- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2025 11:11 AM
Hi,
We have a business need to have an inbound REST integration from an external system that only supports passing credentials as basic auth.
I have set up a local web service user and set the psw. The user has the rest service role as well as ITIL to be able to read/write on Incident table.
When trying this from Postman I get ”401: UnAuthenticated (Request does not provide proper credentials.)”.
I don’t understand why I get this as I have checked and double checked the user id and psw.
We have other integrations set up and working but using OAuth or api keys. But Basic gives me the cold hand.
What have I missed? Do I need to activate anything or configure our SSO in some way so it allows local users? Or do I need a api policy etc set up for basic auth?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-22-2025 12:47 AM
So I found the issue and it was my own doing 🙂
I had put in a API policy allowing API key without understanding that I then also need to have a corresponding one for basic auth to not have that blocked.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2025 11:56 AM
I just found that CSRF settings might interfere with basic auth according to this article, https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0565021
I guess that could be it?
And unfortunately the external system (using a preconfigured connector) doesn’t support any configurations.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2025 12:14 PM
You have checked everything I can think of. I would check that the user does not have snc_external, then set up a simple scripted rest api and hit that instead, and see what happens.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-22-2025 12:47 AM
So I found the issue and it was my own doing 🙂
I had put in a API policy allowing API key without understanding that I then also need to have a corresponding one for basic auth to not have that blocked.