Mutual authentication causes the web service provider and consumer to authenticate with each other before communicating.

Mutual authentication verifies the identity of both the client and the server during an outbound REST connection.

When ServiceNow initiates an outbound REST request using mutual authentication, it presents a client certificate to the external server. The server validates the certificate and, if trusted, allows the connection to proceed. ServiceNow similarly validates the server certificate before completing the handshake.

Mutual authentication requires a client certificate and private key stored on the ServiceNow instance, and a server certificate issued by a trusted certificate authority (CA).