. Generate an OAuth token.
  2. Record the client_id and client_secret values from the OAuth token to use when sending a request.
  3. Use your REST client to send a request to the OAuth endpoint (oauth_token.do) to get an access token.
  4. Submit the access token with subsequent REST requests.

..



     


Hi Mary,



Are you able to generate token using the rest api calls.


I was using the demoxxx instances but always is getting the 401 :Unauthorised error response.



any help will be appreciated.



Thanks in advance,


Venki


Most likely the 401 is correct and you'll see the nonce in the REST return.   I believe you can pick that apart and you'll have your token.   I haven't had to go beyond that as we found a solution before I had to consume the token and send it back.   I'm sure you could pick apart the return message and set it as a property.   That would make it "permanent" until you tried to get another token.



-Chris