Securing Web Services

As explored in Chapter 6, Exchanging Data – Import Sets, Web Services, and Other Integrations, the Web Services hosted by ServiceNow use Basic Authentication as the primary means for proving identity. A username and password should be used by the remote system when it connects to the instance. This is commonly referred to as a system account.


Basic Authentication is HTTP-level authentication. The calling system must provide a base64 encoded value of username:password to the Authorization header. The connection is refused if this is not present, making it fast and efficient. In addition, since headers are protected by HTTPS, malicious users cannot intercept this in transit.

When creating a user account for use in Web Services, ...

Get Mastering ServiceNow now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.