3. 3.Whatis REST API? 

Representational state transfer or REST is the most popular approach of building APIs. When a request for data is sent to a REST API, it’s usually done through hypertext transfer protocol (HTTP). Once a request is received, APIs designed for REST can return messages in a variety of formats: HTML, XML, plain text, and JSON. 

A request is made up of four things: 

• The Endpoint 

• The method 

• The headers 

• The body 

3.1 The Endpoint 

The endpoint is the url you request for. It generally consists of a base path and resource path. E.g. 

https://dev124645.service-now.com/api/now/table/incident 
 

Every web service provider will have the API documentation, and that needs to be referenced in order to configure the HTTP method endpoint. 

3.2 The Methods 

HTTP methods define the action to take for a resource, such as retrieving information or updating a    record. The available HTTP Methods are: 

3.2.1. POST: Create 

    The POST method is used to submit the information to the server. 

3.2.2. GET: Read 

 The GET method is the most common of all the request methods. It is used to fetch the desired resource     from the server. 

3.2.3. PUT: Update 

 Both PUT and PATCH are used to modify the resources on the server with a slight difference. PUT is a method of modifying resources where the client sends data that updates the entire resource.  

3.2.3. PATCH: Update 

PATCH is a method of modifying resources where the client sends partial data that is to be updated without modifying the entire data. 

3.2.4. DELETE: Delete 

    The DELETE method is used to delete the resource identified by the request url. 

3.2.5. Difference Between PUT and PATCH 

3.3 HTTP Headers: 

Client and Server can pass the extra bit of information with the request and response using HTTP    headers. The Server determines which headers are supported or required. 

    The most widely used HTTP Headers are: 

• Accept 

• Content-Type 

1.Accept 

    Type of data client can understand. 

2.Content-Type 

    Specifies the media type of the resource. 

3.4  Authorization: 

To communicate with other applications or the target application, we need entry pass, means we need some key or credentials. 

In ServiceNow we need Credentials (Username and Password). So, for that source instance need credentials of Target instance user. In ServiceNow we create user with rest_service role and share those details with source instance. 

3.4.1 Types of Authentication: 

3.4.1.1 Basic Authentication: 

Basic Authentication is a straightforward, built-in HTTP protocol feature that works as follows:  

• Mechanism: The client sends credentials (username and password) in the HTTP header, which are encoded using Base64. This is an encoding, not encryption, so it must always be used over HTTPS to protect the credentials in transit. 

• Security: It offers minimal security and is highly vulnerable to interception if not secured by HTTPS. Credentials, once compromised, grant full, long-term access until manually changed. 

• Use Cases: It is best suited for small, internal applications, simple use cases, or rapid development where the overhead of a more complex system is not practical.  

3.4.1.2 OAuth 2.0: 

OAuth 2.0 is an industry-standard authorization framework (not an authentication protocol by itself, but used within them via OpenID Connect) designed for secure access delegation.  

• Mechanism: Instead of user credentials, it uses an “access token” (a temporary credential) which is obtained from an authorization server after the user/application grants permission. This token is then sent with subsequent API requests. The actual user credentials are only handled by the trusted authorization server. 

• Security: It provides enhanced security through: 

• Tokens: Tokens are short-lived and can be revoked. 

• Limited Scope: Access is limited to specific resources and actions defined by “scopes”. 

• No Password Sharing: The third-party application never sees the user’s actual password. 

• Grant Types: Different “flows” (e.g., Authorization Code, Client Credentials) are available for various application types (web, mobile, server-to-server) to maximize security in each scenario. 

• Use Cases: It is the standard for modern web and mobile applications, especially when integrating with third-party services (e.g., “Sign in with Google” or allowing a printing service to access your photos) and in large-scale enterprise systems. 

4.Use Case 

Integrate two ServiceNow instance. Every time when incident is created in one ServiceNow instance (source) then incident record with same information will also get created in another ServiceNow instance (target). 

So the solution we will implement to achieve is that we will create rest message and Business rule in ServiceNow source instance and below are the required information which we need from Target instance or ServiceNow target instance, which will be needed while creating the rest message. 

1. ENDPOINTS 

1. METHODS 

1. REQUEST BODY 

1. HEADERS (CONTENT TYPE) 

1. AUTHORIZATION DETAILS 

4.1 Overall Flow (High Level) 

1. Incident is created in Source instance 

1. Business Rule triggers after insert/update 

1. Business Rule calls a REST Message 

1. REST Message sends data to Target instance 

1. Target instance creates a new Incident using Table API 

4.2 Source Instance 

Step 1: Create REST Message (Source Instance) 

Navigated to: 
System Web Services → Outbound → REST Message 

• REST Message acts as a container for: 

• Authentication 

• Base endpoint 

• Child HTTP methods 

Authentication Configuration: 

• Authentication type: Basic 

• Basic Auth Profile: dev224187 

• Credentials belong to a user in the target instance 

 This allows the source instance to securely communicate with the target instance.