Authenticating and securing web services
Communication with a ServiceNow instance has two basic starting points:
It happens over HTTPS. This provides encryption for all the communication and helps prevent man-in-the-middle attacks.
Authentication is almost always required, usually in the form of a username and password. This ensures that the instance knows who you are.
Authorization is then applied. Using Security Rules and other mechanisms, the instance can decide if you are entitled to carry out a particular action.
Note
This section focuses on machine-to-machine authentication. The next chapter, explores authorization in much more detail.
Inbound authentication
When systems want to connect to ServiceNow, the most obvious and common way of authenticating is through a username and password. HTTP Basic Authentication asks that a client send these encoded details in the headers of an HTTP request.
Tip
The header for basic authentication is Authorization: Basic username:password,with the username and...
