Customers often end up making a token request for every single API call — sending the username and password repeatedly to get a new access token. This creates unnecessary latency and major security concerns. Ideally, credentials should only be used once to get the initial access and refresh tokens, and thereafter the system should automatically use the refresh token to renew the access token when it expires.

Since this is not a standard OAuth flow, the question is: where do we store and manage these tokens securely in ServiceNow without building custom tables?