Developer Templates or Guidance - for the Novice Developer

I am a novice when it comes to developing services. While familiar with the IDN APIs and the use of Postman to support integrations to IDN (from say ServiceNow) or from IDN (for Web Service Connectors), I am not experienced in creating client applications or services that would integrate with IDN.

I will undertake to read up on the best development environment through which I can develop web clients that leverage IDN APIs (any pointers this community can provide would be great!).

My initial concern is authentication. Assuming my IDN client service will need to authenticate to IDN via a Personal Access Token, how do I go about securing the Client ID/Secret in by client service. Or is it possible to configure the client to authenticate the user to IDN via some means that would return a temporary access token. I have tried to follow the guidance on authentication provided in Compass but find myself going around in circles the main articles appear to to self reference!

A description of how to authenticate a user via my client application to IDN while ensuring any need to store client credentials is covered (or at least identified) would be very helpful - sort of novice/101/how to get started guide!

Hi Adrian,

Some of the more common programming languages and frameworks used to develop client applications that leverage REST APIs includes Python3 and Node.js, but most programming languages have the necessary libraries to do the job. In particular the requests library for Python and axios for Node make HTTP requests easy.

As for authentication with client side scripts/programs, your best bet is to use either the client credentials OAuth2 flow, or a personal access token. You can check out the API docs on the developer portal for more information about these two authentication types. Client credentials don’t have a user context, so some API endpoints that require a user context, like /v3/access-requests, won’t work. If you are working with endpoints that require a user context, then you will need to generate an access token with your personal access token credentials.

To securely store your client credentials or personal access token in a client side program, the easiest way is to either create a “secrets” file that contains your credentials, or set up environment variables for your credentials. If you use a “secrets” file, make sure you don’t commit it in your code versioning tool, like git, and make sure you don’t distribute it to users. You should provide instructions to your users on how to setup the “secrets” file or the environment variables. All you need to do in your code is load the secrets from the “secrets” file or from the environment variables before authenticating to the API.

If you have any specific questions about this topic, please don’t hesitate to ask.

Hi Colin,

That is so helpful - and a relief to know my understanding in the use of access token was not completely off track.

I shall read up on the suggestions made.

Thanks very much for taking the time to respond.

Kind regards, Adrian