This guide explains how to use API REST SERVICENOW with OAUTH 2.0 and PHP to access and manage data in the latest Yokohama release.
What is OAUTH 2.0 and how does it work with the Service Rest API?
Oauth 2.0 is a method Activate external applications to communicate safely with your instance service Without the need for your username and password.
Say you have an application (such as a postman, website, or other instance services) that needs to read or write data in your service system.
With Oauth 2.0, the application asks for a special key (called an access token) to prove it is permitted to access certain data.
Now, to get this access token and then service data, we need to follow the steps below:
Step 1: Create an OAUTH application in servicenow
In this step, we set the OAUTH application for external system use.
- Enter your service now instance
- In the search for navigator ‘OAUTH SYSTEM ‘.
- Go to the application registry and click new to create a new application.
- Choose Create the end point of the API oauth for external clients.
- Fill in the basic information field.
- Add the transfer url.
- Be sure to add the scope of the author.
There is a different flow of OAUTH 2.0 authentication in API Rest Servicenow.
With that you can authenticate your applications and services, click here for more info.
We will use Authorization code grant flow.
It uses the client’s secret as an additional authorization parameter to prevent the spoofing server.
Also, preferred for any server/cloud application.
Step 2: Authorization Using Oauth 2.0
Redirect to service endpoint authorization:
https: //
With the following Parameter:
| Parameter | Information |
| response_type | Must be a code for this authentication flow. |
| client_id | Consumer key from the definition of connected application. |
| Redirect | URL Reverse call from the definition of the OAUTH application. |
| country | Used to maintain the condition between requests and back calls. |
The final authorization url is as follows:
This will direct the user to the Login Serviceenow window. After entering, the application asks users to ‘allow access’ based on the selected OAUTH scope.
After successful authorization, the browser directs the Callback URL (Redirect_URI) with the code parameter. This code is then used to request access tokens.
Step 3: Get Access Tokens
Create a POST Request to the end point:
https: //
With the following parameters:
| Parameter | Information |
| Grant_type | The value must be authorization_code for this flow. |
| client_id | Client ID of the OAUTH application definition. |
| client_secret | Client’s secret from the definition of the OAUTH application. Required for the authorization code grant flow |
| Redirect | URL Reverse call from the definition of the OAUTH application. |
| code | The authorization code that consumers must use to get access and refresh tokens. |
Below is presented is an example of curls for token requests:
/** Code for retrieving ServiceNow access token via cURL.
*
* @category ServiceNow
* @author Webkul Software Pvt Ltd <[email protected]>;
* @copyright 2025 webkul.com. All Rights Reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
* @link
*/
// POST body
$postFields = http_build_query([
'grant_type' => 'authorization_code',
'client_id' => CLIENT_ID,
'client_secret' => CLIENT_SECRET,
'redirect_uri' => REDIRECT_URI,
'code' => $code,
]);
// Initialize cURL
$ch = curl_init('
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/x-www-form-urlencoded'
]);
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$error = curl_error($ch);
curl_close($ch);
The return results contain several parameters from which we will use the following:
| Parameter | Information |
| Access_token | Token Access acts as a session ID used by applications to make requests. This token must be protected as if it is the user’s credential. |
| token_type | Values are carriers for all responses that include access tokens. |
| Refresh_token | Tokens that can be used in the future to get new access tokens. |
| expired_in | Access_token validity |
| Coverage | That permission (Scope) given. Helps you understand what token is possible. |
Step 4: Get Account Data via API Rest Serviceenow
Now we will use a response from step 3 to access data from service.
Below is presented is a curly example to get account data:
/** Code to retrieve ServiceNow Account Data via cURL.. * * @category ServiceNow * @author Webkul Software Pvt Ltd <[email protected]>; * @copyright 2025 webkul.com. All Rights Reserved. * @license GNU General Public License version 2 or later; see LICENSE.txt * @link */ $url = ' $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, [ "Authorization: Bearer $accessToken", // ACCESS TOKEN FROM PREVIOUS STEP "Accept: application/json" ]); $res = curl_exec($ch); curl_close($ch);
To read more about various parameters, endpoint, and use of fire, you can refer to the Serviceenow document.
This blog provides a quick picture to prepare a basic rest connection with service using minimum settings and simple concepts.
I hope this helps. For more information, check the reference link 1 & reference link 2
Support
If you face problems or have suggestions, don’t hesitate to make tickets and share your feedback with us.
While this blog focuses on service, we also specialize in the CRM salesforce service, offering consulting solutions and adapted implementation.
Explore our various integration and CRM products, visit Eshopsync.com.
Game Center
Game News
Review Film
Rumus Matematika
Anime Batch
Berita Terkini
Berita Terkini
Berita Terkini
Berita Terkini
review anime
