The CreatorCon Call for Content is officially open! Get started here.

API setup based on user access

Khanna Ji
Tera Guru

22 hours ago

Hi Team,

 

We are planning to integrate co-piolet and chatGPT with ServiceNow so users can create/update/search anything from chat.

 

But we are stuck at API access level of permissions. we can't use one API credentials as that is not right. Also we cannot use one credential for one user. How can this be managed?

 

Do you see any challenges or think this should not be done?

0 Helpfuls
  • 239 Views
6 REPLIES 6

Ravi Gaurav
Giga Sage
Giga Sage

20 hours ago

Hi @Khanna Ji 

 

When you integrate Copilot or ChatGPT with ServiceNow, you need a way to authenticate API requests securely.
The challenge is balancing:

  • User-level context (so ChatGPT knows who’s asking and what permissions they have)

  • System-level security (so you’re not exposing or misusing ServiceNow API credentials)

The Right Way to Handle This

 

  • You create a backend service (middleware) between ChatGPT/Copilot and ServiceNow.

  • When a user authenticates in ChatGPT, that middleware issues a short-lived delegated token for ServiceNow using OAuth 2.0.

  • Each API call carries that user’s delegated token.

  • ServiceNow receives the request and executes it on behalf of the user, respecting their roles and permissions.

 

--------------------------------------------------------------------------------------------------------------------------


If you found my response helpful, I would greatly appreciate it if you could mark it as "Accepted Solution" and "Helpful."
Your support not only benefits the community but also encourages me to continue assisting. Thank you so much!

Thanks and Regards
Ravi Gaurav | ServiceNow MVP 2025,2024 | ServiceNow Practice Lead | Solution Architect
CGI
M.Tech in Data Science & AI

 YouTube: https://www.youtube.com/@learnservicenowwithravi
 LinkedIn: https://www.linkedin.com/in/ravi-gaurav-a67542aa/
0 Helpfuls

Khanna Ji
Tera Guru
In response to Ravi Gaurav

19 hours ago

  • You create a backend service (middleware) between ChatGPT/Copilot and ServiceNow.

  • When a user authenticates in ChatGPT, that middleware issues a short-lived delegated token for ServiceNow using OAuth 2.0.

  • Each API call carries that user’s delegated token.

Have you done this or have any idea how to do this?

0 Helpfuls