Hi,

Yes, you can use ACLs to restrict access to the ServiceNow APIs. One way to do this is by creating an ACL for the "REST API" scope that restricts access to the HTTP methods that you want to restrict.

For example, if you only want to allow the GET method for a specific table, you could create an ACL with the following conditions:

Name: Restrict GET API for MyTable
Applies to: Table
Operation: read
Query: tablename=MyTable

Then, you can add the group of accounts that you want to restrict to this ACL, either directly or through a role.

To apply this ACL to the REST API, you can create a new HTTP method access control rule (ACR) in the "REST Message Access Control" table. Here's an example ACR that allows the GET method for the "MyTable" table:

Name: Allow GET API for MyTable
HTTP Method: GET
Access Control: Restrict GET API for MyTable

This ACR will ensure that only the specified group of accounts can use the GET API for the "MyTable" table, and all other HTTP methods will be denied.

Note that this approach will only restrict access to the ServiceNow REST API, and other APIs such as SOAP or JSONv2 may still be accessible. If you want to restrict access to these APIs as well, you will need to create separate ACLs and ACRs for each API.