Endpoint Validation in Production

Sharath807 · ‎08-04-2025

Hi all,

Is there a way to validate or restrict endpoints being used in the production instance?

Currently, whenever changes are made to any REST Message in Development instance, the endpoint field also gets captured in the update set. As a result, endpoints from the development instance are sometimes unintentionally moved to production. This has led to integration issues and data discrepancies.

Would appreciate any guidance or best practices to avoid this.

Ankur Bawiskar · ‎08-04-2025

@Sharath807

let the endpoints be moved to higher instance via REST Message and update set, you should always have manual activities to update the endpoints of 3rd party in production instance.

This is the usual practice and recommended practice.

If this practice was not followed in your implementation then it might have caused issues.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

View solution in original post

pattersonp · ‎08-04-2025

@Sharath807 wrote:
Hi all,
Is there a way to validate or restrict endpoints being used in the production instance?
Currently, whenever changes are made to any REST Message in Development instance, the endpoint field also gets captured in the update set. As a result, endpoints from the development instance are sometimes unintentionally moved to production. This has led to integration issues and data discrepancies.
Would appreciate any guidance or best practices to avoid this.

The most effective way to prevent development endpoint URLs from being unintentionally moved to production is to stop hard-coding them in REST Messages. The recommended best practice is to use **System Properties** to store environment-specific URLs. By creating a system property with the correct production URL and having the REST Message reference this property, the update set will only capture the reference, not the URL itself. For an additional layer of security, you can implement a business rule to validate that no hard-coded URLs are being saved.

foremostpayonline

View solution in original post

Ankur Bawiskar · ‎08-04-2025

@Sharath807

let the endpoints be moved to higher instance via REST Message and update set, you should always have manual activities to update the endpoints of 3rd party in production instance.

This is the usual practice and recommended practice.

If this practice was not followed in your implementation then it might have caused issues.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

pattersonp · ‎08-04-2025

@Sharath807 wrote:
Hi all,
Is there a way to validate or restrict endpoints being used in the production instance?
Currently, whenever changes are made to any REST Message in Development instance, the endpoint field also gets captured in the update set. As a result, endpoints from the development instance are sometimes unintentionally moved to production. This has led to integration issues and data discrepancies.
Would appreciate any guidance or best practices to avoid this.

The most effective way to prevent development endpoint URLs from being unintentionally moved to production is to stop hard-coding them in REST Messages. The recommended best practice is to use **System Properties** to store environment-specific URLs. By creating a system property with the correct production URL and having the REST Message reference this property, the update set will only capture the reference, not the URL itself. For an additional layer of security, you can implement a business rule to validate that no hard-coded URLs are being saved.

foremostpayonline