REST API Access

Go to solution
Dubz
Mega Sage

‎05-23-2019 01:21 AM

Hi All,

Just want to confirm that i'm right in thinking that there are very limited controls on access to the platform REST API's?

From my limited testing it seems like a user without any role can access the table POST API to create a record and a user with the standard itil role can access the GET API and this bypasses any before query rules.

Can anyone confirm this? It seems strange to me that the API access is just completely open by default. It shouldn't be too difficult to lock it down but it's going to be a pain testing it out to ensure i don't break any of my integrations!

Cheers

Dave

0 Helpfuls
  • 9,538 Views
1 ACCEPTED SOLUTION

Go to solution
Deepak Ingale1
Mega Sage
In response to Dubz

‎05-23-2019 01:53 AM

snc_platform_rest_api_access tihs is the new role which has deprecated rest_service role I guess from K release/

 

Yes, documentation says that system forces the ACLs by default which is correct, however there is one NOTE provided in documentation, I am just trying to understand whether your behavior is something related to below note. Not sure whether you have REST API ACL activated in your instance or not 

 

Note: The names of these ACLs should never be changed or modified.
These ACLs are deactivated by default, but can be activated on a per API basis. If the REST API ACL is activated for a platform REST API, a user must have the snc_platform_rest_api_access role to make a request to that REST API.

 

https://developer.servicenow.com/app.do#!/document/content/app_store_doc_rest_integrate_kingston_c_R...

View solution in original post

5 REPLIES 5

Go to solution
Deepak Ingale1
Mega Sage
In response to Dubz

‎05-23-2019 05:10 AM

Glad that helped you, have a great time !!!

0 Helpfuls