ServiceNow REST - Cheat Sheet Cheat Sheet

by Bibin Gokuldas (bibingokuldas) via cheatography.com/69673/cs/17659/

REST API Basics REST API Best Practices (cont)

Enforce Enforce existing access controls and require additional access to

and test GlideR​eco​rdS​ecure* API in scripted RESI services

Access
Controls
Build Tests Tests should validate the response code, headers, and body con

to verify resource you implement. You can also use tests to validate authe

functi​‐ to confirm that errors return useful responses.

onality
*Glide​Rec​ord​Secure API Ensure that the ACLs are defined on the underlying data a

user.

Scripted REST APIs

API URIs This part the for the scripted rest has to define name_s​pace, api_id, resour​‐ REST Security
ce_​path, version
How is REST API Secure?
API Query When defining a scripted resource, which parameter is mandatory for the The REST API uses basic authen​tic​ation or OAuth to enforce access controls to

Parameter request can also be defined defined on tables to restrict the data viewer​ship.

API Error Scripted REST APIs provide multiple ways to send an error in a response to a
Will all tables be available for the REST API Access?
Objects* requesting client.
By default, Yes. All tables including system tables, and scoped tables are availab
*Multiple error objects are available in scripted REST API scripts to report error inform​ation to
How can I restrict a table Access through web services?
requesting client​s.All scripted REST API error objects use the sn_ws_err namespace.
In the table proper​ties, uncheck the option for Allow access to this table via web s
Error objects available are 400,40​4,4​06,​409,415

Does REST API support CORS?

REST API Best Practices Cross Origin Resource Security is supported.

Follow REST REST API conven​tions define specific behaviour for each type of method. For
How can I Define CORS Rules?
API Conven​‐ ex : GET : to Query the data, POST : to create Data, PUT and PATCH : to
CORS Rules can be defined in sys_co​rs_​rule. Which allows to specify a domain a
tions Update data, DELETE : to delete records.
expose.

Use Use versioning to implement new functi​ona​lities, so that the existing functi​ona​‐
How to disable CORS Support for Instance?
Versioning to lities will not impact
CORS support on instance is defined by glide.r​es​t.c​ors.en​abled set it to false for
control
changes to Can I use OAuth with REST?
API Yes, use OAuth token for REST Requests

Return an Return a status code, which inform the requestor about the success and failur​‐
Can I use MFA with REST?
Inform​ative es(​defined in the response codes section)
Yes again, with a REST Request, if MFA is enabled then append token to end of
HTTP Status
rid​:pa​ssw​rdt​oken. Encode using base64 encoding
code
Return useful Provide the requestor with enough inform​ation of why the failure occurred. Error

error inform​‐ message is a mix of error message and error code

ation

By Bibin Gokuldas (bibingokuldas) Published 29th October, 2018. Sponsored by CrosswordChe

cheatography.com/bibingokuldas/ Last updated 20th November, 2018. Learn to solve cryptic crosswor
bibingokuldas.com/ Page 1 of 3. http://crosswordcheats.com
 ServiceNow REST - Cheat Sheet Cheat Sheet
by Bibin Gokuldas (bibingokuldas) via cheatography.com/69673/cs/17659/

Building Blocks REST API REST API Response Codes (cont)

API API allows to select a specific Applic​ation Progra​‐ Ex TableA​PI,​Agg​reg​ateAPI 400 Bad The Request URI can't

mming interface, which is available in SNOW Request match the API.

Namespace REST APIs provided by ServiceNow has now Scripted REST may use a different one 401 Unauth​‐ The User is not authorized to use

namespace orized
REST enables the use of few methods like Not all the APIs available from ServiceNow 403 Forbidden The Operation requested is
Method
GET,POST,DELETE,PATCH would have all the methods available not permitted for the user

Allows to specify a header for the Integr​ation Can add Custom header as per requir​ement 404 Not Found The requested resource is
Request
not found
Header
Query Allows to specify an encoded query for the REST Call Can add more query parameters or even a 405 Method not The HTTP action is not allowed o

parameter sys_id for some methods allowed

You can prepare the sample request using the REST API Explorer in Servic​eNow. 406 Not The endpoint doesn't support

ServiceNow REST URI looks like this <LI​NKF​ORS​NOW​>/a​pi/​now​/ap​iname/. For ex : if we are using a table API for POST acceptable the response format

then the link look something like below : POST <LI​NKO​FSe​rvi​ceN​ow>​/ap​i/n​ow/​tab​le/​tab​lename 415 Unsupp​‐ The endpoint does not support th

orted media
REST API Rate Limit type
To prevent excessive inbound REST API requests, set rules that limit the number of inbound REST API requests processed

per hour. RESTMe​ssageV2

There is an option to create Rate Limit for users with specific roles, or for all users. The table for creating rate limit is sys_ra​‐ execute() Sends the REST message to En

