Please tell me about best practices for API integration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Dear Experts
I'm a beginner at API implementation.
Please tell me about best practices for integrating data from ServiceNow via API.
① API integration between ServiceNow and external SaaS
② Integration between ServiceNow and our internal environment
※For example, API integration with a server on our internal network where the MID server is located.
I understand there are various ways to do this, but I would like to standardize the handling within our company, taking into account security and governance considerations.
Thank you in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/dratulgrover [ Connect for 1-1 Session]
****************************************************************************************************************
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hello @M_Tomy ,
You can follow the below Best practices :
- Use REST APIs with OAuth 2.0 (This ensures token-based, time-bound access).
- Build integrations inside scoped apps to isolate logic, simplify upgrades, and enforce governance.
- External SaaS often enforces API limits. Implement retry logic and queuing to avoid failures.
- Standardize how ServiceNow fields map to SaaS fields. Use IntegrationHub or Flow Designer for consistency.
For Internal Environment :
- Deploy MID servers in secure internal zones with access to required systems. Keep them patched and monitored.
- Ensure TLS is enforced between ServiceNow and the MID server, and between the MID server and internal systems.
- Store credentials in ServiceNow’s Credential Store with role-based access.
Note : For standardization & governance, use ootb IntegrationHub spokes where possible to reduce custom code and ensure maintainability.
Treat integrations as enterprise assets, not one off scripts. By standardizing authentication, logging, and governance, you’ll reduce risk and make future integrations faster and safer.
If my response helped mark as helpful and accept the solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @M_Tomy
1. Utilize token-based, time-bound OAuth 2.0 instead of legacy Basic Authentication to dramatically minimize credential exposure
2. Use non-interactive internal integration service accounts rather than individual user logins.
3. Build integrations inside Scoped Applications to cleanly isolate custom logic, simplify platform upgrades, and restrict cross-scope changes
4.Route large datasets through the Import Set API using temporary staging tables and Transform Maps to clean and validate data.
5.Utilize ServiceNow IntegrationHub out-of-the-box or custom spokes for rapid automation and centralized connections management
6. Build custom Scripted REST APIs to execute custom server-side logic and provide controlled, tailored JSON payloads
7.Never fetch massive datasets at once; explicitly define page sizes using sysparam_limit (ideally used under 2,000 records) and track progress using offset parameters
8.Use the built-in REST API Explorer to build, test, and preview responses interactively or postman (to test) before introducing endpoints to production environments.
9.Deploy a MID Server within secure zones to pass data safely between ServiceNow and local(internal ) networks
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hello @M_Tomy ,
You can refer this thread and documentation :
https://www.servicenow.com/docs/r/api-reference/rest-api-explorer/scripted-rest-good-practices.html
If this helps you then mark it as helpful and accept as solution.
Regards,
Aditya