The scripted rest api will be run under which credential?

Go to solution
Lisa71
Tera Contributor

Thursday

Will it be run under the system credential or caller credential? Or both are possible depends on the settings? what to indicate the settings? 

 

What's the difference when I check the "requires authentication" "requires ACL authorization" in the scripted rest resource? 

 

Thanks.

0 Helpfuls
  • 287 Views
3 ACCEPTED SOLUTIONS

Go to solution
TejasSN_LogicX
Tera Contributor

yesterday

Hi @Lisa71 ,

In a Scripted REST API, the script can run using either the system account or the user’s account, depending on the settings. If you select “Requires authentication,” the API needs valid user credentials, and the script runs as that user. If you also select “Requires ACL authorization,” ServiceNow will check the user’s table and field permissions (ACLs) before allowing access. If you only check “Requires authentication,” the script runs as the user but can still bypass ACLs. And if you don’t require authentication at all, the script runs as the system user and anyone can call it. In short, “Requires authentication” controls who is calling, while “Requires ACL authorization” controls what they can access.

View solution in original post

0 Helpfuls

Go to solution
Chaitanya ILCR
Mega Patron

yesterday - last edited yesterday

Hi @Lisa71 ,

if credentials are password it will run as the user 

 

If no authentication is required, the script runs in the context of a "Guest" user.

example

I have created a sample scripted rest api which creates an incident

ChaitanyaILCR_0-1767948040629.png

called the api without credentials

ChaitanyaILCR_1-1767948073472.png

ChaitanyaILCR_2-1767948116082.png

 

when no credentials is opted it runs the api with Guest user permissions

 

 

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya

 

 

View solution in original post

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron

yesterday - last edited yesterday

@Lisa71 

It will run in the session of that user whose credentials 3rd party is using, either Basic OR OAuth 2.0

If no credentials uses then as mentioned by @Chaitanya ILCR -> it is guest user (Not recommended practice)

Requires Authentication -> Blocks unauthenticated/anonymous access

Requires ACL Authorization -> Enforces ACL security on REST endpoint

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
Mathew Hillyard
Mega Sage

yesterday

Hi @Lisa71 

This is the CSDM forum. Please post in a more suitable forum where you will find a wider audience, e.g. the Developer forum.

 

I hope this helps!
Mat

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron

yesterday - last edited yesterday

@Lisa71 

It will run in the session of that user whose credentials 3rd party is using, either Basic OR OAuth 2.0

If no credentials uses then as mentioned by @Chaitanya ILCR -> it is guest user (Not recommended practice)

Requires Authentication -> Blocks unauthenticated/anonymous access

Requires ACL Authorization -> Enforces ACL security on REST endpoint

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls