Need remote address/IP from a scoped Scripted REST API

Brian Workman · ‎04-23-2026

Hi there! I'm looking for a way to get the remote address/host in a scoped Scripted REST API that doesn't rely on spoofable headers or a global shim. This seems like it should be fairly easy to inspect, since a called host knows what's connecting to it. What part of the Scripted API system provides the ability to give that information:

Requirements:

1. Not a global script include shim

2. Not using request.headers['x-forwarded-for']

3. Not using GlideSession (since you need an authenticated session)

Ideas?

Tanushree Maiti · ‎04-23-2026

Hi @Brian Workman

You can try with it:

gs.log("IP address: " + request.headers["x-forwarded-for"], "HEADERS");

OR

var reqHeader = request.headers;

var jsonObj = new JSON();

var headerStr = jsonObj.encode(reqHeader);

gs.log('headers'+headerStr);

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti

lauri457 · ‎04-23-2026

What are you doing with the ip? If it's for whitelisting you could use rest api access policies.

Unauthenticated transactions will still have a jsessionid and will just use the guest user as a proxy. You can get the session id in a scoped script with gs.getSessionID(). With the sessionid it should be trivial to get the ip from the transaction log but the transaction is not logged before the transaction is finished. Maybe it's possible on the fly from somewhere else.