I was trying to configure MTLs for my servicenow inbound REST APIs and followed the below steps:

. Verify that the Certificate-based authentication plugin (com.glide.auth.mutual) is activated in your instance.
. Ensure that ADC-to-APP mTLS is enabled for your instance by accessing https://myinstance.service-now.com/adcv2/supports_tls. If it returns "true", proceed to the next step. If it returns "false", include this information in your request.

But even after this, my API is returning the response even if I dont pass my certificate. Can someone help me with the steps to make sure that APIs dont return data if certificate is not passed. I have basic authentication, but need MTLs on top of it.

I have also Created a Group Filter Criteria (Adding a the user to a group which has access to the API via basic auth), Added this Filter Criteria to an Authentication Policy, Added this policy to a standard authentication profile of the type Certificate Based Auth, created a REST API Access Policy where I selected the required API and added the AUthentication Profile to this policy