How to automate the rotation of an API Key

dc20 · ‎02-11-2022

Does anyone know how to automate the rotation of API Key used for credentials?

Tony Chatfield1 · ‎02-14-2022

Apologies for not reading correctly,
If there is no OOB functionality to auto update your sys_alias record, then you should be able to use Glide.

If the key is renewed within a token renewal payload?
I would think it possible to use 'OAuthUtil' script extension to manage population of your updated key via 'postprocessAccessToken'

View solution in original post

Tony Chatfield1 · ‎02-11-2022

Hi, I utilize a scheduled job to renew token(s) which is set to repeat based on the tokens lifespan.
Then underpin this with an ECC queue retry policy that updates the token and the ECC payloads auth details if the ECC failure is auth related.

This works fine for an integration that is on a fixed schedule\cycle,
but an integration that is real-time\ad-hoc would require some additional control to ensure a 'race' condition was not entered via multiple messages.

dc20 · ‎02-14-2022

Thank you.

dc20 · ‎02-14-2022

How did you do the refresh, basically do a gliderecord update in the api key credential table?

Tony Chatfield1 · ‎02-14-2022

Hi, you do not need to directly query\alter the credentials table, as a token renewal will update the oauth credentials as part of its functionality.

Some guidance from SNC
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0823628