Configuring SQL API on Your ServiceNow Instance

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read

    • Overview of the three-step configuration process required to enable SQL API access including prerequisites and expected outcomes.

    Configuring the SQL API on your instance enables you to integrate your ServiceNow data with third-party BI tools and analytics platforms such as Tableau, Power BI, or custom ODBC/JDBC clients, enhancing your reporting and data analysis capabilities.

    This configuration requires a system administrator to complete three sequential procedures. Each procedure must be completed in order before proceeding to the next.

    Before you begin

    Ensure the following prerequisites are in place before starting:

    • You have system administrator access to your ServiceNow instance.
    • The SQL API plugin is installed on your instance.
    • You have consulted your network team to identify the IP address range for your ODBC/JDBC client machines.
    • You have identified which ServiceNow tables need to be accessible via the SQL API.

    Configuration steps

    Complete the following three procedures to configure SQL API access on your instance:

    Step Procedure Description
    1 Creating a Service Account and Assigning Roles Create a dedicated non-interactive (Machine) Service Account in User Administration and assign it the sn_odbc_rest_access or sn_jdbc_rest_access role. You can create multiple Service Accounts, each with different roles and security restrictions, to support different integrations or teams.
    2 Create Access Control Lists (ACLs) for SQL API Configure table-level access using the egress_sql operation. For each table the Service Account needs to query, create two ACLs: one for egress_sql (SQL API data export) and one for read (record-level access). Repeat this for each table and each role combination.
    3 Create IP Filter Criteria Define which IP addresses or IP ranges are permitted to connect via the ODBC/JDBC driver. By default, all incoming IPs are blocked. Configure the SQL API Authentication Policy with an IP filter and policy condition to allow access only from trusted client machines.

    What to expect

    After completing all three procedures, your Service Account will be able to connect to ServiceNow via ODBC or JDBC and query the tables for which access has been granted.

    Keep the following in mind:

    • Multiple Service Accounts: You can create multiple Service Accounts with different roles and access control settings. This allows different BI tools or teams to have separate, independently managed access.
    • Table-level access via egress_sql: Access is not granted globally. Each table requires its own egress_sql and read ACL. A Service Account can only query tables for which both ACLs have been explicitly configured.
    • Use Service Accounts—not personal user accounts: Reports and dashboards will break if the associated user loses access or leaves the organization. Service Accounts ensure continuity.
    • MFA must be disabled: Non-interactive (Machine) users cannot complete MFA challenges. Ensure MFA is disabled for all SQL API Service Accounts.