SERVICENOW

OAuth 2.0
Endpoint Integration
1

ServiceNow OAuth 2.0

What is OAuth 2.0?
OAuth 2.0 (Open Authorization) is an industry-standard protocol that enables
applications to securely access user accounts on an HTTP service, like ServiceNow,
without requiring the user to share their password. It's like a trusted intermediary
that facilitates communication between different apps and services.

Benefits:
 Security: You don't share your passwords with other applications, reducing
the risk of unauthorized access.
 Convenience: It simplifies the process of connecting different applications
and services.
 Control: You have control over what information you share with each
application.

What is ServiceNow OAuth 2.0?

OAuth 2.0 is a widely adopted industry standard for authorization. ServiceNow
implements this framework to provide a secure way for external applications to
access your ServiceNow data and functionalities. It eliminates the need for users to
share their ServiceNow credentials with external apps, enhancing security.

Benefits:
 Enhanced Security: Eliminates sharing ServiceNow credentials with external
apps, reducing the risk of unauthorized access.
 Improved User Experience: Streamlines the authorization process, providing
a more user-friendly experience for interacting with external applications.
 Granular Control: Grants external applications access to specific resources
(scopes) within ServiceNow, minimizing potential security vulnerabilities.

REVANTH KARRA 1
2

Create API Endpoint

 First, let’s type “Application Registry” in filter navigator.

 Click on “Application Registry” and click “New” on the top right corner.

 And in here we’ll click “Create an OAuth API endpoint for external clients”

REVANTH KARRA 2
3

 Let us name this as “OAuth API Demo”.

 And leave everything default, and click “Submit”.

 As we can see our “OAuth API Demo” was created successfully. Let us click on
it.

 Here, the client secret is automatically generated.

REVANTH KARRA 3
4

 Now, navigate to the address bar and copy the link of our Instance.

 Let us go to postman application and past the URL and type “oauth_token.do”
and set the http request to “POST” method.

 Select “Body”, and choose “x-www-form-urlencoded”.

 Remember, these are mandatory fields to be setup during the request.

o grant_type
o client_id
o client_secret
o username
o password

REVANTH KARRA 4
5

 Now, we must fill the Values for all the Keys.

 Let’s get started, for “client_id”, we must go to our instance and copy the
“Client ID”.

 And past it in postman.

 Now, for “client_secret”, we need to click on the lock icon and our client secret
value will be revealed. Copy the “Client Secret”.

 For username and password, you need to paste your Instance credentials.

REVANTH KARRA 5
6

 For grabbing your Instance credentials, you can navigate to Home and click on
your profile icon.

 Now, click on “Manage Instance password”. Here you can get your Instance
credentials.

 Now, go to postman and select “Authorization” and set Type to “No Auth”.

 And now, as we are initially using username and password. Kindly, set
“grant_type” to “password”.

 Let’s click “Send”.

REVANTH KARRA 6
7

 Let us examine the response, we got “access_token, refresh_token, token_type

and expires_in”.

 From now on, use “refresh_token” as “grant_type”, which we got in the

response as we already got authenticated using username and password.

 Here we need to uncheck the checkbox for both username and password and
create “refresh_token” and paste the “refresh_token” value from the response.

 Click “Send” and we will get the same response.

 Now, we need to create another request, which is “GET” method and set the
endpoint, in our case we are using Incident table. So, we used
“/api/now/table/incident”.

REVANTH KARRA 7
8

 As we know, in our POST response, we got “token_type” as “Bearer”.

 So, we need to set “Auth Type” to “Bearer Token” in our “GET” method.

 Now, copy the “access_token” from the “POST” response and paste it in “GET”
method under Token column.

 Click “Send”.

 We successfully got our response.

 Now, let us try another method for getting the response using “GET” method.

REVANTH KARRA 8
9

 Click on “Headers” and set these mandatory fields.

o Authorization
o Accept
o Content-type

 Now, set the values for the related fields as below.

o Authorization : Bearer Q_F-_Otcvz…
o Accept : application/json
o Content-type : application/json

 Remember, to place “Bearer” before the “access_token” and give some space
between these two(“Bearer” and “access_token”).
 Select the checkbox for Authorization, Accept and Content-Type.

 Now under Authorization, set the “Auth Type” to “No Auth”.

 Remember to check the Access Token for every 30 minutes as it gets

refreshed. So, you need to update the Access Token in the “Headers”, if the
access token is refresh.

REVANTH KARRA 9
10

 For checking the Access Token, you need to navigate to the “POST” and click
“Send” and cross verify the access token in the response field. Only then you
will get the response in any case (both methods).

Conclusion:
ServiceNow OAuth 2.0 empowers you to securely connect external applications to
your ServiceNow instance, fostering a more integrated and user-friendly workflow. By
leveraging this authorization framework, you can unlock the full potential of your
ServiceNow environment while maintaining robust security protocols.

REVANTH KARRA 10