How to deny all external REST API calls?

romanm5 · ‎11-03-2022

I have a requirements to allow interactive user logon to ServiceNow from external network but need to deny all REST API calls.

"REST API Access Policy plugin" is not very well documented. The solution with adding filters doesn't work.

Can you help?

Mike_R · ‎11-03-2022

Per this documentation, looks like you can just enable some ACLS

instanceName.service-now.com/sys_security_acl_list.do?sysparm_query=type%3DREST_Endpoint%5Eactive%3Dfalse&sysparm_view=

Ohki_Yamamoto1 · ‎10-04-2023

Is it possible to use REST API Access Policy or Adaptive authentication to deny access only from REST API for users with snc_external role?

When I create an API authentication policy in sys_authentication_policy, the login of normal users is also controlled.

I would like to deny access to the REST API only for users with the snc_external role, but allow normal login.

Randheer Singh · ‎10-05-2023

You can do that using the Global REST API access policy.
Steps:

Create a Global REST API access policy.
Add required authentication profiles, that are going to get used for REST APIs (if you are not sure, you can add all available authentication methods.)
Create an authentication policy that evaluates to true only for snc_internal users. (Condition has_snc_internal role is true)
Associate the authentication policy to all authentication profile
Activate the REST API access policy
test your integrations.

Ohki_Yamamoto1 · ‎10-06-2023

Thank you very much!
By using the Global REST API access policy, I was able to restrict access only to the API as expected.

You have helped me a lot. Thank you very much.