How to Implement API Key-Based Authentication in Scripted REST API?

w6565y65y75nu7y
Tera Contributor

‎05-19-2025 03:15 AM

Hi all,

I’m currently working on a custom application in ServiceNow and I’ve created a Scripted REST API to allow external systems to send data into my instance.

I want to secure this API using API key-based authentication, where the client includes an API key in the request (for example, in a header like api-key), and my Scripted REST API verifies that key before processing the request.

Could someone guide me on how to implement this securely in the Scripted REST API? Specifically, I’d like to know:

  • How to read the API key from the request headers

  • Where and how to store the API key(s) securely in ServiceNow

  • How to validate the key inside the Scripted REST API

  • Any best practices for logging or handling unauthorized requests

If anyone has done this before or has a sample implementation, that would be really helpful.

Thanks in advance!


Pavan Kumar

0 Helpfuls
  • 667 Views
1 REPLY 1

Randheer Singh
ServiceNow Employee
ServiceNow Employee

‎05-19-2025 07:12 AM

Hi @w6565y65y75nu7y ,

You can use the out-of-the-box API key-based authentication feature for inbound API authentication.
https://www.servicenow.com/docs/bundle/yokohama-platform-security/page/integrate/authentication/conc...

Thanks,

Randheer

0 Helpfuls