Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Some integrations will not have a Message that closes the Bond. In these situations, it is preferable to close any open Bonds manually from a business rule on the Target table, e.g. when an Incident is closed . The following business rule script will close all the Bonds for a given record:
Follow this guide to learn how to configure a dedicated Message in Unifi to handle streamed attachments.
Attachments can be sent either as a stream or embedded in the payload as Base64.
In this guide, you will configure a dedicated Message as part of the Incident Guide Integration (created when following the Bidirectional Asynchronous Incident Guide). It is assumed that the Process, Web Service, Integration & Connection are already in place (if not, please ensure that those elements are in place before continuing).
The components to configure are as follows:
Message
Scripted REST Resource
Unifi will automatically generate the Scripted REST Resource to cater for inbound streaming. If using a Resource created on a release prior to v3.0 this will need to be updated manually.
When you create a Process, Unifi will automatically create the corresponding Scripted REST Resources (see Automated Creation of REST Service).
This guide is supplementary to the Bidirectional Asynchronous Incident Guide and assumes the Process (& subsequent Scripted REST Resources) are already in place (See the Web Service page of that guide for details).
We will now examine the automatically generated Attachment Resource. If you are manually updating an existing Resource to cater for inbound streaming, ensure that it looks like the this.
The following code is extracted from the automatically generated Attachment Scripted REST Resource:
Note: the above script is processing the inbound attachment using the "AddAttachment" message. If your message is named differently then simply update.
You may need to update the api_name in the x_snd_eb.RestHelper() function. It must be the same as the one you set in the Process record.
With the Message & Scripted REST Resource in place, you are now ready to Test the AddAttachment Message.
Follow this guide to learn how to setup an OAuth Connection in Unifi.
This guide gives step-by-step instructions on how to setup an Oauth Connection for your Unifi Integration (ServiceNow to ServiceNow).
This document will guide you through the process of configuring an OAuth Connection for your Unifi Integration (ServiceNow to ServiceNow). This will involve making configuration changes in both the identity provider and identity consumer instances. As such, this guide will examine the changes for each instance separately on the subsequent pages.
In this guide, you will configure an additional OAuth Connection to another ServiceNow instance as part of the Incident Guide Integration (created when following the Bidirectional Asynchronous Incident Guide). The external instance will act as the Identity Provider whilst the original instance will act as the Identity Consumer.
It is assumed that the Integration has been configured, packaged and moved to the external instance (see here for details). Therefore, the Process, Web Service & Integration are already in place (if not, please ensure that at least those elements are in place before continuing).
If you're building a polling integration that has response payloads larger than 5MB then you'll need to save them as attachments and adapt your response processing.
This documentation is specific to handling large response payloads in a Poller integration.
Sometimes a polling integration that is fetching data from another system is required to handle response payloads larger than the 5MB limit imposed by ServiceNow. The normal setup for a Poll Processor includes the response payload being returned as a string in the Request script. Here we look at an alternative approach which avoids handling the response payload as a string and so avoids the 5MB string limit.
Alternative approach for response payloads > 5MB:
Make the request (using RESTMessageV2()).
Save the response as an attachment on a record (using saveResponseBodyAsAttachment()).
Pass the attachment sys_id through (using getResponseAttachmentSysid()).
Fetch it and do something with the newly generated attachment - passing the stream of the attachment on to be processed however required, e.g. text/xml processing.
Don't pass the response body from the request script to the response script. Use saveResponseBodyAsAttachment() and getResponseAttachmentSysid() instead.
The following example is taken from our Incident Attachment Poller Guide.
Request script: This script uses the ServiceNow RESTMessageV2() web service to make a REST call to the endpoint url created in the Setup script. It returns the body of the request as an attachment who's sys_id it passes to the Response script
saveResponseBodyAsAttachment(): This method takes three parameters:
tableName - the table that contains the record you want to attach the saved file to.
recordSysId - the sys_id of the record you want to attach the saved file to.
fileName - the file name to give to the saved file.
request.execute(): The response object returned by request.execute() provides a method called getResponseAttachmentSysid().
getResponseAttachmentSysid(): This method returns the sys_id of the attachment generated by the REST call.
