Unauthenticated users cannot submit catalog items on Service Portal - Known Error

Unauthenticated users cannot submit catalog items on Service Portal Description When unauthenticated users try to submit a public catalog item in Service Portal, a 400 Bad Request error occurs and they are unable to submit. This issue is due to AngularProcessor authentication restrictions.

Steps to Reproduce

Open any catalog item, for example an iPhone 6S [ /sp?id=sc_cat_item&sys_id=d0b15e33d7033100a9ad1e173e24d49e].

For more information, see the product documentation topic Service catalog items .

Make the item public. Go to the Service Portal page (sc_cat_item) and make this page public.

Make any widgets associated with the sc_cat_item page public as well.

Open the item in an incognito window [ /sp?id=sc_cat_item&sys_id=d0b15e33d7033100a9ad1e173e24d49e ].

Note that although the catalog Item is public, it will not allow you to submit the item.

Workaround To allow unauthenticated users access to catalog items, the following needs to be done (on instances running New York Patch 9, Orlando Patch 4 or higher):

Widget/Page Configuration

The following Service Portal Page(s) and Widget(s) must be configured to allow access to the public role:

Catalog Item Service Portal Page (sc_cat_item) SC Catalog Item Widget SC Order Guide Widget Catalog Checkout Widget (if two step checkout has been enabled) SC Order Status page and the Order Status widget API Configuration

All the REST APIs used on the above mentioned widgets/pages must be configured to allow unauthenticated access by unchecking the `Requires Authentication` field in the REST API configuration. This includes the following API(s):

Buy Item Submit a Record Producer Validate Variable Regex (In case the item consists of a variable which requires Regex Validation) Checkout Order Guide Variable display value Check requested for delegation on item. (Paris onwards)

If these REST APIs are configured to require authentication, they throw a `403 Unauthorized error` when accessed by a public user

Customers may need to reach out to the ServiceNow Support for making these API and Widget configurations Catalog Item Configuration

The catalog item(s) intended for unauthenticated submission must have a User Criteria that allows access to the public role The variables must allow Create permissions to the public role Limitation

Adding attachments is not supported as a public user so as a best practice, use Portal Settings to hide the attachment section for public catalog items. At present we do not support public Multirow Variable Set. Related Problem: PRB854474