Purpose

REST Reflector by CAVUCode is a ServiceNow diagnostic utility to inspect REST requests directed to a generic endpoint. This can be especially useful when working with webhooks that cannot be inspected on the outbound 3rd party system. 

Features

  • v1.0.3 (4/27/18)
    • Minor bug fixes
  • Inspect REST request method, headers, query strings, and body via for authenticated and anonymous requests from and REST client.
  • "Reflect" option that response to a client request with a copy of the request data.
  • Simple view of recent requests.
  • Option to store or scrub authentication header
  • Supports Helsinki and Istanbul releases
 

SUPPORT

Please contact support with any feedback or support issues.

 

Install

Available on ServiceNow Share.

You can also install the application directly from Github using ServiceNow Dev Studio. Either fork the project if you want to be able to commit your own changes to your repo, or install directly. From Dev Studio select File->Import from Source Control.

 

 

Usage

 

Reflector Endpoint

 

Once the application is installed the reflection endpoint can be found at:

https://your_instance-service-now.com/api/x_cavu_rest_diag/rr

If you are concerned with having an open endpoint with a common name, you can change the endpoint 'rr' to any unique string.

This scripted REST API endpoint handles reflecting, viewing, and storing the common ServiceNow supported methods and features:

  • Anonymous or authenticated requests
    • By default, reflection endpoints are limited to users with the x_cavu_rest_diag_rest_request_review_user role
    • See below for enabling anonymous support
  • GET, POST, PUT, DELETE, PATCH methods
  • Headers
  • Query strings
  • Body data (application/json content-type supported)

 

reflection of a request

For cases where your REST client does not have the option to log or inspect outbound requests you can use the reflect feature. Direct your request at the RESTReflector endpoint and add the "reflect=true" URL parameter. The RESTReflector will response with a copy of the request data.

Here's a request send from Paw using the reflect=true parameter. You can see the details of the request are reflected back to the client.

 

Storing and viewing requests

The last 30 requests into the reflector endpoint can be also be viewed from the Reflection Viewer module.

 

REST Explorer

The REST Reflector is a scripted REST APIs so you can explore and test it directly from the instance using the REST API Explorer.

  • Select the x_cavu_rest_diag namespace and the REST Reflector API
  • Optionally add the reflect=true query parameter and a json body
  • Send the request as the current or different user
 

Generating Sample client requests

You can use the script generators from REST Explorer to learn how to call the REST Reflector endpoint from various client languages.

 

Properties

The following properties are available through the properties module

  • Threshold limit of requests per minute before REST API is disabled (default=30) - to prevent possible performance impact from an out-of-control request client you can define a throttle limit. If too many requests are received by the REST Reflector endpoints, the service will automatically be disabled. The viewer page will let you know if the service has been disabled.

 

  • Keep authorization header data (default=false) - option to sanitize authorization header value before storing in the database.

 

  • Application logging level - set application logging verbosity
 

capturing anonymous requests

By default the reflector resource endpoints are limited to authenticated users with the x_cavu_rest_diag_rest_request_review_user role.

Occasionally you might have the need to reflect unauthenticated requests. If you would like the reflector to support anonymous request such as some 3rd party webhooks, you will need to disable the Requires authentication option on one or more REST Reflector Scripted API resources.

requires_auth.png