Bi-directional Incident Integration Between Two ServiceNow Instances Using OAuth

Go to solution
Mahalakshmi Rav
Tera Contributor

3 weeks ago

Hi all,

I have a requirement where I need to showcase bi-directional integration between two ServiceNow instances (let’s call them PDI A and PDI B) for the Incident table.

Whenever an incident is created, updated or deleted in one instance, it should automatically reflect in the other instance PDI A to PDI B, and vice versa so changes in PDI B should also sync back to PDI A.

I want to use OAuth 2.0 for authentication instead of basic auth and that's the main requirement here.

Steps which i executed:
1. So far, I have created an OAuth profile in Instance B (as an OAuth client) and created one integration user with the necessary roles and web service access is enabled.

MahalakshmiRav_0-1778705510736.png

MahalakshmiRav_1-1778705628125.png

 

2. In Instance A, I created an OAuth provider profile using the same client ID and secret, set up a REST message and successfully generated an OAuth token. I then created a POST method, but when I try to test 'Create INC http', it’s throwing an error.

MahalakshmiRav_3-1778705898389.pngMahalakshmiRav_4-1778705992449.png

 

MahalakshmiRav_6-1778706102000.pngMahalakshmiRav_7-1778706120524.png

 

I’m not sure what went wrong, can someone please advise?

 

Thanks!

 

0 Helpfuls
  • 1,212 Views
1 ACCEPTED SOLUTION

Go to solution
Ankur Bawiskar
Tera Patron

3 weeks ago

@Mahalakshmi Rav 

Refer below link for step by step instructions

ServiceNow to ServiceNow Integration using REST API and PUSH and PUT methods with Business Rule 

You can also explore on Ebonding Spoke with less scripting

ServiceNow eBonding spoke 

Refer the below link which has the approach with example shared by me.

Integration hub ebonding spoke 

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

11 REPLIES 11

Go to solution
Priyanka64
Tera Contributor

3 weeks ago

Hello @Mahalakshmi Rav 

 

The error in your last screenshot is the key clue: “OAuth token request failed: Illegal token failed with code 400 – Forbidden username password combo” - This indicates that the OAuth token generation itself is failing before the REST API call is executed. Please validate the integration user credentials and ensure the user is active with the required roles assigned.

 

To validate the credentials:

Temporarily uncheck the Web service access only option on the integration user.
Open the instance in an incognito window and log in using the integration user credentials.
Once logged in, verify that the user can access the Incident table and create a new record.
After validation, re-enable the Web service access only checkbox for the user and test the integration again.


If this helps, kindly mark the answer as helpful/correct.

 

Thanks,

Priyanka

Go to solution
Mahalakshmi Rav
Tera Contributor
In response to Priyanka64

3 weeks ago

Hi @Priyanka64 , I tried your steps and the integration user can create the incident record and I'm still getting the same 403 error. But do we have to link the integration user anywhere to the oAuth profile?

0 Helpfuls

Go to solution
Tanushree Maiti
Tera Patron

3 weeks ago

Hi @Mahalakshmi Rav 

 

Check and confirm whether in your instance Explicit Roles plugin is enabled. If the glide.security.use_explicit_roles plugin is active, users may need the snc_internal role to pass basic ACLs.

If yes , follow these KB.

refer KB: KB2217023 Users facing "403: You do not have permission to access this page" when trying to access/n... 

KB2466644 Intermittent 403 Error When Sending API Requests to ServiceNow Instance 

 

2. An access token with a READ scope will fail with a 403 if it attempts a POST or DELETE operation.

    Refer: Limit the access granted to an OAuth client by using REST API authentication scopes.

 

3.  If the integration works initially but fails later, the access token may have expired without a proper refresh.

     add scope "offline_access" .  Check the Refresh token status from mange token in the application navigator.

 

4. Ensure the integration user has roles like rest_service and table-specific roles . Check ACL role on specific table and make sure user having that role.

 

Refer:KB0720934 Forbidden Username/password Combo error with Outbound Rest Call 

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti

Go to solution
adilalee200
Tera Contributor
In response to Tanushree Maiti

Wednesday

adilalee200_0-1780495899226.png

adilalee200_1-1780495954282.png

adilalee200_2-1780496056870.pngadilalee200_3-1780496101851.png

adilalee200_4-1780496165107.png

i'm also facing same issue

0 Helpfuls