How to generate oauth token with grant type=client_credentials in service now
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-01-2025 09:15 PM
How to generate oauth token with grant type=client_credentials in service now, When I tried with System Oauth-> Application registery -> New -> w/o redirecting url . Still when I make curl post with grant_type=client_credentials and respective client Id ,secret it throws 401 unauthorized error, but when I tried with grant_type=password and username,password along with client id,secret I can able to generate bearer token. I want to generate with grant_type=client credentials.
Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-02-2025 10:49 AM
Hi @ChethanB4037292 ,
Please read this articles. Based on the information provided I made it work: https://sapphirenow.dev/post/oauth-part-2/ and https://sapphirenow.dev/post/wdc-oauth-part-1/
If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.
Best regards
Anders
Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-02-2025 11:13 AM
Steps
Install required plugins
Ensure these are active: OAuth 2.0 (com.snc.platform.security.oauth), REST API Provider (com.glide.rest), Authentication Scope (com.glide.auth.scope), REST API Auth Scope Plugin (com.glide.rest.auth.scope) (ServiceNow).
Enable Client Credentials grant
In System Properties (sys_properties.list), create/update:
Name: glide.oauth.inbound.client.credential.grant_type.enabled Type: true|false Value: true
Default = false; must be true to allow this flow (ServiceNow).
Create OAuth client registry entry
Navigate to System OAuth > Application Registry > New
Select Create an OAuth API endpoint for external clients, fill Name, Client ID/Secret (redirect URLs optional), and save (ServiceNow).
Add & set OAuth Application User
On the registry form: Configure → Form Layout, add OAuth Application User (reference sys_user), save.
Populate with an active user having required roles (e.g. admin) (ServiceNow Support).
Request the token
curl -X POST "https://<instance>.service-now.com/oauth_token.do" \ -H "Authorization: Basic $(echo -n '<CLIENT_ID>:<CLIENT_SECRET>' | base64)" \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "grant_type=client_credentials"
– returns JSON { "access_token":"…","token_type":"Bearer","expires_in":… } (ServiceNow).
Troubleshooting
401 Unauthorized → verify the system property is true and OAuth Application User is set/active (ServiceNow Support).
Scopes → optionally include &scope=<scope1> <scope2> in the POST body if you’ve defined API Auth Scopes.
Sources
Up your OAuth2.0 Game in Washington DC with Inbound Client Credentials, ServiceNow Community Blog – plugin & registry setup (1.2 yrs) (ServiceNow)
Create the Client Credentials system property, ServiceNow Docs – how to enable glide.oauth.inbound.client.credential.grant_type.enabled (1.3 yrs) (ServiceNow)
Client Credentials grant type for Inbound OAuth is supported, ServiceNow KB KB1645212 – confirms need for OAuth Application User (11 mos) (ServiceNow Support)
SOLVED: OAuth 2.0 Access Denied, ServiceNow Community – curl example using grant_type=client_credentials (7 mos) (ServiceNow)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-03-2025 04:16 AM
Hi @AndersBGS , nice it was very helpful thanks!!!
One more query I have, how to validate the oauth bearer token recieving from external system in service now, I tried with enable require authentication for scripted rest api but it always says 401 even I pass with valid oauth bearer token (Authorization: Bearer {token}) in header.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-03-2025 04:17 AM
Hi @_ukasz Rybicki ,
thanks for the help really appreciate that.!!!
One more query I have, how to validate the oauth bearer token recieving from external system in service now, I tried with enable require authentication for scripted rest api but it always says 401 even I pass with valid oauth bearer token (Authorization: Bearer {token}) in heade