Add API Token auth

martialblog · martialblog · commit 8212d0c04477 · 2025-09-30T16:40:23.000+02:00
diff --git a/doc/03-Configuration.md b/doc/03-Configuration.md
@@ -15,12 +15,6 @@ Create a new Icinga Director Import Source and use "ServiceNow Table API" as the
 An official list of available tables can be found [here](https://www.servicenow.com/docs/bundle/yokohama-servicenow-platform/page/product/configuration-management/reference/cmdb-tables-details.html?state=seamless).
 Since we wanted to make it as customizable as possible, we don't have a hard-coded API method. Therefore, you have to provide the full endpoint for the table here (e.g. `api/now/table/cmdb_ci_server`).
 
-**ServiceNow API Username:** User to authenticate against the ServiceNow API.
-Currently only Basic Auth is supported to authenticate against ServiceNow.
-This user needs to have read access to the table you want to import.
-
-**ServiceNow API Password:** Password to authenticate against the ServiceNow API.
-
 **ServiceNow API Timeout:** Timeout for the API request in seconds. Default is `20` seconds.
 
 **ServiceNow Columns:** List of columns to fetch.
@@ -32,3 +26,19 @@ Per default, we fetch all available columns. In case you want to limit the colum
 Per default, no filter limitation is applied to the query. The whole table will be fetched. In case you want to limit the objects, you can provide a filter query here.
 
 To filter, you will need to follow the [official filter syntax from ServiceNow](https://www.servicenow.com/docs/bundle/yokohama-platform-user-interface/page/use/using-lists/concept/c_EncodedQueryStrings.html) An example could be `nameSTARTSWITHlnux`.
+
+### Authentification methods
+
+Currently supported authentification methods:
+
+HTTP Basic Auth:
+
+**ServiceNow API Username:** User to authenticate against the ServiceNow API.
+
+This user needs to have read access to the table you want to import.
+
+**ServiceNow API Password:** Password to authenticate against the ServiceNow API.
+
+API Token:
+
+**ServiceNow API Token:** Bearer token to authenticate against the ServiceNow API. Used in the header key `x-sn-apikey`.
diff --git a/library/Servicenowimport/Api/Servicenow.php b/library/Servicenowimport/Api/Servicenow.php
@@ -12,20 +12,39 @@ class Servicenow
 {
     protected $client = null;
 
-    public function __construct(string $baseUri, string $username, string $password, bool $tlsVerify = true, int $timeout = 10)
+    // $auth = [
+    //     'method' => 'BASIC',
+    //     'username' => 'user1',
+    //     'password' => '123',
+    //     'token' => '',
+    // ];
+    public function __construct(string $baseUri, bool $tlsVerify = true, int $timeout = 10, array $auth = [])
     {
-        $this->client = new Client(
-            [
-                'base_uri' => $baseUri,
-                'auth' => [$username, $password],
-                'timeout' => $timeout,
-                'verify' => $tlsVerify,
-                'headers' => [
-                    'Accept' => 'application/json',
-                    'Content-Type' => 'application/json',
-                ],
-            ]
-        );
+        $c = [
+            'base_uri' => $baseUri,
+            'timeout' => $timeout,
+            'verify' => $tlsVerify,
+            'headers' => [
+                'Accept' => 'application/json',
+                'Content-Type' => 'application/json',
+            ],
+        ];
+
+        $method = $auth['method'] ?? 'UNKNOWN';
+
+        try {
+            if ($method === 'BASIC') {
+                $c['auth'] = [$auth['username'], $auth['password']];
+            }
+
+            if ($method === 'BEARER') {
+                $c['headers']['x-sn-apikey'] = $auth['token'];
+            }
+        } catch (\Exception $e) {
+            throw new RuntimeException(sprintf("Failed to set authentication method %s", $e->getMessage()));
+        }
+
+        $this->client = new Client($c);
     }
 
     /**
diff --git a/library/Servicenowimport/ProvidedHook/Director/ImportSource.php b/library/Servicenowimport/ProvidedHook/Director/ImportSource.php
@@ -19,6 +19,47 @@ public function getName()
         return "ServiceNow Table API";
     }
 
