Securing web services
As explored in Chapter 7, Exchanging Data - Import Sets, Web Services, and Other Integrations, the web services hosted by ServiceNow use basic authentication as the primary means for proving identity. A username and password should be used by the remote system when it connects to the instance. This is commonly referred to as a system account.
Note
Basic authentication is HTTP-level authentication. The calling system must provide a Base64-encoded value of username:password
to the authorization header. The connection is refused if this is not present, making it fast and efficient. In addition, since headers are protected by HTTPS, malicious users cannot intercept this in transit.
When creating a user account for use in web services, it is a good idea to consider the following points:
- Create a new user account for each integration target, especially for those used by external suppliers. Don't use the same one each time, in case you need to disable it!
Tip
Note that integrations...