{"id":2092,"date":"2024-11-06T08:10:04","date_gmt":"2024-11-06T07:10:04","guid":{"rendered":"https:\/\/snowit.co\/?p=2092"},"modified":"2024-11-06T09:58:18","modified_gmt":"2024-11-06T08:58:18","slug":"servicenow-scripted-rest-api-with-api-key","status":"publish","type":"post","link":"https:\/\/snowit.co\/pl\/blog\/servicenow-scripted-rest-api-with-api-key\/","title":{"rendered":"ServiceNow: Scripted REST API with API Key"},"content":{"rendered":"

Introduction<\/h3>\n

Setting up API key authentication for scripted REST APIs in ServiceNow can streamline your integration and ensure secure access to your APIs. This guide will walk you through each step, from setting up an authentication profile to testing the integration. By following these steps, you’ll have a secure and well-configured API key authentication process ready for use with your ServiceNow REST APIs.<\/p>\n

Step 1: Set Up an Authentication Profile<\/h3>\n

To begin, configure an authentication profile in ServiceNow to manage how your API keys are processed.<\/p>\n

    \n
  1. Navigate to the Inbound Authentication Profile Section:<\/strong> Go to System Web Services<\/strong> > API Access Policies<\/strong> > Inbound Authentication Profile<\/strong> in your ServiceNow instance.<\/li>\n
  2. Create an API Key Authentication Profile:<\/strong>\n
      \n
    • Select the option to create a new profile dedicated to API Key authentication.<\/li>\n
    • Define the appropriate authorization parameter. Typically, you can set this to authorize users via the Auth header<\/strong> or Query parameter<\/strong>, depending on the level of security required by your integration.<\/li>\n<\/ul>\n

      Choosing the Auth header<\/strong> ensures that sensitive information is not exposed in the URL, which is generally recommended for added security. Alternatively, if you prefer a simpler setup, using the Query parameter<\/strong> is another option, though slightly less secure.<\/li>\n<\/ol>\n

      Step 2: Set Up an API Key<\/h3>\n

      The next step involves creating the actual API key that will be used for authentication.<\/p>\n

        \n
      1. Navigate to the REST API Key Section:<\/strong> Go to System Web Services<\/strong> > API Access Policies<\/strong> > REST API Key<\/strong>.<\/li>\n
      2. Create a New API Key:<\/strong>\n
          \n
        • Define a Name<\/strong> for the API key that is easily identifiable for future reference.<\/li>\n
        • Select the User<\/strong> who will have access to this API key. This user should have the appropriate permissions to interact with the specified REST APIs.<\/li>\n
        • Copy the Token<\/strong> generated for this key. The token is a unique identifier for API access and will be used in the authorization part of your API calls. Ensure that this token is stored securely, as it provides direct access to your REST APIs.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n

          Step 3: Configure an API Access Policy<\/h3>\n

          With the API key created, you need to configure an access policy to control the conditions under which the API key can access your scripted REST APIs.<\/p>\n

            \n
          1. Navigate to REST API Access Policies:<\/strong> Go to System Web Services<\/strong> > API Access Policies<\/strong> > REST API Access Policies<\/strong>.<\/li>\n
          2. Create a New API Access Policy:<\/strong>\n
              \n
            • Define a Name<\/strong> for the access policy that reflects its purpose.<\/li>\n
            • Select the REST API<\/strong> (specifically, the scripted REST API) that this policy will apply to.<\/li>\n
            • Configure additional attributes as needed, such as whether the policy should Apply to all methods<\/strong> (e.g., GET, POST, PUT, DELETE) and any other conditions relevant to your setup. Customizing these attributes ensures that the access policy fits the intended use case and restricts API key usage as needed.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n

              Step 4: Test the Integration<\/h3>\n

              Now that your API key and access policy are configured, it\u2019s essential to test the integration and verify that everything is working as expected.<\/p>\n

                \n
              1. Test the API Key Authentication:<\/strong> Use your dedicated API token (generated in Step 2) and insert it in the manner specified in your authentication profile\u2014either in the x-sn-apikey<\/strong> header or as a query parameter, depending on the setup.<\/li>\n
              2. Verify Successful Authentication:<\/strong>\n
                  \n
                • Send a request to your scripted REST API with the API key. Confirm that the request is successfully authenticated using the API key token.<\/li>\n
                • Check that the API responses are returned as expected and that no authentication errors occur.<\/li>\n
                • If there are any issues, double-check the access policy settings and the way the API key is passed in the request headers or parameters.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n

                  Conclusion<\/h3>\n

                  Setting up API key authentication for scripted REST APIs in ServiceNow enhances security and provides a reliable means to control access. By carefully following these steps\u2014configuring an authentication profile, creating an API key, setting up an API access policy, and testing the integration\u2014you\u2019ll establish a secure foundation for managing API access. This setup also gives you the flexibility to adjust permissions, ensuring your APIs are accessed securely and as intended.<\/p>\n

                  By implementing this API key authentication method, you\u2019ll be well-prepared for secure ServiceNow REST API interactions, allowing authorized users to integrate with confidence.<\/p>\n

                   <\/p>\n