Create an OAuth application endpoint for external client applications to access the ServiceNow instance.

Before you begin

Role required: admin

Procedure

  1. Navigate to All > System OAuth > Application Registry and then click New.
  2. On the interceptor page, click Create an OAuth API endpoint for external clients and then fill in the form.
    FieldDescription
    Name A unique name that identifies the application that you require OAuth access for.
    Client ID [Read-Only] The auto-generated unique ID of the application. The instance uses the client ID when requesting an access token.
    Client Secret [Required] The shared secret string that both the instance and the client application or website use to authorize communications with one another. The instance uses the client secret when requesting an access token. Leave this field blank to have the instance auto-generate a client secret. To display existing client secrets, click the lock icon.
    Redirect URL The callback URL that the authorization server redirects to. Enter the full URLs of the clients requesting access to the resource, appended by /oauth_redirect.do. For example, http://token_consumer:port/oauth_redirect.do. Enter as many URLs as needed for all possible token consumers. The instance matches the URL of the incoming request to one of the redirect URLs. If no match is made, the instance uses the first redirect URL.
    Logo URL The URL that contains an image to use as the application logo. The logo appears on the approval page when the user receives a request to grant a client application access to a restricted resource on the instance.
    Active Select the check box to make the application registry active.
    Refresh Token Lifespan The number of seconds that a refresh token is valid. The instance uses the lifespan value when requesting a refresh token. By default, refresh tokens expire in 100 days (8640000 seconds).
    Enforce Token Restrictions Select to only allow tokens to be used with APIs set to allow the authentication profile. You can set grant access using an API access policy. For more information, see Create REST API access policy.

    Default: Unselected.
    Mobile Client Represents the entity for mobile app or web. This information is used to analyze the login information with mobile or web.
    Access Token Lifespan The number of seconds that an access token is valid. The instance uses the lifespan value when requesting an access token. By default, access tokens expire in 30 minutes (1800 seconds).
    Comments Additional information to associate with the application.
    Client Type Choose the client type, based on the type of your client. Options:
    • Iframe Embedded
    • Integration as a User
    • Integration as a Service
    To know more, see Configure client type for OAuth and SSO records.
  3. Click Submit.

Result

The system creates a record in the Application Registries [oauth_entity] table with of type OAuth Client. When the instance actually issues tokens and authorization codes, they are stored in the table. See Manage OAuth tokens for more information.