OAuth Inbound Authentication with ServiceNow: Client Credential Flow Using PostmanSummaryThis is a guide on how to test OAuth Inbound Authentication for a ServiceNow instance using Postman. It will help you understand how to set up an application using Client Credential Grant and validate OAuth tokens when making API calls, ensuring secure and authorized access to your system. The focus is on using Postman to simulate client requests and verify the OAuth flow step by step.ReleaseAllInstructionsOAuth flow for Client Credentials The client (such as a backend service) directly requests an access token from the authorization server using its client ID and secret.The authorization server validates the client credentials.If valid, the authorization server issues an access token.The client uses the access token to request a protected resource from the resource server.The resource server validates the token and returns the requested resource. Use Case: Client Credentials Grant does not involve a redirect because it is designed for machine-to-machine communication where no user is involved. The client app directly authenticates itself and requests an access token. NOTE: No Refresh token generated in Client Credential Grant flow. User Setup: Navigate to All > User Administration > Users Select New. On the form, fill in the fields and click submit User ID: oauthusertest NOTE: Below fields are optional First Name: oauthLast Name: userEmail: oauthusertest@example.com Do the following Select Set Password button to get the password generation dialog.Click Generate to generate the password andsave the password by clicking “Save Password” buttonUnset the “Password needs reset” button. Go to the related list and choose the Roles tab. Click the Edit button to assign new role to user: oauthusertest Select rest_service and ITIL from the collection list and move it to the right part by clicking the arrow and save it. Setup Client Credentials system property In the navigation filter, enter sys_properties.list. The entire list of properties in the System Properties [sys_properties] table appears. Select New.On the form, fill the following fields. Name: glide.oauth.inbound.client.credential.grant_type.enabledTo enable Client Credential flow for OAuthType: true| falseValue: true Note: Other fields in the form such as Choices, Ignore cache, Private, Read roles, and Write roles can be configured according to your requirements. Select Submit. Setup oAuth2.0 Application Registry: Log in to your service-now instance as an admin userNavigate to All > System OAuth > Application Registry A list of records will be available related to oAuth2.0 application registration. This is the list to view oAuth2.0 provider or Client records. Provider: A 3rd party application/API will be connecting to your service-now instanceClient: Your instance will be connecting to a 3rd party application. Click New and on the interceptor page, click Create an OAuth API endpoint for external clients and the application registration list will appear. Click the hamburger menu and click Form Layout Choose the following from the available list: Default Grant TypeOAuth application user: After the movement, Save this to go back to the application registry page Check if these two fields are populated on the page. Now, populate the fields as follows and click submit Name: postman-clientcredential-test or any name of your choiceselect “Client Credential” as default grant typeOAuth Application User: oauth user 10. Now select the name: postman-clientcredential-test or the name you give to your application and access the application registry. Click the auth scope and select useraccount as authentication scope. Save the record Save the client ID and Client Credentials for future use. NOTE: To find the client secret, click the lock button to reveal the secret POSTMAN Setup for Access token flow: Open POSTMAN Application Click + button to open REST API request workspace. 3. Select as following: REST HTTP Method: POSTSelect “Body” tab and then Select “x-www-form-urlencoded”URL: https://<instance-name>.service-now.com/oauth_token.do 4. Set the key-value pair as follows: grant_type = client_credentialsclient_id = <client ID from your instance>client_secret = <your client secret>. Click the Send button and check if the response is available: Verification: Navigate to All > System Web Services > REST API ExplorerSelect the setup as following: Path parameters: tableName= incident Query parameters: sysparm_fields = number,severity,caller_id,category,short_description,statesysparm_limit = 1 Click the send button and verify if the data is available: The response body should look like this: Now go to POSTMAN and do the following: Copy the HTTP Method / URI from the REST API Explorer: https://<instance-name>.service-now.com/api/now/table/incident?sysparm_fields=number%2Cshort_description%2Cstate%2Ccaller_id&sysparm_limit=1 Paste it to POSTMAN: [Query Parameters will be auto populated] Copy the access token Go to Authorization tab andNow select bearer token from Auth Type and paste the access token that you receive earlier in the token field: Put the GET request and the following URL: https://<instance-name>.service-now.com/api/now/table/incident?sysparm_fields=number%2Cshort_description%2Cstate%2Ccaller_id&sysparm_limit=1 Check if data is populated. Verification: Token Generation: Navigate to System OAuth > Manage Tokens to see all tokens. Only administrators can access this module.Verify if the token has been generated Debug: Set the system properties for debug.Go to sys_properties.list and check if system property: com.snc.platform.security.oauth.debug is available.If not, click the “New” button to create the property: Set the system property as follows and then click “Submit” Name: com.snc.platform.security.oauth.debugDescription: Enabling oAuth debug propertyType: True| FalseValue: true Now check if system property: glide.auth.debug.enabled exist and if not, Set the system property as follows and then click “Submit” Name: glide.auth.debug.enabledDescription: Enabling oAuth debug propertyType: True| FalseValue: true Go to System Logs > System Log > All Verify if the token has been generated: Related Linkshttps://www.servicenow.com/docs/bundle/yokohama-platform-security/page/integrate/authentication/concept/client-credentials.html