This article explains how to:

Set up OAuth provider with JWT Bearer grant type and integrate with Box to make Outbound REST call

Please note this is  just an example configuration that can used as a guideline to configure and ServiceNow is not responsible for any API information from the 3rd party API

Any information regarding 3rd party API ( for example in this case BOX) should be obtained from the Vendor documentation/Support.



            On BOX end

  1. Sign Up for Box Developer Account - https://developer.box.com/
  2. From the Developer Console - https://app.box.com/developers/console - Create 'Custom App'
  3. Authentication Method 'OAuth 2.0 with JWT (Server Authentication)'
  4. Give your  app a unique name and Create App
  5. View you app .
  6.  From 'OAuth 2.0 Credentials' copy the Client ID and Client Secret
  7. 'Add and Manage Public Keys' . Create a new keystore and export a public key from that into BOX .(ex: keytool -genkey -alias snclient -keyalg RSA -validity 365 -keystore jwtdemo.keystore -storepass jwtdemo -keypass jwtdemo)
  8. Once the configuration is done , please note the enterpriseID under App Settings. Ex: "enterpriseID": "324985474"
  9. Authorize the app . My apps -> <App Name> -> General -> 'Submit for Authorization' (authorization email will be sent to admin email used during account creation)
  10. Click on your account name on the top ->  Admin Console 
  11. under admin console -> back to my account  (https://app.box.com/folder/0)
  12. Create a new folder and upload a text file .


            On ServiceNow Instance end

  1. Upload Java Key Store certificate : System Definition -> Certificates -> New -> Type (java key store) -> storepass ( key store password from BOX step 7  ) -> attach the keystore created from BOX step 7
  2. Configure a JWT signing key: System OAuth > JWT Keys -> New -> Signing Keystore (associate keystore created from step above step ) -> Signing key (key store password). 
  3. Create a JWT provider with a JWT signing key: System OAuth > JWT Provider -> New -> Associate the 'Signing Configuration' from above step .
  4. Standard Claims :  aud: https://api.box.com/oauth2/token , iss:[client_id],sub:[enterpriseID from step 9].  Custom  Claims: box_sub_type:enterprise
  5. Create OAuth application registry entry :System OAuth -> Application Registry -> New -> Connect to a third party OAuth Provider -> Default Grant type ( JWT Bearer) -> Token URL (https://api.box.com/oauth2/token)
  6. Under OAuth entity profile (oauth_entity_profile) associate the created 'jwt provider'
  7. Create REST Message : System Web Services -> Rest Message -> End Point (https://api.box.com/2.0/folders/0) -> OAuth Profile (Associate the 'OAuth Profile' from above step)
  8. In the REST Message , click on 'Get OAuth token' to get the access token
  9. Go to the 'Default GET' method and click on 'Test' . A successful JSON returned . One of the value returned is Service Account of the box app . For example {"type":"user","id":"12595253003","name":"uday_box_jwt","login":"AutomationUser_1044808_vgj5bajVHT@boxdevedition.com"}
  10.  On the BOX end , share the folder and file with the above user (AutomationUser_1044808_vgj5bajVHT@boxdevedition.com)
  11.  On ServiceNow End: To Get Folder information > Create New Method (GET) > End Point : https://api.box.com/2.0/folders/<FOLDER_ID>  Folder Id can be obtained by clicking on the folder name on box end (ex: https://app.box.com/folder/111563877644 )
  12. On ServiceNow End: To Get File information > Create New Method (GET) > End Point : https://api.box.com/2.0/files/<FILE_ID> Folder Id can be obtained by clicking on the folder name on box end (ex: https://api.box.com/2.0/files/648004300616  )

Article Information

Last Updated:2020-05-07 11:42:43