Back to Scan Form

OAuth Setup Guide

Enterprise-grade authentication for ServiceNow

More Secure
No password sharing required
Better Audit Trail
Track all API access
Fine-Grained Control
Limit scanner permissions
Auto-Expiration
Tokens expire automatically

Setup Steps (15 minutes)

1

Create OAuth Application Registry

  1. Log into your ServiceNow instance as admin
  2. Navigate to: System OAuth → Application Registry
  3. Click NewCreate an OAuth API endpoint for external clients
2

Configure OAuth Application

FieldValue
NameAPI Security Scanner
Client ID(Auto-generated - save this!)
Client Secret(Auto-generated - save this!)
Redirect URLhttps://nowisor.com/oauth/callback
Access Token Lifespan3600 (1 hour)
3

Set Required Scopes

The scanner needs these permissions:

rest_service
useraccount
itil

Add these scopes in the OAuth Scopes related list.

4

Generate Access Token

Using cURL:

curl -X POST "https://YOUR_INSTANCE.service-now.com/oauth_token.do" \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "grant_type=password" \ -d "client_id=YOUR_CLIENT_ID" \ -d "client_secret=YOUR_CLIENT_SECRET" \ -d "username=YOUR_USERNAME" \ -d "password=YOUR_PASSWORD"

Response:

{ "access_token": "hKG7aV3xM2...", "refresh_token": "kLp9mN4bQ8...", "expires_in": 3600 }
5

Use Token in Scanner

  1. Go to the scan form
  2. Select OAuth Token authentication method
  3. Paste your access_token
  4. Run scan! 🚀

Security Best Practices

  • 🔒 Token Rotation - Generate new tokens monthly
  • 🔒 Minimal Scopes - Only grant required permissions
  • 🔒 Monitor Usage - Check OAuth logs in ServiceNow
  • 🔒 Revoke When Done - Delete tokens after scanning
  • 🔒 Use Service Accounts - Don't use personal credentials

Troubleshooting

"Invalid Token" Error

• Token may have expired (default: 1 hour)

• Regenerate token and try again

"Insufficient Permissions" Error

• Add required scopes: rest_service, useraccount, itil

• Verify user account has appropriate roles

"OAuth Not Configured" Error

• Verify OAuth application is active

• Check client ID and secret are correct

Start Your Secure Scan →

Need help?

Email: contact@nowisor.comPhone: +33 7 85 11 21 34

Nowisor - ServiceNow Platform Security Experts