In this digital era, ServiceNow is a widely used platform and integrating organisation's application with a powerful platforms like ServiceNow is a basic need to streamlines service delivery through effective automation and integration.
One common way to achieve integration is using OAuth 2.0. OAuth (Open Authorization) is a secure protocol used extensively for authorizing API requests between applications.
This blog walks you through integrating your application with ServiceNow using OAuth, specifically focusing on the Client Credentials Grant for machine-to-machine communication.
In this case ServiceNow becomes OAuth provider, which means it will provides OAuth details to connect. So,the first step to integrate your application with ServiceNow using OAuth is to register your application within your ServiceNow instance.This allows ServiceNow to recognize your application and authorize data exchange.
Note: The example shown in this blog is tested with POSTMAN application. You can apply the same concept in your application programming from where you want to connect with ServiceNow.
Step 1: Register Your Application in ServiceNow
Log into your ServiceNow instance.
Navigate to the 'System OAuth' > 'Application Registry'.
Click 'New' to create a new application registry.
Select 'Create an OAuth API endpoint for external clients'.
You will need to fill in some required fields:
Field | ​Field Information |
Name | Provide a name for your application. |
Client ID | This will be auto-generated by ServiceNow, but you can overwrite it if needed. |
Client Secret | Similarly, this will be auto-generated but can be overwritten. |
Redirect URL | The URL where users will be redirected after authorization.(Optional) |
Make sure you record the 'Client ID' and 'Client Secret', as you will need them later.
Step 2: Implement OAuth Client Credentials Grant configuration in Your Application
In this step, you'll implement the OAuth 2.0 Client Credentials Grant within your application.
We will show you this in POSTMAN.
Make a POST request to ServiceNow's OAuth token endpoint
URL: https://<your-instance>.service-now.com/oauth_token.do
Add following information in Body
Format of Request Body should be x-www-form-urlencoded
​Key | Value |
grant_type | password |
​client_id | Client ID copied from Oauth details from ServiceNow |
​client_secret | Client Secret copied from Oauth details from ServiceNow |
redirect_uri | https://<Instance Name>.service-now.com/ |
username | Any user of ServiceNow Instance |
password | Password of same user |
Step 3: Use the Access Token to Make Authorized Requests
In this step, you'll make request to ServiceNow with acccess token you recieved in preivous step.We will show you this in POSTMAN.
Create Incident
Make a POST request to Incident table API URL (The URL can change as per your business requirement.)
URL: https://<your-instance>.service-now.com/api/now/table/incident
Add headers
Key | Value |
Authorization | Bearer <Access Token Received in previous request response> |
Provide data in Body as per the format you want.
Wooo Hoooo! You will get a response with created incident in format you have selected in the request.
You can follow the same steps for retrieve incident or for any other action on any table or with any other api. Access Validation is still applied as per access rules defined in your instance for inserting, retrieving and updating records in the instance. So you need to provide right access to the user used in integration.
And that's it! You've successfully set up OAuth 2.0 integration with ServiceNow.
Remember, security is important. Always store your 'Client Secret', 'Access Token', and 'Refresh Token' securely. Be aware of the access token's expiry time—refresh it before it expires to maintain seamless integration with ServiceNow.
This guide should provide a basic understanding of API integration with ServiceNow using OAuth. The exact steps and code may vary depending on your application's specific requirements and constraints. Always refer to ServiceNow's documentation for the most accurate and up-to-date information.
Comments