Authenticating and securing web services
Communication with a ServiceNow instance has two basic starting points:
- It happens over HTTPS. This provides encryption for all the communication and helps prevent man-in-the-middle attacks.
- Authentication is almost always required, usually in the form of a username and password. This ensures that the instance knows who you are.
- Authorization is then applied. Using Security Rules and other mechanisms, the instance can decide if you are entitled to carry out a particular action.
This section focuses on machine-to-machine authentication. The next chapter, explores authorization in much more detail.
When systems want to connect to ServiceNow, the most obvious and common way of authenticating ...