Having trouble obtaining access and refresh tokens

NYancerNYancer Member Posts: 2

I am trying to connect to the Retail API from ServiceNow and cannot get the token request to work properly.

I have the temporary code but any subsequent call to /oauth/access_token.php results in an HTTP response of "403 - Forbidden username/password combo" even though I am not sending an Authorization header. I can get this to work using Postman but the HTTP POST from ServiceNow's grant flow is being refused and I cannot figure out how to troubleshoot any further. The response body gives me "error code: 1010" which is completely unhelpful.

Does anyone have any experience with this, or is there anyone from support who can look into the request and see what is being rejected?

By default ServiceNow sends the payload as x-www-form-urlencoded data, but I have tried to send an additional HTTP POST with the payload body as JSON with no success, same 403 error.

Any help is appreciated.


1 comment

  • NYancerNYancer Member Posts: 2

    I was able to figure this out. ServiceNow sends a "User-Agent" header in the token request that is apparently not recognized by the token server, so it refuses the connection with a 403 error.

    It is possible to inject a different User-Agent header in the token request transaction (it is also necessary to inject the "scope" parameter in to the authorization code transaction), so this is what you have to do. For my purposes, I used a generic "Mozilla/5.0" User-Agent header and was able to successfully acquire the access and refresh tokens.

    I hope this is helpful for anyone else integration with ServiceNow.

Sign In or Register to comment.