Restricted access to servicenow API for security

snowuser111 · ‎10-26-2017

HI Experts,

Badly need your guidance please.

How can we restrict any endusers to access the Table API.

we have our UI(portal) developed in Node JS and node JS is communicating with ServiceNow via only single user which has permissions to QUERY , POST ,UPDATE data on behalf of users to ServiceNow API so no way users are able to access servicenow production. But how can we secure it more tightly because cant completely rely only on nodeJS . What if somehow single user credentials are accessible which has permissions to access servicenow API.

Is there a way so that in no way these API are accessible in worst cases.

we thought of IP access range but again Node JS is unstable for its IP range so excluded this idea.

Please someone can guide me if anyway we can secure this by any kind of approach or solution.

Thanks

Goran WitchDoc · ‎10-26-2017

There isn't any way of building the portal within ServiceNow instead I guess?

Kind of hard to restrict it to protect if the credentials is on the run.. IP range would be the only solution I can think of. Not sure how that can be a problem from NodeJS part since you set it up in ServiceNow.

snowuser111 · ‎10-26-2017

Hi Goran,

So we already have this front end developed outside servicenow so at this moment might not be possible to reimplement the whole portal within servicenow.

Any suggestions though will be helpful.

Thanks

snowuser111 · ‎10-26-2017

I mean to make sure servicenow Table API is not exposed outside

syedfarhan · ‎10-26-2017

Hi ,

Goto tables - >Example : incident . We have a section called Application access . Under that we have field called 'Allow access to this table via web services' .Make this checkbox false.

Syed