te_​lim​it_​rules. Sends the REST message async

execut​eAs​ync()
In the basic Response Header, the Rate limit would be specified for ex : x-Rate​Lim​it-​Limit -->10 instance doesn't wait for a respo

getEnd​point() Get the URL of the endpoint for t

REST API Headers
getReq​ues​tBody() Get the content of the REST mes
Accept applic​ati​on/​json, applic​ati​on/xml Get the value for an HTTP heade
getReq​ues​tHe​ade​‐
Conten​t-Type pplica​tio​n/json, applic​ati​on/xml r(<​hea​der​nam​e>)* message.
By design, POST, PUT, PATCH, and DELETE operations required to provide both headers.
getReq​ues​tHe​‐ Get HTTP headers that were set
GET operations require only the Accept header.
aders() associated values.
There is an option override the HTTP method, such as GET or POST, by setting the X-http​-me​tho​d-o​verride header.

REST API Response Codes

200 Success Success with Response Body

201 Created Success with Response Body

204 Success Success with Response Body

By Bibin Gokuldas (bibingokuldas) Published 29th October, 2018. Sponsored by CrosswordChe

cheatography.com/bibingokuldas/ Last updated 20th November, 2018. Learn to solve cryptic crosswor
bibingokuldas.com/ Page 2 of 3. http://crosswordcheats.com
 ServiceNow REST - Cheat Sheet Cheat Sheet
by Bibin Gokuldas (bibingokuldas) via cheatography.com/69673/cs/17659/

RESTMe​ssageV2 (cont) RESTMe​ssageV2 (cont)

saveRe​spo​nse​Bod​yAs​Att​ach​men​‐ Configures the REST message to save the returned response body as setMID​Ser​ver​(mi​dse​‐ The name of the MID Server to use

t(t​bln​ame​,re​cor​did​,fi​len​ame)** an attachment record. rver) active MID Server with the specified

saveRe​spo​nse​Bod​yAs​Att​ach​men​‐ Configure the REST message to save the returned response body as an setMut​ual​Aut​h(p​rof​ile​‐ Set the mutual authen​tic​ation proto

t(t​bln​ame​,re​cor​did​,fi​len​ame​,en​cry​‐ encrypted attachment record. name) message.

ptc​ontext)* Append a parameter to the end of t

setQue​ryP​ara​met​er(​‐
setAut​hen​tic​ati​onP​rof​ile​(ty​pe,​pro​‐ Set the creden​tials for the REST message using an existing basic auth name=v​alue.
name, value)
fileid)** or OAuth 2.0 profile.
setReq​ues​tBo​dy(​‐ Set the body content to send to the

setBas​icA​uth​(us​ern​ame​,pa​‐ Sets basic authen​tic​ation headers for the REST message. using PUT or POST HTTP methods
body)
ssword) Sets the request body using an exis
setReq​ues​tBo​dyF​‐
setEcc​Cor​rel​ato​r(c​orr​elator) Associate outbound requests and the resulting response record in the
rom​Att​ach​men​t(a​tta​‐
ECC queue. This method only applies to REST messages sent through
chm​ent​sysid)
a MID Server.
setReq​ues​tHe​ade​r(n​‐ Set an HTTP header in the REST m

setEcc​Par​ame​ter​(na​me,​value) Override a value from the database by writing to the REST message value.
ame​,va​lue);
payload. This method only applies to REST messages sent through a
setReq​ues​tor​Pro​fil​e(r​‐ Override the default requestor profi
MID Server.
equ​est​orc​ont​ext​,re​‐ order to retrieve an OAuth access t

setEnd​poi​nt(​end​point) Set the endpoint for the REST message. que​storid) different requestor.

setHtt​pMe​tho​d(m​ethod) The HTTP method this REST message performs, such as GET or PUT. Set a REST message function varia
setStr​ing​Par​ame​ter​‐
Set the amount of time the REST message waits for a response from the (na​me,​value) from the REST message record to
setHtt​pTi​meo​ut(​mil​lis​econds)
web service provider before the request times out. XML reserved characters in the val
setStr​ing​Par​ame​ter​‐
Set the log level for this message and the corres​ponding respon​se.V​alid NoE​sca​pe(​nam​e,v​‐ equivalent escaped charac​ters.
setLog​Lev​el(​level)
values for level are basic, elevated, and all. alue)
waitFo​rRe​spo​nse​(se​‐ In seconds. Wait at most 60 second

conds) Queue/Mid Server.

*By design, this method cannot return the value for a header set a

To grant this method access to all headers, set the property glide.

**the input parameters for this functions are string, and recordId is

*encryp​tco​ntext should specify the sysid of the encryption context

By Bibin Gokuldas (bibingokuldas) Published 29th October, 2018. Sponsored by CrosswordChe

cheatography.com/bibingokuldas/ Last updated 20th November, 2018. Learn to solve cryptic crosswor
bibingokuldas.com/ Page 3 of 3. http://crosswordcheats.com