How to perform Mutual authentication for Scripted REST APIs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-15-2023 07:56 PM
While we are implementing a scripted REST API, can we implment authentication as Mutual Authentication?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-15-2023 09:07 PM
Dear @Rahul Bhor ,
For the scripted Rest api. you can generate the bearer token and shared with the external team to get access to the Servicenow apis,
Please see the below links to get more and if you are any issues, feel free to reach me.
- Kailas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-15-2023 09:40 PM
HI @Rahul Bhor ,
I trust you are doing great.
To implement Mutual Authentication, you need to perform the following steps:
Generate or obtain an SSL certificate for your ServiceNow instance. You can either generate a self-signed certificate or acquire a certificate from a trusted Certificate Authority (CA). Here is an example of generating a self-signed certificate using OpenSSL:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
Configure your ServiceNow instance to use the SSL certificate. You can do this by navigating to "System Security" > "SSL Certificates" and uploading the certificate and private key.
Create a Truststore containing the public key certificate(s) of the client(s) that will be accessing the scripted REST API.
Configure the scripted REST API to enforce Mutual Authentication. You can do this by adding the following code snippet at the beginning of your REST API script:
// Enforce Mutual Authentication
var truststore = 'my_truststore_name'; // Replace with your Truststore name
var trustedCertificate = 'client_certificate.crt'; // Replace with the client's public key certificate
gs.setProperty('glide.ssl.truststore', truststore);
gs.setProperty('glide.ssl.client.truststore_file', trustedCertificate);
This code sets the truststore and client truststore file properties to enable Mutual Authentication.
You can further enhance the security by validating the client's certificate in your REST API script. You can extract the client's certificate and perform validation checks to ensure its authenticity. Here's an example of extracting the client's certificate:
var certificate = request.getHeader('X-Client-Certificate');
// Perform validation checks on the certificate
Was this answer helpful?
Please consider marking it correct or helpful.
Your feedback helps us improve!
Thank you!
Regards,
Amit Gujrathi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-24-2025 12:42 PM
Hi @Amit Gujarathi , I have a similar requirement. From your solution, I see that we have to do the Certificate Validation at individual API level with custom script. Is there no other way which is inbulit with the servicenow platform that would do this validation? https://www.servicenow.com/community/service-management-forum/how-to-enable-mtls-for-inbound-rest-ap...
Please check the question I have posted regarding that and provide your suggestions on the same
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-15-2023 10:17 PM
• Mutual authentication is a process that allows both the client and the server to authenticate each other.
• It is used to ensure secure communication between two systems.
• To perform mutual authentication for Scripted REST APIs, you need to create a custom authentication script that will authenticate both the client and the server.
The script should include the following steps:
• Retrieve the username and password from the request
• Validate the username and password against a user store
• Generate a secure token
• Attach the token to the response
• Return the response with the token
For asking ServiceNow-related questions try this :
For a good and optimistic result, please visit this website. It uses a Chat Generative Pre-Trained Transformer ( GPT ) technology for solving ServiceNow-related issues.
Link - https://nowgpt.ai/
