Credential Alias

VictorT2
Tera Contributor

‎03-05-2025 12:41 PM

Hello, my friends!


I have some doubts about how to create a Connection & Alias for this scenario.

I need to make a POST request to an API, passing a username and password. When I do this, I need to retrieve a token and then use it in other requests to execute actions.


I understand that I could create a Basic Connection and add an authentication step in each action. However, I would like to avoid duplicating this authentication and find a more efficient and intelligent approach.


Does anyone have any suggestions?

 

VictorT2_0-1741207119387.png

 

Labels:
0 Helpfuls
  • 859 Views
1 REPLY 1

maheshbingi
ServiceNow Employee
ServiceNow Employee

‎03-21-2025 02:23 PM

Based on the information provided, it appears that the API provider supports the OAuth framework and returns an access token by accepting a username and password. For such user-specific authentication scenarios, it is recommended to use the OAuth Authorization Code flow in ServiceNow to connect with the third-party API.

Here are the suggested steps:

  • Confirm with your third-party API provider whether they support the OAuth Authorization Code flow.
  • If supported, you can configure this flow in ServiceNow using the Connection & Credential (C&C) Framework with a Configuration Template.
  • If the API provider does not support Authorization Code flow, then you can consider using the Resource Owner Password Credentials (ROPC) flow, which allows you to obtain an access token in exchange for a username and password.

Note: While both flows allow ServiceNow to fetch and store tokens (which are automatically renewed when expired), the Authorization Code flow is the recommended approach, as it is more secure and aligns with best practices.

For a deeper understanding of OAuth flows in ServiceNow, refer to the following resources: