Summary
This article explains how to:
Set up OAuth provider with JWT Bearer grant type and integrate with Box to make Outbound REST call
Please note this is just an example configuration that can used as a guideline to configure and ServiceNow is not responsible for any API information from the 3rd party API
Any information regarding 3rd party API ( for example in this case BOX) should be obtained from the Vendor documentation/Support.
Instructions
On BOX end
- Sign Up for Box Developer Account - https://developer.box.com/
- From the Developer Console - https://app.box.com/developers/console - Create 'Custom App'
- Authentication Method 'OAuth 2.0 with JWT (Server Authentication)'
- Give your app a unique name and Create App
- View you app .
- From 'OAuth 2.0 Credentials' copy the Client ID and Client Secret
- 'Add and Manage Public Keys' . Create a new keystore and export a public key from that into BOX .(ex: keytool -genkey -alias snclient -keyalg RSA -validity 365 -keystore jwtdemo.keystore -storepass jwtdemo -keypass jwtdemo)
- Once the configuration is done , please note the enterpriseID under App Settings. Ex: "enterpriseID": "324985474"
- Authorize the app . My apps -> <App Name> -> General -> 'Submit for Authorization' (authorization email will be sent to admin email used during account creation)
- Click on your account name on the top -> Admin Console
- under admin console -> back to my account (https://app.box.com/folder/0)
- Create a new folder and upload a text file .
On ServiceNow Instance end
- Upload Java Key Store certificate : System Definition -> Certificates -> New -> Type (java key store) -> storepass ( key store password from BOX step 7 ) -> attach the keystore created from BOX step 7
- Configure a JWT signing key: System OAuth > JWT Keys -> New -> Signing Keystore (associate keystore created from step above step ) -> Signing key (key store password).
- Create a JWT provider with a JWT signing key: System OAuth > JWT Provider -> New -> Associate the 'Signing Configuration' from above step .
- Standard Claims : aud: https://api.box.com/oauth2/token , iss:[client_id],sub:[enterpriseID from step 8]. Custom Claims: box_sub_type:enterprise
- Create OAuth application registry entry :System OAuth -> Application Registry -> New -> Connect to a third party OAuth Provider -> Default Grant type ( JWT Bearer) -> Token URL (https://api.box.com/oauth2/token)
- Under OAuth entity profile (oauth_entity_profile) associate the created 'jwt provider'
- Create REST Message : System Web Services -> Rest Message -> End Point (https://api.box.com/2.0/folders/0) -> OAuth Profile (Associate the 'OAuth Profile' from above step)
- In the REST Message , click on 'Get OAuth token' to get the access token
- Go to the 'Default GET' method and click on 'Test' . A successful JSON returned . One of the value returned is Service Account of the box app . For example {"type":"user","id":"12595253003","name":"uday_box_jwt","login":"AutomationUser_1044808_vgj5bajVHT@boxdevedition.com"}
- On the BOX end , share the folder and file with the above user (AutomationUser_1044808_vgj5bajVHT@boxdevedition.com)
- On ServiceNow End: To Get Folder information > Create New Method (GET) > End Point : https://api.box.com/2.0/folders/<FOLDER_ID> Folder Id can be obtained by clicking on the folder name on box end (ex: https://app.box.com/folder/111563877644 )
- On ServiceNow End: To Get File information > Create New Method (GET) > End Point : https://api.box.com/2.0/files/<FILE_ID> Folder Id can be obtained by clicking on the folder name on box end (ex: https://api.box.com/2.0/files/648004300616 )