diff --git a/Integration/Scripted REST Api/DomainSeperation/README.md b/Integration/Scripted REST Api/DomainSeperation/README.md new file mode 100644 index 0000000000..7c93b75a92 --- /dev/null +++ b/Integration/Scripted REST Api/DomainSeperation/README.md @@ -0,0 +1,119 @@ +# ServiceNow Scripted REST API for creating incdents in the correct company/domain + +## Overview + +The API allows authenticated users to create new **Incident** records within their own domain and company context. + +> **DISCLAIMER** +> This script was developed and tested on a **ServiceNow Personal Developer Instance (PDI)**. +> It is intended for **educational and demonstration purposes only**. +> Please **test thoroughly in a dedicated development environment** before deploying to production. + +--- + +## Features + +- Creates a new Incident record for the currently logged-in user. +- Automatically assigns the user's domain and company to the incident. +- Returns the generated incident number and domain in the response. + +--- + +## Prerequisites & Dependencies + +Before using or testing this Scripted REST API, ensure the following conditions are met: + +1. **Domain Separation Plugin** + + - The **Domain Separation** plugin must be activated on your instance. + - This enables `sys_domain` references and ensures incidents are created within the correct domain context. + +2. **Core Data Setup** + + - Ensure valid entries exist in the **core_company** table. + - Each company should have an associated **domain** record in the **sys_domain** table. + - These relationships are critical for correct domain assignment during incident creation. + +3. **User Configuration** + + - The user invoking this API must: + - Belong to a specific domain. + - Have the **snc_platform_rest_api_access** role to access Scripted REST APIs. + - Users must also have ACL permissions to: + - **Read** from the `sys_user` table. + - **Insert** into the `incident` table. + +4. **Instance Configuration** + - Tested and validated on a **ServiceNow Personal Developer Instance (PDI)**. + - Other environments should be configured with equivalent domain and company data for consistent results. + +--- + +## Information + +- **Author**: Anasuya Rampalli ([anurampalli](https://github.com/anurampalli)) +- **Version**: 1.0 +- **Date**: 2025-10-08 +- **Context**: Scripted REST API (`create` function) +- **Tested On**: ServiceNow Personal Developer Instance (PDI) + +--- + +## Expected Request Format + +```json +POST /api/your_namespace/your_endpoint +Content-Type: application/json + +{ + "short_description": "Issue description text" +} +``` +```` + +--- + +## Response Examples + +### Success + +```json +{ + "status": "success", + "incident_id": "INC0012345", + "domain": "TOP/Child Domain" +} +``` + +### Error + +```json +{ + "error": { + "message": "User Not Authenticated", + "detail": "Required to provide Auth information" + }, + "status": "failure" +} +``` + +--- + +## How It Works + +1. Extracts the `short_description` from the incoming JSON payload. +2. Identifies the authenticated user via `gs.getUserID()`. +3. Retrieves the user's domain and company using `sys_user`. +4. Creates a new `incident` record with the user's domain, company, and description. +5. Returns the incident number and domain in the response. + +--- + +## Testing Tips + +- Use a valid ServiceNow PDI with Scripted REST API enabled. +- Ensure the user is authenticated before making requests. +- Check the `incident` table for newly created records. + +--- + diff --git a/Integration/Scripted REST Api/DomainSeperation/create.js b/Integration/Scripted REST Api/DomainSeperation/create.js new file mode 100644 index 0000000000..c3ec7e62a4 --- /dev/null +++ b/Integration/Scripted REST Api/DomainSeperation/create.js @@ -0,0 +1,93 @@ +/** + * + * This script is provided for **educational and demonstration purposes only**. + * Please thoroughly **test in a dedicated development environment** + * before deploying to production. + * + * ----------------------------------------------------------------------------- + * Script Purpose: + * Creates a new Incident record under the same domain and company as the + * currently logged-in user. Returns the generated incident number and domain. + * ----------------------------------------------------------------------------- + * + * @author Anasuya Rampalli (anurampalli) + * @version 1.0 + * @date 2025-10-08 + * @tested On ServiceNow PDI (Personal Developer Instance) + * @context Scripted REST API (process function) + */ + +/** + * Processes the incoming REST API request and creates an Incident + * for the authenticated user within their domain. + * + * @param {RESTAPIRequest} request - The incoming REST API request object containing JSON payload. + * @param {RESTAPIResponse} response - The response object used to send results back to the client. + * + * Expected JSON Body: + * { + * "short_description": "Issue description text" + * } + * + * Response Example (Success): + * { + * "status": "success", + * "incident_id": "INC0012345", + * "domain": "TOP/Child Domain" + * } + * + * Response Example (Error): + * { + * "error": { + * "message": "User Not Authenticated", + * "detail": "Required to provide Auth information" + * }, + * "status": "failure" + * } + */ +(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) { + var body = request.body.data; + var companyName = body.company; + var shortDesc = body.short_description; + //gs.info(gs.getUserID()); + var userSysId = gs.getUserID(); + var result = {}; + + try { + // looup user + var grUser = new GlideRecord("sys_user"); + grUser.addQuery("sys_id", userSysId.toString()); + grUser.query(); + if (grUser.next()) { + var domain = grUser.sys_domain; + // Create new incident + var grIncident = new GlideRecord("incident"); + grIncident.initialize(); + grIncident.short_description = shortDesc; + grIncident.caller_id = userSysId; + gs.info("COMPANY: " + grUser.company.getDisplayValue()); + grIncident.company = grUser.company; + grIncident.sys_domain = grUser.sys_domain; // domain reference comes from core_company + grIncident.insert(); + + let correlationId = grIncident.number; + gs.info( + "Domain Indcident API: inserted incident number: " + correlationId + ); + result.status = "success"; + result.incident_id = correlationId; + result.domain = grUser.sys_domain.getDisplayValue(); + } else { + response.setStatus(404); + result.status = "error"; + result.message = "User not found: " + companyName; + } + } catch (e) { + response.setStatus(500); + result.status = "error"; + result.message = e.message; + } + + response.setBody(result); +})(request, response); +