Authenticating against the ServiceNow API with Session Tokens

Erstellt von Szepieniec Jesse am Sep 22, 2023 1:24:25 PM
Szepieniec Jesse

ServiceNow provides various REST API endpoints that can be used to interact with an instance. The most well-known endpoint is the Table API which can be used to create, read, update and delete records, as well as perform other operations.


There are several ways to authenticate against the ServiceNow REST APIs for Inbound REST API Requests (Requests to your instance from the outside). Here is an overview of the different authentication schemes:

Basic Authentication is the default and should work out-of-the-box. However, if you've set up Single-Sign-On or Multi-Factor Authentication for logging in on the web platform because those schemes don't rely on a password, those users might not have a password set on their sys_user record.

Without a password set on the sys_user record a user won't be able to authenticate against the REST API using Basic Authentication.

This is easily resolved by setting a password on their sys_user record. This does not side-step the SSO/2FA authentication on the web interface, but it does allow these users to authenticate against the REST API using a username and password only.

Multi-Factor Authentication and Certificate-based authentication both require some configuration on the instance. Sometimes getting those configurations implemented requires waiting on various layers of bureaucracy. In those cases (and others), it would be helpful if we could authenticate against the REST API without having to configure anything.

This post is about how we can retrieve two different session tokens which when used together allow for a logged in user to authenticate against the ServiceNow REST API.

One major benefit of session-token (or cookie) based authentication is that it allows you to ineract with the REST API without having to set up any additional authentication schemes or make any other configuration changes.

Although ServiceNow does mention the possibility of cookie based authentication against its REST APIs, it is not documented in detail. I'll try to do so in the post.

Click here to read more and visit the blog with Jesse, ServiceNow Solution Architect at BitHawk AG.


Weitere Themen auf unserem Blog

Themen: Enterprise Service Management