<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>question The scripted rest api will be run under which credential? in Common Service Data Model forum</title>
    <link>https://www.servicenow.com/community/common-service-data-model-forum/the-scripted-rest-api-will-be-run-under-which-credential/m-p/3464045#M8881</link>
    <description>&lt;P&gt;Will it be run under the system credential or caller credential? Or both are possible depends on the settings? what to indicate the settings?&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;What's the difference when I check the "requires authentication" "requires ACL authorization" in the scripted rest resource?&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Thanks.&lt;/P&gt;</description>
    <pubDate>Fri, 09 Jan 2026 07:54:36 GMT</pubDate>
    <dc:creator>Lisa71</dc:creator>
    <dc:date>2026-01-09T07:54:36Z</dc:date>
    <item>
      <title>The scripted rest api will be run under which credential?</title>
      <link>https://www.servicenow.com/community/common-service-data-model-forum/the-scripted-rest-api-will-be-run-under-which-credential/m-p/3464045#M8881</link>
      <description>&lt;P&gt;Will it be run under the system credential or caller credential? Or both are possible depends on the settings? what to indicate the settings?&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;What's the difference when I check the "requires authentication" "requires ACL authorization" in the scripted rest resource?&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Thanks.&lt;/P&gt;</description>
      <pubDate>Fri, 09 Jan 2026 07:54:36 GMT</pubDate>
      <guid>https://www.servicenow.com/community/common-service-data-model-forum/the-scripted-rest-api-will-be-run-under-which-credential/m-p/3464045#M8881</guid>
      <dc:creator>Lisa71</dc:creator>
      <dc:date>2026-01-09T07:54:36Z</dc:date>
    </item>
    <item>
      <title>Re: The scripted rest api will be run under which credential?</title>
      <link>https://www.servicenow.com/community/common-service-data-model-forum/the-scripted-rest-api-will-be-run-under-which-credential/m-p/3464068#M8885</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/352194"&gt;@Lisa71&lt;/a&gt;&amp;nbsp;,&lt;/P&gt;&lt;P&gt;In a Scripted REST API, the script can run using either the system account or the user’s account, depending on the settings. If you select “Requires authentication,” the API needs valid user credentials, and the script runs as that user. If you also select “Requires ACL authorization,” ServiceNow will check the user’s table and field permissions (ACLs) before allowing access. If you only check “Requires authentication,” the script runs as the user but can still bypass ACLs. And if you don’t require authentication at all, the script runs as the system user and anyone can call it. In short, “Requires authentication” controls who is calling, while “Requires ACL authorization” controls what they can access.&lt;/P&gt;</description>
      <pubDate>Fri, 09 Jan 2026 08:27:38 GMT</pubDate>
      <guid>https://www.servicenow.com/community/common-service-data-model-forum/the-scripted-rest-api-will-be-run-under-which-credential/m-p/3464068#M8885</guid>
      <dc:creator>Tejas Adhalrao</dc:creator>
      <dc:date>2026-01-09T08:27:38Z</dc:date>
    </item>
    <item>
      <title>Re: The scripted rest api will be run under which credential?</title>
      <link>https://www.servicenow.com/community/common-service-data-model-forum/the-scripted-rest-api-will-be-run-under-which-credential/m-p/3464085#M8886</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/352194"&gt;@Lisa71&lt;/a&gt;&amp;nbsp;,&lt;/P&gt;&lt;P&gt;if credentials are password it will run as the user&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN class=""&gt;If no authentication is required, the script runs in the context of a "Guest" user.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN class=""&gt;example&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN class=""&gt;I have created a sample scripted rest api which creates an incident&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ChaitanyaILCR_0-1767948040629.png" style="width: 400px;"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/494867i41D396A03A7F9F9B/image-size/medium?v=v2&amp;amp;px=400" role="button" title="ChaitanyaILCR_0-1767948040629.png" alt="ChaitanyaILCR_0-1767948040629.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;called the api without credentials&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ChaitanyaILCR_1-1767948073472.png" style="width: 400px;"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/494868i31BCA7FF1855177D/image-size/medium?v=v2&amp;amp;px=400" role="button" title="ChaitanyaILCR_1-1767948073472.png" alt="ChaitanyaILCR_1-1767948073472.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ChaitanyaILCR_2-1767948116082.png" style="width: 400px;"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/494869i1BD8E982622CB7D8/image-size/medium?v=v2&amp;amp;px=400" role="button" title="ChaitanyaILCR_2-1767948116082.png" alt="ChaitanyaILCR_2-1767948116082.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;when no credentials is opted it runs the api with Guest user permissions&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;EM&gt;Please mark my answer as&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;STRONG&gt;&lt;FONT color="#008000"&gt;helpful/correct&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/FONT&gt;&lt;/STRONG&gt;if it resolves your query.&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;&lt;I&gt;Regards,&lt;BR /&gt;Chaitanya&lt;/I&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 09 Jan 2026 08:48:52 GMT</pubDate>