+    protected static function addAuthOptions(QuickForm $form)
+    {
+        $method = $form->getSentOrObjectSetting('servicenow_authmethod');
+
+        if ($method === 'BASIC') {
+            $form->addElement(
+                'text',
+                'servicenow_username',
+                [
+                    'label' => 'ServiceNow API username',
+                    'required' => true,
+                    'description' => 'Username to authenticate at the ServiceNow API',
+                ]
+            );
+
+            $form->addElement(
+                'password',
+                'servicenow_password',
+                [
+                    'label' => 'ServiceNow API password',
+                    'required' => true,
+                    'renderPassword' => true,
+                    'description' => 'Password to authenticate at the ServiceNow API',
+                ]
+            );
+        }
+
+        if ($method === 'BEARER') {
+            $form->addElement(
+                'password',
+                'servicenow_token',
+                [
+                    'label' => 'ServiceNow API token',
+                    'required' => true,
+                    'renderPassword' => true,
+                    'description' => 'Token to authenticate at the ServiceNow API',
+                ]
+            );
+        }
+    }
+
     /**
      * @param  QuickForm $form
      * @return void
@@ -40,38 +81,34 @@ public static function addSettingsFormFields(QuickForm $form)
             'text',
             'servicenow_endpoint',
             [
-                'label' => 'ServiceNow CMDB Table Endpoint',
+                'label' => 'ServiceNow CMDB table endpoint',
                 'required' => true,
                 'description' => 'API endpoint to fetch objects from (e.g.: api/now/table/cmdb_ci_computer)',
             ]
         );
 
         $form->addElement(
-            'text',
-            'servicenow_username',
+            'select',
+            'servicenow_authmethod',
             [
-                'label' => 'ServiceNow API Username',
+                'label' => 'ServiceNow API authentification method',
+                'description' => 'Authentification method for the ServiceNow API',
+                'multiOptions' => [
+                    'BASIC' => 'Basic Auth',
+                    'BEARER' => 'API Token',
+                ],
+                'class' => 'autosubmit',
                 'required' => true,
-                'description' => 'Username to authenticate at the ServiceNow API',
             ]
         );
 
-        $form->addElement(
-            'password',
-            'servicenow_password',
-            [
-                'label' => 'ServiceNow API Password',
-                'required' => true,
-                'renderPassword' => true,
-                'description' => 'Password to authenticate at the ServiceNow API',
-            ]
-        );
+        static::addAuthOptions($form);
 
         $form->addElement(
             'text',
             'servicenow_timeout',
             [
-                'label' => 'ServiceNow API Timeout',
+                'label' => 'ServiceNow API timeout',
                 'required' => false,
                 'description' => 'Timeout in seconds used to query data from ServiceNow. Default is 20.',
             ]
@@ -81,7 +118,7 @@ public static function addSettingsFormFields(QuickForm $form)
             'text',
             'servicenow_columns',
             [
-                'label' => 'ServiceNow Columns',
+                'label' => 'ServiceNow columns',
                 'required' => false,
                 'description' => 'Comma separated list of columns to fetch. Leave empty to fetch all columns.',
             ]
@@ -91,7 +128,7 @@ public static function addSettingsFormFields(QuickForm $form)
             'text',
             'servicenow_query',
             [
-                'label' => 'ServiceNow Query',
+                'label' => 'ServiceNow query',
                 'required' => false,
                 'description' => 'Query to filter records. Leave empty to fetch all records. '
                     . 'The query filter follows the official query syntax from ServiceNow: '
@@ -158,12 +195,19 @@ private function getRecordsFromTable(): array
         // Set endpoint
         $endpoint = sprintf('%s?sysparm_display_value=true', $this->getSetting('servicenow_endpoint'));
 
+
+        $auth = [
+            'method' => $this->getSetting('servicenow_authmethod'),
+            'token' => $this->getSetting('servicenow_token'),
+            'username' => $this->getSetting('servicenow_username'),
+            'password' => $this->getSetting('servicenow_password'),
+        ];
+
         $client = new Servicenow(
             $this->getSetting('servicenow_url'),
-            $this->getSetting('servicenow_username'),
-            $this->getSetting('servicenow_password'),
             self::CLIENT_TLS_VERIFY,
             $this->getSetting('servicenow_timeout') ?: self::CLIENT_TIMEOUT,
+            $auth
         );
 
         $result = $client->request(