Response script: This script sets up some objects to help us; this includes the essential PollHelper() function (which we initialise from the poll_request) along with the info [] array.
After that it sets params.attachment.data to the sys_id of the created attachment, setting up a payload object and submitting it to Unifi by calling the processInbound() method.
After processing the single result, it is logged to the Response status field of the Poll Request.
In our example we've taken the inbound attachment, built a payload and passed it to Unifi to process.
Setup a scheduled job to ensure refresh tokens do not expire.
We recommend customers using outbound OAuth use this scheduled job script to ensure outbound OAuth connections remain alive, as explained in this KB Article from ServiceNow.
Without this job, the refresh token will eventually expire which means ServiceNow will no longer be able to retrieve an access token. This in turn will cause outbound requests to fail.
If your OAuth service is including refresh tokens with each access token request, this job may not be required.
This script has been reformatted from the KB Article for ease of use.
Heartbeat messages can be used to help identify if the integration is up or down. Both inbound and outbound heartbeat messages are supported.
Create a new Message and select type Heartbeat. Although specific configuration is not required, you can configure Heartbeat messages as you would any other message. The only difference is the Heartbeat transactions are bonded to the active connection.
You should only have one active Heartbeat message per integration. Activating an outbound Heartbeat message will create a scheduled job which sends the message according to the frequency set on the Integration.
No response message is required for Heartbeat messages unless you would like to customise how responses are sent and received.
When an outbound heartbeat message is sent and fails, the integration will be paused and its Status marked as "Down". This will force all outbound messages to be queued. When a future outbound heartbeat message is successful, the integration will be resumed and its Status marked as "Up".
The frequency of outbound heartbeat messages is controlled by the Heartbeat Frequency setting on the Integration. By default, this is set to 300 seconds (5 minutes), meaning a heartbeat is sent every 5 minutes to the endpoint specified by the connection and message.
A heartbeat is seen to fail when it does not receive a 2xx status code response, e.g. 200. If you need to support other status codes, you can use Response Actions to intercept and modify the request response.
To help identify heartbeat messages, all outbound heartbeat messages contain the header x-snd-eb-heartbeat with a value of 1.
You can allow third party systems to send a heartbeat request. A Heartbeat message configured for Inbound processing is required. It can be configured to operate similarly to any other message, although no additional configuration is required.
Inbound heartbeats will run through the full connection process for the integration. By default, a 200 response is returned when authentication and Heartbeat message processing has been successful.
POST https://myinstancename.service-now.com/api/x_snd_eb/unifi/incident
Example to send a Heartbeat message to check if the API is available.
Follow these steps to test the AddAttachment Message.
If necessary, create at least one bonded record in order to test the AddAttachment Message.
In the originating instance, select one bonded ticket and Add an attachment to the record .
From the bonded record, navigate to the Unifi Integrations related list and click to open the Bond.
The External reference is populated. The State is "Open" and the Status is "OK".
From the Bond, navigate to the following related lists:
Navigate to the Bonded Attachments related list and verify that a Bonded Attachment record has been created.
The State is "Complete".
Navigate to the Transactions related list and click to open the AddAttachment Transaction.
The Transaction state is "Complete" and the Process state is "Accepted".
From the Transaction, navigate to the HTTP Requests related list and click to open the HTTP Request.
The Request state is "OK".
Note the following about the HTTP Request:
Endpoint URL: A concatenation of the Connection URL appended with the Path defined on the Message.
Request headers*: Contains the mime_type.
Request payload*: The payload contains the "sys_attachment:<sysid>" (the format which Unifi expects & automatically triggers outbound streaming).
*These objects were defined in the Stage to Request script.
You will never see the attachment data in the payload itself.
In the receiving instance, navigate to the corresponding bonded ticket and verify the attachment has been added to the record.
The attachment has been added to the bonded record.
From the bonded record, navigate to the Unifi Integrations related list and click to open the Bond.
The External reference is populated (note: the Internal/External reference values are opposite to the originating bond). The State is "Open" and the Status is "OK".
From the Bond, navigate to the following related lists:
Navigate to the Bonded Attachments related list and verify that a Bonded Attachment record has been created.