      <guid>https://www.servicenow.com/community/common-service-data-model-forum/the-scripted-rest-api-will-be-run-under-which-credential/m-p/3464085#M8886</guid>
      <dc:creator>Chaitanya ILCR</dc:creator>
      <dc:date>2026-01-09T08:48:52Z</dc:date>
    </item>
    <item>
      <title>Re: The scripted rest api will be run under which credential?</title>
      <link>https://www.servicenow.com/community/common-service-data-model-forum/the-scripted-rest-api-will-be-run-under-which-credential/m-p/3464103#M8889</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/352194"&gt;@Lisa71&lt;/a&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;This is the CSDM forum. Please post in a more suitable forum where you will find a wider audience, e.g. the Developer forum.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I hope this helps!&lt;BR /&gt;Mat&lt;/P&gt;</description>
      <pubDate>Fri, 09 Jan 2026 08:55:34 GMT</pubDate>
      <guid>https://www.servicenow.com/community/common-service-data-model-forum/the-scripted-rest-api-will-be-run-under-which-credential/m-p/3464103#M8889</guid>
      <dc:creator>Mathew Hillyard</dc:creator>
      <dc:date>2026-01-09T08:55:34Z</dc:date>
    </item>
    <item>
      <title>Re: The scripted rest api will be run under which credential?</title>
      <link>https://www.servicenow.com/community/common-service-data-model-forum/the-scripted-rest-api-will-be-run-under-which-credential/m-p/3464112#M8890</link>
      <description>&lt;P&gt;&lt;a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/352194"&gt;@Lisa71&lt;/a&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;It will run in the session of that user whose credentials 3rd party is using, either Basic OR OAuth 2.0&lt;/P&gt;
&lt;P&gt;If no credentials uses then as mentioned by&amp;nbsp;&lt;a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/24805"&gt;@Chaitanya ILCR&lt;/a&gt;&amp;nbsp;-&amp;gt; it is guest user &lt;STRONG&gt;(Not recommended practice)&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;Requires Authentication&lt;/SPAN&gt;&amp;nbsp;-&amp;gt;&amp;nbsp;&lt;SPAN&gt;Blocks unauthenticated/anonymous access&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;Requires ACL Authorization -&amp;gt;&amp;nbsp;&lt;SPAN&gt;Enforces ACL security on REST endpoint&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-unicode-emoji" title=":light_bulb:"&gt;💡&lt;/span&gt; If my response helped, please mark it as correct &lt;span class="lia-unicode-emoji" title=":white_heavy_check_mark:"&gt;✅&lt;/span&gt; and close the thread &lt;span class="lia-unicode-emoji" title=":locked:"&gt;🔒&lt;/span&gt;— this helps future readers find the solution faster! &lt;span class="lia-unicode-emoji" title=":folded_hands:"&gt;🙏&lt;/span&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 09 Jan 2026 09:27:14 GMT</pubDate>
      <guid>https://www.servicenow.com/community/common-service-data-model-forum/the-scripted-rest-api-will-be-run-under-which-credential/m-p/3464112#M8890</guid>
      <dc:creator>Ankur Bawiskar</dc:creator>
      <dc:date>2026-01-09T09:27:14Z</dc:date>
    </item>
    <item>
      <title>Re: The scripted rest api will be run under which credential?</title>
      <link>https://www.servicenow.com/community/common-service-data-model-forum/the-scripted-rest-api-will-be-run-under-which-credential/m-p/3464231#M8894</link>
      <description>&lt;P&gt;Thanks. So if "requires authentication" is Not checked, then the scripted rest api will be run under "system" privilege, means it can do anything with high privilege, right?&amp;nbsp;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 09 Jan 2026 11:04:23 GMT</pubDate>
      <guid>https://www.servicenow.com/community/common-service-data-model-forum/the-scripted-rest-api-will-be-run-under-which-credential/m-p/3464231#M8894</guid>
      <dc:creator>Lisa71</dc:creator>
      <dc:date>2026-01-09T11:04:23Z</dc:date>
    </item>
    <item>
      <title>Re: The scripted rest api will be run under which credential?</title>
      <link>https://www.servicenow.com/community/common-service-data-model-forum/the-scripted-rest-api-will-be-run-under-which-credential/m-p/3464255#M8895</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/352194"&gt;@Lisa71&lt;/a&gt;&amp;nbsp; ,&lt;/P&gt;&lt;P&gt;Exactly, but&amp;nbsp;&amp;nbsp; Always keep “Requires authentication” checked for APIs that access sensitive data.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;If you found my solution helpful, please mark it as &lt;I&gt;Helpful&lt;/I&gt; or &lt;I&gt;Accepted Solution...!&lt;/I&gt;&lt;/P&gt;&lt;P&gt;&lt;I&gt;thanks,&lt;/I&gt;&lt;/P&gt;&lt;P&gt;&lt;I&gt;tejas&lt;/I&gt;&lt;/P&gt;&lt;P&gt;&lt;I&gt;Email&lt;STRONG&gt;:&lt;/STRONG&gt; adhalraotejas1018@gmail.com&lt;/I&gt;&lt;/P&gt;&lt;P&gt;&lt;I&gt;LinkedIn&lt;STRONG&gt;:&lt;/STRONG&gt; &lt;/I&gt;&lt;A class="" title="https://www.linkedin.com/in/tejas1018" href="https://www.linkedin.com/in/tejas1018" target="_blank" rel="noreferrer noopener"&gt;&lt;I&gt;https://www.linkedin.com/in/tejas1018&lt;/I&gt;&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 09 Jan 2026 11:43:22 GMT</pubDate>
      <guid>https://www.servicenow.com/community/common-service-data-model-forum/the-scripted-rest-api-will-be-run-under-which-credential/m-p/3464255#M8895</guid>
      <dc:creator>Tejas Adhalrao</dc:creator>
      <dc:date>2026-01-09T11:43:22Z</dc:date>
    </item>
  </channel>
</rss>

