Third party chatbot integration with ServiceNow

JayshriS · 3 weeks ago

As part of new integration , we need to create service request(HR case)from third party chatbot in ServiceNow .

In the current case user will search for KB article and if no relevant response found then able to create ticket .

The Issue we are facing with authentication as we will be use integration user for authentication but we need to evaluate users access for KB article and HR catalog items .

Note : We will not able to use impersonation method to evaluate users rights due to security constraint .

Hence we need to have options which will evaluate users(User interacting trough chatbot) rights in ServiceNow .

Ravi Gaurav · 3 weeks ago

Hi @JayshriS

Below is my writeup!! (https://www.servicenow.com/community/developer-articles/pre-requisite-necessary-to-perform-any-integ...)

This is a common situation when connecting a third-party chatbot with ServiceNow. You need to create HR cases or service requests through an integration user, but still check the real user’s access to KB articles or HR catalog items without using impersonation.

Here’s how you can do it safely and in a way that works well.

1. Keep integration login separate from user context

Let the chatbot log in to ServiceNow using a dedicated integration account with limited rights.
When the end user interacts with the chatbot, have it send that person’s identifier (like email, username, or employee ID) in the API payload.

Example:

2. Check access in a Scripted REST API

Create a Scripted REST API in ServiceNow that reads the end user’s info and checks their access directly, without impersonating.

Example:

(function process(request, response) {
    var data = request.body.data;
    var userEmail = data.requested_by;

    var user = new GlideRecord('sys_user');
    user.addQuery('email', userEmail);
    user.query();

    if (user.next()) {
        var userSysId = user.sys_id.toString();

        // Check KB access
        var canReadKB = SNC.KnowledgeSecurity.canRead('kb_knowledge', 'SYS_ID_OF_ARTICLE', user);

        // Check HR catalog item visibility
        var hrItem = new GlideRecord('sc_cat_item');
        hrItem.addQuery('name', 'HR Request');
        hrItem.query();
        var canAccessHR = hrItem.next() && hrItem.canRead(user);

        response.setBody({
            kb_access: canReadKB,
            hr_access: canAccessHR
        });
    } else {
        response.setStatus(404);
        response.setBody({ error: 'User not found in ServiceNow' });
    }
})(request, response);

You can use methods like SNC.KnowledgeSecurity.canRead() and GlideRecord.canRead(user) to check permissions for a given user.

3. Create the HR case or request

If the checks pass, insert the record using the integration user, but fill in the fields to show who the real requester is.

Example:

The record will show that the integration user created it on behalf of the end user.

4. Keep a clear audit trail

You don’t need impersonation.
Every record will show “opened by integration user for <end user>,” which keeps logs clean and meets audit requirements.

5. Optional: Token validation

If your chatbot platform supports SSO or OAuth, it can pass a signed token that represents the user. You can verify that token in ServiceNow before checking access.

--------------------------------------------------------------------------------------------------------------------------

If you found my response helpful, I would greatly appreciate it if you could mark it as "Accepted Solution" and "Helpful."
Your support not only benefits the community but also encourages me to continue assisting. Thank you so much!

Thanks and Regards
Ravi Gaurav | ServiceNow MVP 2025,2024 | ServiceNow Practice Lead | Solution Architect
CGI
M.Tech in Data Science & AI

 YouTube: https://www.youtube.com/@learnservicenowwithravi
 LinkedIn: https://www.linkedin.com/in/ravi-gaurav-a67542aa/