The State is "Complete".
Navigate to the Transactions related list and click to open the AddAttachment Transaction.
The Transaction state is "Complete" and the Process state is "Accepted".
From the Transaction, navigate to the HTTP Requests related list and click to open the HTTP Request.
The Request state is "OK".
Note the following about the HTTP Request:
Endpoint URL: This is defined on the Resource path of the automatically generated Scripted REST Resource.
Request payload: The payload structure is defined in the Scripted REST Resource script.
Congratulations! You have successfully configured & tested a dedicated Message to stream inbound and outbound attachments.
The AddAttachment Message will be used to process inbound and outbound attachments.
In Unifi Integration Designer, click on the 'Messages' icon & then New to begin configuring the AddAttachment Message.
The fields to be configured for the AddAttachment New Message modal are as follows:
| Field | Description | Value |
|---|---|---|
Your AddAttachment New Message modal should look like this:
Submit and view to further configure the Message.
Navigate to Message > Response.
The Response fields to be configured are as follows:
Your Response form should look like this:
Navigate to Message > Bond.
The Bond fields to be configured are as follows:
*These fields are automatically populated.
Your Bond form should look like this:
Navigate to Outbound > Trigger.
The Outbound Trigger fields to be configured (as required)* are as follows:
*Outbound condition (as required):
It is not always necessary for you to enter a condition. The value given is an example. You may create any condition (or not) to align with your business process requirements. In this case, it makes sense to set the Outbound Condition to false because we do not want Unifi to send this message on any update of the source record. Typically, we would configure different messages to align with state changes (e.g. Close, Resolve).
The code in the 'Outbound condition' script field should look like this:
Your Outbound Trigger form should look like this:
Navigate to Outbound > Attachments.
The Outbound Attachments fields to be configured are as follows:
*This field is automatically populated.
Your Outbound Attachments form should look like this:
Navigate to Outbound > Settings.
The Outbound Setting fields to be configured are as follows:
The code in the 'Path' field should look like this:
The /attachment element of the Path is required when using the Unifi Scripted REST API to automatically generate the Scripted REST Resource. We shall discuss this further on the Scripted REST Resource page.
Please note the following when using the Unifi Scripted REST API to automatically generate the Scripted REST Resource:
If you have attachment messages which were configured before the auto-generated Scripted REST Resources, you must add the /attachment element to the Path of those messages. Otherwise, they may generate "Content type not allowed" errors.
Your Outbound Settings form should look like this:
Navigate to Inbound > Settings.
The Inbound Settings fields to be configured are as follows:
*Bond reference method value choices: Internal - lookup using the internal reference only. External - lookup using the external reference only. Both - lookup using both the internal and external references.
Choose the value depending on what is needed.
For attachments we only use the Internal lookup because we are not passing both references. Lookup could be done on External or Both, but the references would need to be added to the inbound request.
Make sure to set either stage.internal_reference or stage.external_reference (or both) to match in the Payload to Stage Script (see below).
Your Inbound Settings form should look like this:
Navigate to Advanced > Script Editor.
When you first open Script Editor, it should look like this:
The Script Editor fields to be configured are as follows:
The code in the ‘Stage to Request’ script field should look like this:
file_name: It is necessary to encode the file_name so that the characters are converted into a format that can be transmitted and understood in the endpoint URL. Not doing so could cause the Transaction to fail (particularly if the file_name contains special characters).
payload: To stream outbound, you will need to set the payload to be "sys_attachment:<sysid>". Unifi will recognise this and automatically stream the attachment out.
You would configure other message data within the URL or the headers.
The code in the ‘Payload to Stage’ script field should look like this:
We have chosen to set the internal reference on stage as we have set the Bond reference method to 'Internal' (see above). I_f we had set the Bond reference method to 'External', we would need to set the stage external reference here (or both if we had set the Bond reference method to 'Both')._
Your Script Editor fields should now look like this:
Save the message.
Next, we shall configure the Scripted REST Resource.
These are the configuration changes to be made in the identity provider instance when setting up an OAuth Connection.
These instructions apply to ServiceNow. Other identity providers may vary.
