API setup based on user access

Khanna Ji · 22 hours ago

Hi Team,

We are planning to integrate co-piolet and chatGPT with ServiceNow so users can create/update/search anything from chat.

But we are stuck at API access level of permissions. we can't use one API credentials as that is not right. Also we cannot use one credential for one user. How can this be managed?

Do you see any challenges or think this should not be done?

Bhuvan · 22 hours ago

@Khanna Ji

See if you can use API Key based authentication

https://www.servicenow.com/community/developer-articles/servicenow-with-chatgpt-integration/ta-p/246...

If this helped to answer your query, please mark it helpful & accept the solution.

Thanks,

Bhuvan

Khanna Ji · 22 hours ago

But with API key, anybody can search anything and do anything with the level of access that API credentials has. That is the breach of access permissions and data leak already.

Bhuvan · 21 hours ago

@Khanna Ji

Not sure why it would lead to data leak as API key is secure way of integration and you are not going to give API key details to all users and only use for integration with ChatGPT or Co-Pilot.

If third-party supports advanced authentication mechanisms, you can use OAuth or JWT token based authentication as well. If you are looking for different information, please share more details regarding integration and use-case scenario.

If this helped to answer your query, please mark it helpful & accept the solution.

Thanks,

Bhuvan

Khanna Ji · 19 hours ago

If I setup one API key and grant it itil role then that API can access incidents, changes etc. But if end user users the chatGPT and he doesn't have itil role but chatGPT is using this API key will grant access to the incidents. This is the security breach and violation of servicenow license model. Hope you understand now what I mean.