- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
I had recently written an integration between service-now and one of our in-house project management tools. The purpose of this integration was to pull in funding data.
We got to the point where we needed to secure it. My only option was to use OAUTH Tokens, as that is the way the REST services which I were consuming were configured to allow for security.
I already had an end point set up that worked well. I had set up the end point, and then specifically the 'get' function of the REST Message. After speaking with the architects who developed the REST endpoint which I was consuming, they said it was simple to authenticate. All I needed to do was to, in the REST Message Header, pass the phrase: "Authentication : Bearer <token>" where token was generated at the time of the call.
To get the token, I had to make another REST call to the endpoint which generated the token. So now I had two endpoints.
- REST Message to grab the token:
- Name: Get Token
- REST endpoint: <Endpoint of the token generator>
- Use basic auth: <blank>
- REST Message Headers: <blank>
- REST Message Functions:
- post
- REST endpoint: <Endpoint of the token generator>
- Use basic auth: <blank>
- Lock: <blank>
- Use MID Server: <Mid-server I'm using>
- REST Message Function Headers
- Name: Content-Type
- Value: application/json
- Content: {"username":"<user>","password":"<password>"}
- post
- REST Message to actually pull the data in:
- Name: Get Data
- REST endpoint: <Endpoint of the data pull>
- Use basic auth: <blank>
- REST Message Headers: <blank>
- REST Message Functions:
- get
- REST endpoint: <Endpoint of the data pull>
- Use basic auth: <blank>
- Lock: <blank>
- Use MID server: <Mid-server I'm using>
- REST Message function headers
- Name: Authorization
- Value: ${token}
- get
Now that I have my endpoints worked out, it's time to set up the code. I was using a scheduled job to do a batch pull every morning of the data.
First, you need to create a function which will return the token when called:
function getToken(){
var r = new RESTMessage('Get Token', 'post');
var response = r.execute();
var k = 1;
while (response == null){
response = r.getResponse(1000);
k++;
if (k>60){
gs.log("Failed to get token in a timely manner.");
return;
}
}
var jsonString = response.getBody();
var parser = new JSONParser();
var parsed = parser.parse(jsonString);
var token = parsed.data.access_token;
return ("Bearer " + token);
}
Now once we have a nice function set up to easily return a token, we can simply do our normal REST call, making sure to pass in the token:
function updateData(pplCode){
var token = getToken();
var r = new RESTMessage('Get Data', 'get');
r.setStringParameter('num', pplCode);
r.setStringParameter('token', token); //here is where you pass the token
var response = r.execute();
var k = 1;
while (response == null){
response = r.getResponse(1000);
k++;
if (k>60){
gs.log('Data Loader ran too long trying to pull back data for: ' + pplCode);
return;
}
}
var jsonString = response.getBody();
var parser = new JSONParser();
var parsed = parser.parse(jsonString);
var arg1 = parsed.data[0].firstField;
var arg2 = parsed.data[0].secondField;
}
Now we are able to generate a token based off of a service account, then use that token in the next REST call. I set up my code to generate a new token each time, and then use that token whenever it needs to do the next REST call.
- 9,972 Views
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
