rest-integration

REST Integration Patterns for ServiceNow

ServiceNow provides RESTMessageV2 for outbound REST API calls and the REST API for inbound requests.

Outbound REST (Calling External APIs)

Basic GET Request

var request = new sn_ws.RESTMessageV2() request.setEndpoint("https://api.example.com/users") request.setHttpMethod("GET") request.setRequestHeader("Accept", "application/json")

var response = request.execute() var httpStatus = response.getStatusCode() var body = response.getBody()

if (httpStatus == 200) { var data = JSON.parse(body) gs.info("Found " + data.length + " users") }

POST Request with JSON Body

var request = new sn_ws.RESTMessageV2() request.setEndpoint("https://api.example.com/incidents") request.setHttpMethod("POST") request.setRequestHeader("Content-Type", "application/json") request.setRequestHeader("Accept", "application/json")

var payload = { title: "New Incident", description: "Created from ServiceNow", priority: "high", } request.setRequestBody(JSON.stringify(payload))

var response = request.execute()

Using REST Message Records

Create a REST Message record for reusable integrations:

// Using predefined REST Message from sys_rest_message var request = new sn_ws.RESTMessageV2("External API", "Create User")

// Set variable substitutions defined in the REST Message request.setStringParameter("user_name", userName) request.setStringParameter("email", email)

var response = request.execute()

Authentication Methods

Basic Authentication

var request = new sn_ws.RESTMessageV2() request.setEndpoint("https://api.example.com/data") request.setHttpMethod("GET") request.setBasicAuth("username", "password")

Bearer Token

var request = new sn_ws.RESTMessageV2() request.setEndpoint("https://api.example.com/data") request.setHttpMethod("GET") request.setRequestHeader("Authorization", "Bearer " + token)

OAuth 2.0 (Using OAuth Profile)

var request = new sn_ws.RESTMessageV2() request.setEndpoint("https://api.example.com/data") request.setHttpMethod("GET") request.setAuthenticationProfile("oauth2", "My OAuth Profile")

API Key

var request = new sn_ws.RESTMessageV2() request.setEndpoint("https://api.example.com/data") request.setHttpMethod("GET") request.setRequestHeader("X-API-Key", apiKey) // Or as query parameter request.setQueryParameter("api_key", apiKey)

Error Handling

try { var request = new sn_ws.RESTMessageV2() request.setEndpoint("https://api.example.com/data") request.setHttpMethod("GET") request.setHttpTimeout(10000) // 10 second timeout

var response = request.execute() var httpStatus = response.getStatusCode()

if (httpStatus == 200) { var body = response.getBody() var data = JSON.parse(body) // Process successful response } else if (httpStatus == 401) { gs.error("Authentication failed") } else if (httpStatus == 404) { gs.error("Resource not found") } else if (httpStatus >= 500) { gs.error("Server error: " + httpStatus) } else { gs.error("Unexpected status: " + httpStatus) } } catch (ex) { gs.error("REST Exception: " + ex.message) }

Response Handling

Parse JSON Response

var body = response.getBody() var data = JSON.parse(body)

// Access nested data var userName = data.user.name var items = data.items || []

Handle Arrays

var body = response.getBody() var users = JSON.parse(body)

for (var i = 0; i < users.length; i++) { var user = users[i] gs.info("User: " + user.name + " (" + user.email + ")") }

Response Headers

var contentType = response.getHeader("Content-Type") var rateLimitRemaining = response.getHeader("X-RateLimit-Remaining")

MCP Tools for REST

// Create REST Message record snow_create_rest_message({ name: "External API", endpoint: "https://api.example.com", authentication: "basic", // or "oauth2", "api_key" methods: [ { name: "Get Users", http_method: "GET", endpoint: "/users", }, { name: "Create User", http_method: "POST", endpoint: "/users", content_type: "application/json", }, ], })

// Test REST connection snow_test_rest_connection({ endpoint: "https://api.example.com/health", })

Best Practices

Use REST Message records - Centralized configuration, easier maintenance
Set timeouts - Prevent hanging scripts with setHttpTimeout()
Handle all status codes - Not just 200
Log failures - Use gs.error() for debugging
Use Async for slow APIs - Don't block business rules
Store credentials securely - Use Connection & Credential Aliases
Implement retry logic - For transient failures
Rate limit awareness - Check response headers, implement backoff

Retry Pattern

function callApiWithRetry(endpoint, maxRetries) { var retries = 0 var delay = 1000 // Start with 1 second

while (retries < maxRetries) { try { var request = new sn_ws.RESTMessageV2() request.setEndpoint(endpoint) request.setHttpMethod("GET")

  var response = request.execute()

  if (response.getStatusCode() == 200) {
    return JSON.parse(response.getBody())
  }

  if (response.getStatusCode() >= 500) {
    // Server error - retry
    retries++
    gs.sleep(delay)
    delay = delay * 2 // Exponential backoff
    continue
  }

  // Client error - don't retry
  throw new Error("Client error: " + response.getStatusCode())
} catch (ex) {
  retries++
  if (retries >= maxRetries) {
    throw ex
  }
  gs.sleep(delay)
  delay = delay * 2
}

} }

rest-integration

Safety Notice

Copy this and send it to your AI assistant to learn

Source Transparency

Related Skills

predictive-intelligence

scheduled-jobs

document-management