REST Reflector by CAVUCode is a ServiceNow diagnostic utility to inspect REST requests directed to a generic endpoint. This can be especially useful when working with webhooks that cannot be inspected on the outbound 3rd party system.
- v1.0.3 (4/27/18)
- Minor bug fixes
- Inspect REST request method, headers, query strings, and body via for authenticated and anonymous requests from and REST client.
- "Reflect" option that response to a client request with a copy of the request data.
- Simple view of recent requests.
- Option to store or scrub authentication header
- Supports Helsinki and Istanbul releases
Please contact support with any feedback or support issues.
Once the application is installed the reflection endpoint can be found at:
If you are concerned with having an open endpoint with a common name, you can change the endpoint 'rr' to any unique string.
This scripted REST API endpoint handles reflecting, viewing, and storing the common ServiceNow supported methods and features:
- Anonymous or authenticated requests
- By default, reflection endpoints are limited to users with the x_cavu_rest_diag_rest_request_review_user role
- See below for enabling anonymous support
- GET, POST, PUT, DELETE, PATCH methods
- Query strings
- Body data (application/json content-type supported)
reflection of a request
For cases where your REST client does not have the option to log or inspect outbound requests you can use the reflect feature. Direct your request at the RESTReflector endpoint and add the "reflect=true" URL parameter. The RESTReflector will response with a copy of the request data.
Here's a request send from Paw using the reflect=true parameter. You can see the details of the request are reflected back to the client.
Storing and viewing requests
The last 30 requests into the reflector endpoint can be also be viewed from the Reflection Viewer module.
The REST Reflector is a scripted REST APIs so you can explore and test it directly from the instance using the REST API Explorer.
- Select the x_cavu_rest_diag namespace and the REST Reflector API
- Optionally add the reflect=true query parameter and a json body
- Send the request as the current or different user
Generating Sample client requests
You can use the script generators from REST Explorer to learn how to call the REST Reflector endpoint from various client languages.
The following properties are available through the properties module
- Threshold limit of requests per minute before REST API is disabled (default=30) - to prevent possible performance impact from an out-of-control request client you can define a throttle limit. If too many requests are received by the REST Reflector endpoints, the service will automatically be disabled. The viewer page will let you know if the service has been disabled.
- Keep authorization header data (default=false) - option to sanitize authorization header value before storing in the database.
- Application logging level - set application logging verbosity
capturing anonymous requests
By default the reflector resource endpoints are limited to authenticated users with the x_cavu_rest_diag_rest_request_review_user role.
Occasionally you might have the need to reflect unauthenticated requests. If you would like the reflector to support anonymous request such as some 3rd party webhooks, you will need to disable the Requires authentication option on one or more REST Reflector Scripted API resources.