In native ServiceNow, navigate to System OAuth > Application Registry and click New.
On the interceptor page, click Create an OAuth API endpoint for external clients.
The fields to be configured for the Application Registry record are as follows:
*These values are to be left as-is.
Your Application Registries New Record should look like this:
Submit the record.
If you re-open the record after submitting it, you will see that the Client Secret has been populated.
If you haven't already done so, you will need to create an Inbound user in this instance. See here for details.
In Unifi Integration Designer, navigate to Connections and click New.
We have chosen to configure a Connection for the Pre-Production environment because we have already configured connections in the Consumer Instance for both the Development and Test environments. Choose whichever environment is appropriate for your requirements.
The fields to be configured for the New Connection modal are as follows:
The format of the Endpoint URL is as follows:
https://<your_consumer_instance>.service-now.com/<your_consumer_resource_path>
The entire Endpoint URL can be easily obtained from the automatically created Message Resource on the Unifi Scripted REST API (displayed in the widget at the top of the Connections page) in the other instance.
Your New Connection modal should look like this:
Submit and view to further configure the Connection.
Although we will be providing an OAuth Token for the external instance to consume when connecting to this instance, we will use Basic authentication to connect outbound with the Consumer Instance.
The fields to be configured for the Details form are as follows:
Your Details form should look like this:
Save the Connection.
At this point you can perform a basic Connection test. For instructions, see here.
Next, configure the Identity Consumer Instance.
These are the configuration changes to be made in the identity consumer instance when setting up an OAuth Connection.
In native ServiceNow, navigate to System OAuth > Application Registry and click New.
On the interceptor page, click Connect to a third party OAuth Provider.
The fields to be configured for the Application Registry record are as follows:
*This value is to be left as-is.
Token URL: Replace the <your-provider-instance> element of the URL with that of the Identity Provider Instance.
Your Application Registries New Record should look like this:
Right-click and Save to remain on the record.
Validate that the OAuth Entity Profiles related list has been populated with the following values:
Name: <Your Unique Name> default_profile
Is default: true
Grant type: Resource Owner Password Credentials
This is the profile which will be selected when configuring the Connection.
In Unifi Integration Designer, navigate to Connections and click New.
We are going to configure a Connection for the Pre-Production environment because we have already configured connections for both the Development and Test environments. Choose whichever environment is appropriate for your requirements.
The fields to be configured for the New Connection modal are as follows:
The format of the Endpoint URL is as follows:
https://<your_provider_instance>.service-now.com/<your_provider_process_api>
The entire Endpoint URL can be easily obtained from the automatically created Message Resource on the Unifi Scripted REST API (displayed in the widget at the top of the Connections page in the other instance).
Your New Connection modal should look like this:
Submit and view to further configure the Connection.
The fields to be configured for the Details form are as follows:
Your Details form should look like this:
Save the Connection.
Once you have saved the Connection, the 'Get OAuth Token' button is available.
Click Get OAuth Token.
On the modal that pops up, enter the Username & Password (for the Inbound user of the Identity Provider Instance).
Click Get OAuth Token.
The 'OAuth token flow completed successfully' info message is displayed. Close the modal.
Congratulations. You have successfully configured both halves of the OAuth Connection.
| Name | Type | Description |
|---|---|---|
| Field | Description | Value |
|---|---|---|
| Field | Description | Value |
|---|---|---|
| Field | Description | Value |
|---|---|---|
| Field | Description | Value |
|---|---|---|
| Field | Description | Value |
|---|---|---|
| Field | Description | Value |
|---|---|---|
| Field | Description | Value |
|---|---|---|
| Field | Description | Value |
|---|---|---|
| Field | Description | Value |
|---|---|---|
| Field | Description | Value |
|---|---|---|
| Field | Description | Value |
|---|
| Field | Description | Value |
|---|
| Field | Description | Value |
|---|
To future proof your OAuth connection, please consider setting up the .
Response
The immediate synchronous response to this message.
lookup: 'Response'
Bond ownership **** condition*
Determine if the sender should own the bond or not in order for this message to be processed? Use 'Ignore' to process regardless of the owner flag. (Choices: Ignore, Must own, Must not own.)
