Last Chance! Our Annual Community Survey Closes 3/29 | Win a $25 Gift Card!
Shape our community's future - Quick survey. Big impact. Participate Now!
05-05-2017 11:32 AM
Hello SNOW Communty!
My team and I have been trying to access information from our instance tables without passing usernames and password. According to the documentation, it seems that you need to pass username and password once, and using the refresh token, you can make subsequent calls without exposing user credentials.
What we would like to do however, is pass in only the client id and secret to access the instance information. We tried using POST to https://xxxx.service-now.com/oauth_token.do with headers grant_type=client_credentials, client_id=*******, and client_secret=********, but the access token sent back does not seem to authorize the GET call.
Any help is appreciated. Thanks!
Solved! Go to Solution.
05-10-2017 11:45 PM
Hi Daniel,
For OAuth to work for getting the access token username and password is required.
You can create a user with rest.user as username and give some password.
Give that user rest_explorer role and you can share these credentials to third party.
They can use the credentials to get the access token and then consume the actual API endpoint
Mark Correct if this solves your issue and also hit Like and Helpful if you find my response worthy based on the impact.
Thanks
Ankur
05-08-2017 12:32 AM
Hi Daniel,
First step in OAuth is getting the access token which requires a POST call to the following endpoint along with body parameters and then sending Authorization information with Bearer in actual API call.
Method - POST
Request Body Key values
Key | Value |
grant_type | password |
client_id | your client id |
client_secret | your client secret |
username | username with rest role |
password | password for that user |
2 Endpoint - https://instanceName.service-now.com/api/apiName
Method - POST/GET based on your API
Headers -
Key | Value |
Authorization | Bearer AccessToken |
Content-Type | application/json |
Mark Correct if this solves your issue and also hit Like and Helpful if you find my response worthy based on the impact.
Thanks
Ankur
05-10-2017 02:31 PM
Hi Ankur,
Thank you for your assistance with this. What we are looking for is a way to do this without the use of client credentials, but instead of a client secret and id. For example, for third party applications that do not have an account within ServiceNow, but need to be able to GET/POST into our ServiceNow tables.
05-10-2017 11:45 PM
Hi Daniel,
For OAuth to work for getting the access token username and password is required.
You can create a user with rest.user as username and give some password.
Give that user rest_explorer role and you can share these credentials to third party.
They can use the credentials to get the access token and then consume the actual API endpoint
Mark Correct if this solves your issue and also hit Like and Helpful if you find my response worthy based on the impact.
Thanks
Ankur
10-10-2018 08:36 PM
I have a question on this topic:
so if I am giving a username/password to the developer for Oauth Token requests, how can I restrict to only Oauth and not basic Auth. Meaning, how can I prevent the developer/application from using the username/password and make basic Auth requests to API resources in SN? Specially that the Username will have the "rest" role.