Skip to main content

Integration of ServiceNow

Pre-requisites

To configure you serviceNow instance and to connect with Vistar Follow below steps.

Create an OAuth Application

ServiceNow provides two options for granting Vistar access to its API: setting up Basic Authentication or creating an OAuth Endpoint within your instance.

To ensure enhanced security, it is recommended to establish an OAuth Endpoint for Vistar in ServiceNow. In the following section, we will outline the steps involved in creating an OAuth Endpoint specifically tailored for Vistar integration within your ServiceNow instance.

  • Open your ServiceNow Development Dashboard and navigate to the All menu option.

  • From the dropdown menu, select System OAuth. Locate and click on the Application Registry tab.

  • It will redirect you to the list of OAuth endpoints, you can proceed with creating a new OAuth endpoint by click on the New button. -Select the option Create an OAuth API endpoint for external clients from the prompt that appears.

  • A new configuration screen for the OAuth endpoint will be displayed.Fill in the required fields according to your preferences, ensuring to set the Redirect URL as https://api.vistar.com/auth/o/callback/servicenow/oauth_redirect.do.

  • By completing these steps, the OAuth endpoint will be generated correctly, providing you with the necessary Client ID and Secret to establish the connection between ServiceNow and Vistar.

  • To link your ServiceNow Instance to Vistar, you will need your ServiceNow Instance Name and the credentials of your OAuth Endpoint. The ServiceNow Instance Name can be found in the URL of your Development Dashboard, following the naming convention: https://<INSTANCE NAME>.service-now.com. In your Dashboard's URL, the <INSTANCE NAME> refers to your specific ServiceNow Instance Name.

  • To establish connection between ServiceNow and Vistar provide your ServiceNow Instance Name and the credentials (Client ID and Secret) of your OAuth Endpoint to Vistar. By passing this information, the integration between your ServiceNow Instance and Vistar will be completed.

Create An Authentication Profile

To define an authentication method for your ServiceNow Instance, you can create an Authentication Profile. In this case, since we have already established an OAuth Endpoint for the integration, we will set up an Authentication Profile that exclusively authenticates clients through OAuth.

  • To proceed with this setup, Access your ServiceNow Developer Dashboard and navigate to the All menu option.
  • From the dropdown menu, choose System Web Services and Select API Access Policies .
  • Click on the Inbound Authentication Profile tab.
  • It will redirect you to the list of Authentication Profiles, you can proceed with creating a new Authentication Profile by click on the New button.
  • When prompted to select the type of profile for the Authentication Profile, choose the option Create Standard HTTP Authentication Profile.
  • Make sure to select the OAuth Type, choose your previously created OAuth endpoint, and set the Authentication Policy to "Global Locking Policy."Once these steps are completed, you will have the flexibility to configure your Authentication Profile according to your specific preferences.

Create An Access Policy for Table API

  • To create an Access Policy, navigate to your ServiceNow Developer Dashboard and follow these steps:
    • Go to the All section of the dashboard.
    • Select System Web Services from the available options.
    • Choose the API Access Policies tab specifically for REST API access policies.
  • You’ll be redirected to your list of Access Policies,to create a new Access Policy, simply locate and click on the New button.
  • To provide Vistar with the necessary read access to the Table API for fetching users and tasks for security testing purposes, follow these steps to set up the new Access Policy:
    • From the REST API dropdown, select the Table API.
    • Check the option Apply policy to all methods, versions, and resources in the API to ensure the policy is applied universally.
    • Choose your previously created Authentication Profile as the Inbound Authentication Profile for this Access Policy.
  • By configuring the Access Policy in this manner, you enforce OAuth as the required authentication method for accessing the Table API, ensuring secure and controlled access for Vistar to perform security tests on users and tasks.

Create Auth Scopes

To grant Vistar tokens read-only access to the Table API, you need to create an Auth Scope. Follow these steps on your ServiceNow Developer Dashboard:

  • Navigate to the All section of the dashboard and select System Web Services from the available options.

  • Choose the API Auth Scopes tab specifically for REST API Auth Scopes.

  • You will be redirected to the page where you can create a new REST API Auth Scope. For the Read Access Scope, follow these configuration steps:

  • Choose the Table API REST API and check the Apply auth scope to all versions in the API" checkbox.

  • Select the resource /now/table/{tableName}.

  • Create an Auth Scope with a suitable name (e.g., "table_api_read"), which will be linked to the REST API Auth Scope you are creating.

To create the Write Access Auth Scope for the Table API, follow these steps:

  • Click on the "New" button once again to create a new Auth Scope and select the Table API REST API.
  • Check the Apply auth scope to all HTTP methods in this API checkbox and check the Apply auth scope to all versions in the API checkbox.
  • Select the resource /now/table/{tableName}. and check the Apply auth scope to all resources in this API checkbox.
  • Create an Auth Scope with a suitable name (e.g., "table_api_write"), which will be linked to the REST API Auth Scope you are creating.