Securing Web Services
As explored in Chapter 6, Exchanging Data – Import Sets, Web Services, and Other Integrations, the Web Services hosted by ServiceNow use Basic Authentication as the primary means for proving identity. A username and password should be used by the remote system when it connects to the instance. This is commonly referred to as a system account.
Basic Authentication is HTTP-level authentication. The calling system must provide a base64 encoded value of
username:password to the Authorization header. The connection is refused if this is not present, making it fast and efficient. In addition, since headers are protected by HTTPS, malicious users cannot intercept this in transit.
When creating a user account for use in Web Services, ...