OAuth API response parameters

The OAuth 2.0 API produces a JSON response containing the following parameters as name:value pairs.

See the ServiceNow Developers site for API information.

Table 1. Access token response parameters
Response parameter Description
scope The amount of access granted by the access token. The scope is always useraccount, meaning that the access token has the same rights as the user account that authorized it. For example, if Abel Tuter authorizes an application by providing his login credentials, then the resulting access token grants the token bearer the same access privileges as Abel Tuter.
token_type The type of token issued by the request as defined in the OAuth RFC. The token type is always Bearer, meaning that anyone in possession of the access token can access a protected resource without providing a cryptographic key. See RFC6750 for more information about how OAuth 2.0 uses bearer tokens.
expires_in The lifespan of the access token in seconds.
refresh_token The string value of the refresh token.
access_token The string value of the access token. Access requests made within the access token's expiration time always return the current access token.
format [Optional] The output format of the response. This value is always JSON.

The following example illustrates the JSON string returned by an access token request. Spaces have been added to improve readability.

{"scope":"useraccount","token_type":"Bearer","expires_in":1800,
"refresh_token":"w599voG89897rGVDmdp12WA681r9E5948c1CJTPi8g4HGc4NWaz62k6k1K0FMxHW40H8yOO3Hoe",
"access_token":"F0jh9korTyzd9kaZqZ0SzjKZuS3ut0i4P46Lc52m2JYHiLIcqzFAumpyxshU9mMQ13gJHtxD2fy"}