'Ignore'
Bond condition type*
The type of conditional check made on the bond. (None: no checks are made. State: checks against the state are made using the conditional checkboxes. Scripted: the 'Bond condition' script is used.)
'State'
Bond pending
Process this message when the bond state is Pending.
<true>
Bond open
Process this message when the bond state is Open.
<true>
Outbound condition*
The condition that the ServiceNow record must meet to trigger this message being processed.
Update the Outbound condition script field with the code below
Send attachments
Mark this message as being enabled for sending attachments.
<true>
Maximum attachments to send*
Set the maximum number of attachments this message can send using the AttachmentSender helper class.
'1'
Attachment added
Use this message to immediately send new attachments regardless of the trigger conditions.
<true>
Path
A path to append to the URL defined in the connection. Specify a full URL to override the connection. Define inline scripts to reference Stage to Request script variables by wrapping code in braces {}, e.g. /{transaction.message_id}.
Update the Path field with the code below
Action method
The SOAP Action or the REST Method to use for this message. If this field is empty the SOAP Action will default to the message name and the REST Method will default to POST.
'POST'
Bond reference method
Method of searching for and validating an existing bond for incoming messages.
'Internal'*
Stage to Request
Method of searching for and validating an existing bond for incoming messages.
Update the code in the Stage to Request script field so that it looks like the code below
Payload to Stage
The script containing functions for extracting internal and external references from the request payload.
Update the code in the Payload to Stage script field so that it looks like the code below
Name
Name of the OAuth app
<Your Unique Name>
Client ID*
The client id of the OAuth app
[read-only] (automatically generated)
Client Secret*
The client secret of the OAuth app
Leave [Blank] to automatically generate
Refresh Token Lifespan*
The number of seconds a refresh token issued will be good for
8,640,000 (default value - automatically populated)
Access Token Lifespan*
The number of seconds an access token issued will be good for
1,800 (default value - automatically populated)
Comments
Comments about the OAuth app
<Your description of the purpose of the OAuth entity>
Environment
The environment this connection applies to.
'Pre-Production'
Endpoint URL
The external system's access URL.
<External system Endpoint URL>
Active
Use this connection for the integration when true.
<true>
Authentication
The authentication method to use for this connection.
'Basic'
User
The username used in basic authentication.
<external.system.user>
Password
The password used in basic authentication.
<External system user password>
Inbound user
The user profile used by the external system for authentication. An active connection must be found for the user to gain access.
lookup: <Your Inbound User>
x-snd-eb-message-name*
String
Your heartbeat message name, e.g. Heartbeat
x-snd-eb-heartbeat
Integer
1
Authorization*
String
Setup authorization as required by your connection.
Name | Name of the OAuth app | <Your Unique Name> |
Client ID | The client id of the OAuth app | The Client ID from the Identity Provider Instance |
Client Secret | The client secret of the OAuth app | The Client Secret from the Identity Provider Instance |
Default Grant type | The Default Grant Type used to establish the OAuth token | 'Resource Owner Password Credentials' |
Refresh Token Lifespan* | The number of seconds a refresh token issued will be good for | 8,640,000 (default value - automatically populated) |
Token URL | OAuth token endpoint to retrieve access and refresh tokens | 'https://<your-provider-instance>.service-now.com/oauth_token.do' |
Comments | Comments about the OAuth app | <Your description of the purpose of the OAuth entity> |
Environment | The environment this connection applies to. | 'Pre-Production' |
Endpoint URL | The external system's access URL. | <External system Endpoint URL> |
Active | Use this connection for the integration when true. | <true> |
Authentication | The authentication method to use for this connection. | 'OAuth 2.0' |
OAuth Profile | The OAuth Entity Profile to authenticate with. | '<Your Unique Name> default_profile' (as created/validated above) |
Inbound user | The user profile used by the external system for authentication. An active connection must be found for the user to gain access. | lookup: <Your Inbound User> |
Message name
The message name that is unique for this integration.
'AddAttachment'
Type
The primary purpose of the message.
'Update'
Direction
The direction(s) this message is configured to support.
'Bidirectional'
Description
Describe the message and the function it is performing.
<Your description>
