Professional Documents
Culture Documents
Access
Controls
Build Tests Tests should validate the response code, headers, and body con
to verify resource you implement. You can also use tests to validate authe
onality
*GlideRecordSecure API Ensure that the ACLs are defined on the underlying data a
user.
API URIs This part the for the scripted rest has to define name_space, api_id, resour‐ REST Security
ce_path, version
How is REST API Secure?
API Query When defining a scripted resource, which parameter is mandatory for the The REST API uses basic authentication or OAuth to enforce access controls to
Parameter request can also be defined defined on tables to restrict the data viewership.
API Error Scripted REST APIs provide multiple ways to send an error in a response to a
Will all tables be available for the REST API Access?
Objects* requesting client.
By default, Yes. All tables including system tables, and scoped tables are availab
*Multiple error objects are available in scripted REST API scripts to report error information to
How can I restrict a table Access through web services?
requesting clients.All scripted REST API error objects use the sn_ws_err namespace.
In the table properties, uncheck the option for Allow access to this table via web s
Error objects available are 400,404,406,409,415
Follow REST REST API conventions define specific behaviour for each type of method. For
How can I Define CORS Rules?
API Conven‐ ex : GET : to Query the data, POST : to create Data, PUT and PATCH : to
CORS Rules can be defined in sys_cors_rule. Which allows to specify a domain a
tions Update data, DELETE : to delete records.
expose.
Use Use versioning to implement new functionalities, so that the existing functiona‐
How to disable CORS Support for Instance?
Versioning to lities will not impact
CORS support on instance is defined by glide.rest.cors.enabled set it to false for
control
changes to Can I use OAuth with REST?
API Yes, use OAuth token for REST Requests
Return an Return a status code, which inform the requestor about the success and failur‐
Can I use MFA with REST?
Informative es(defined in the response codes section)
Yes again, with a REST Request, if MFA is enabled then append token to end of
HTTP Status
rid:passwrdtoken. Encode using base64 encoding
code
Return useful Provide the requestor with enough information of why the failure occurred. Error
ation
API API allows to select a specific Application Progra‐ Ex TableAPI,AggregateAPI 400 Bad The Request URI can't
Namespace REST APIs provided by ServiceNow has now Scripted REST may use a different one 401 Unauth‐ The User is not authorized to use
namespace orized
REST enables the use of few methods like Not all the APIs available from ServiceNow 403 Forbidden The Operation requested is
Method
GET,POST,DELETE,PATCH would have all the methods available not permitted for the user
Allows to specify a header for the Integration Can add Custom header as per requirement 404 Not Found The requested resource is
Request
not found
Header
Query Allows to specify an encoded query for the REST Call Can add more query parameters or even a 405 Method not The HTTP action is not allowed o
You can prepare the sample request using the REST API Explorer in ServiceNow. 406 Not The endpoint doesn't support
ServiceNow REST URI looks like this <LINKFORSNOW>/api/now/apiname/. For ex : if we are using a table API for POST acceptable the response format
then the link look something like below : POST <LINKOFServiceNow>/api/now/table/tablename 415 Unsupp‐ The endpoint does not support th
orted media
REST API Rate Limit type
To prevent excessive inbound REST API requests, set rules that limit the number of inbound REST API requests processed
There is an option to create Rate Limit for users with specific roles, or for all users. The table for creating rate limit is sys_ra‐ execute() Sends the REST message to En
saveResponseBodyAsAttachmen‐ Configures the REST message to save the returned response body as setMIDServer(midse‐ The name of the MID Server to use
t(tblname,recordid,filename)** an attachment record. rver) active MID Server with the specified
saveResponseBodyAsAttachmen‐ Configure the REST message to save the returned response body as an setMutualAuth(profile‐ Set the mutual authentication proto
setBasicAuth(username,pa‐ Sets basic authentication headers for the REST message. using PUT or POST HTTP methods
body)
ssword) Sets the request body using an exis
setRequestBodyF‐
setEccCorrelator(correlator) Associate outbound requests and the resulting response record in the
romAttachment(atta‐
ECC queue. This method only applies to REST messages sent through
chmentsysid)
a MID Server.
setRequestHeader(n‐ Set an HTTP header in the REST m
setEccParameter(name,value) Override a value from the database by writing to the REST message value.
ame,value);
payload. This method only applies to REST messages sent through a
setRequestorProfile(r‐ Override the default requestor profi
MID Server.
equestorcontext,re‐ order to retrieve an OAuth access t
setEndpoint(endpoint) Set the endpoint for the REST message. questorid) different requestor.
setHttpMethod(method) The HTTP method this REST message performs, such as GET or PUT. Set a REST message function varia
setStringParameter‐
Set the amount of time the REST message waits for a response from the (name,value) from the REST message record to
setHttpTimeout(milliseconds)
web service provider before the request times out. XML reserved characters in the val
setStringParameter‐
Set the log level for this message and the corresponding response.Valid NoEscape(name,v‐ equivalent escaped characters.
setLogLevel(level)
values for level are basic, elevated, and all. alue)
waitForResponse(se‐ In seconds. Wait at most 60 second
*By design, this method cannot return the value for a header set a
To grant this method access to all headers, set the property glide.
**the input parameters for this functions are string, and recordId is