Restricted access to servicenow API for security

snowuser111
Kilo Guru

‎10-26-2017 09:09 AM

HI Experts,

Badly need your guidance please.

How can we restrict any endusers to access the Table API.

we have our UI(portal) developed in Node JS and node JS is communicating with ServiceNow via only single user which has permissions to QUERY , POST ,UPDATE data on behalf of users to ServiceNow API so no way users are able to access servicenow production. But how can we secure it more tightly because cant completely rely only on   nodeJS . What if somehow single user credentials are accessible which has permissions to access servicenow API.

Is there a way so that in no way these API are accessible in worst cases.

we thought of IP access range but again Node JS is unstable for its IP range so excluded this idea.

Please someone can guide me if anyway we can secure this by any kind of approach or solution.

Thanks

0 Helpfuls
  • 1,919 Views
6 REPLIES 6

Goran WitchDoc
ServiceNow Employee
ServiceNow Employee
In response to syedfarhan

‎10-26-2017 09:19 AM

but if he unchecks it.. the nodeJS can't reach it either....


0 Helpfuls

Yifeng Zhang
Mega Expert
In response to Goran WitchDoc

‎10-05-2018 10:03 AM

This is also the exact issue we are facing and it seems like as soon as a user has read access to the table, the user can then call the table API, which is something we want to restrict but not to all user, so unchecking that box for webservice is not an option for us..

 

Why can't we have a separate access control to web service access based on condition.....

0 Helpfuls