Using the Oauth authorization grant flow to get a refresh and access token from a ServiceNow instanceSummaryThe documentation page OAuth authorization code grant flow demonstrates how to use the Oauth authorization grant flow to get a refresh and access token from a ServiceNow instance. This article has an example with some extra details not mentioned on that documentation page.ReleaseAll current ServiceNow releasesInstructionsExample of getting a refresh and access code, Note that the redirect/callback URL https://INSTANCENAME.service-now.com/capture_oauthcode used is not a real endpoint on the instance, it's used only in this manual example so you can pick the returned auth code out of the browser URL bar. When implementing this the redirect/callback URL will be an endpoint on your web application.First define a new OAuth API endpoint using System OAuth->Application Registry->Create an OAuth API endpoint for external clients. Then follow these steps (the steps are based on the 3 steps in the documentation page OAuth authorization code grant flow): Get the auth code (the client_id is found in the OAuth API endpoint you defined above, the state value can be any value for this test example): https://INSTANCENAME.service-now.com/oauth_auth.do?response_type=code&redirect_uri=https://INSTANCENAME.service-now.com/capture_oauthcode&client_id=00052a74dd30b4909bc2a5834cd0465e&state=123This will redirect to a URL like this, which has the code: https://INSTANCENAME.service-now.com/capture_oauthcode?code=_BmdlfIwCZP5t3kJ4-jyDDorxBa_d37Q8vHqBvOKf4OP0oIaUpDxddgEKbZDIP9klNeJazgDBKgxcvtLkTZB9g&state=123In this step you'll need a tool such as Postman to make a HTTP POST call to the URL https://INSTANCENAME.service-now.com/oauth_token.do with the following parameters specified in the request body formatted as x-www-form-urlencoded:grant_type=authorization_codecode=_BmdlfIwCZP5t3kJ4-jyDDorxBa_d37Q8vHqBvOKf4OP0oIaUpDxddgEKbZDIP9klNeJazgDBKgxcvtLkTZB9gredirect_uri=https://INSTANCENAME.service-now.com/capture_oauthcodeclient_id=00052a74dd30b4909bc2a5834cd0465eclient_secret=fhslghfHA](where code is the code from step 2, client_id and client_secret are from the record you created in System OAuth->Application Registry, click the padlock icon to see the client_secret value)