ServiceNow REST - Cheat Sheet Cheat Sheet

by Bibin Gokuldas (bibingokuldas) via cheatography.com/69673/cs/17659/

REST API Basics REST API Best Practices (cont)

Enforce Enforce existing access controls and require additional access to

and test modify the data. Use the GlideR​eco​rdS​ecure* API in scripted RESI
Access services
Controls

Build Tests should validate the response code, headers, and body content as

Tests to approp​riate for each resource you implement. You can also use tests to
verify validate authen​tic​ation requir​ements, and to confirm that errors return
functi​ona useful respon​ses.
lity

*Glid​eRe​cor​dSecure API Ensure that the ACLs are defined on the underlying data
are applied to the requested user.
Scripted REST APIs

API URIs This part the for the scripted rest has to define name_s​pace,
REST Security
api_id, resour​ce_​path, version
How is REST API Secure?
API Query When defining a scripted resource, which parameter is mandatory
The REST API uses basic authen​tic​ation or OAuth to enforce access controls to
Parameter for the request can also be defined
web resources. ACLs are defined on tables to restrict the data viewer​ship.
API Error Scripted REST APIs provide multiple ways to send an error in a

Objects* response to a requesting client.
*Multiple error objects are available in scripted REST API scripts to report error
inform​ation to requesting client​s.All scripted REST API error objects use the
Will all tables be available for the REST API Access?
By default, Yes. All tables including system tables, and scoped tables are
availa​ble.

sn_ws_err namesp​ace. How can I restrict a table Access through web services?
Error objects available are 400,40​4,4​06,​409​,415 In the table proper​ties, uncheck the option for Allow access to this table via web
services.
REST API Best Practices
Does REST API support CORS?
Follow REST API conven​tions define specific behaviour for each type of
Cross Origin Resource Security is suppor​ted.
REST API method. For ex : GET : to Query the data, POST : to create

Conven​tions Data,PUT and PATCH : to Update data, DELETE : to delete How can I Define CORS Rules?

records. CORS Rules can be defined in sys_co​rs_​rule. Which allows to specify a domain
and Selection of methods to expose.
Use Use versioning to implement new functi​ona​lities, so that the

Versioning existing functi​ona​lities will not impact How to disable CORS Support for Instance?
to control CORS support on instance is defined by glide.r​es​t.c​ors.en​abled set it to false for
changes to
No CORS
API

Return an Return a status code, which inform the requestor about the Can I use OAuth with REST?

Inform​ative success and failur​es(​defined in the response codes section) Yes, use OAuth token for REST Requests

HTTP
Can I use MFA with REST?
Status code
Yes again, with a REST Request, if MFA is enabled then append token to end of
Return Provide the requestor with enough inform​ation of why the failure
users password ex:use​rid​:pa​ssw​rdt​oken. Encode using base64 encoding
useful error occurred. Error message is a mix of error message and error code
inform​ation

By Bibin Gokuldas Published 29th October, 2018. Sponsored by Readability-Score.com

(bibingokuldas) Last updated 20th November, 2018. Measure your website readability!
Page 1 of 3. https://readability-score.com

cheatography.com/bibingokuldas/
 ServiceNow REST - Cheat Sheet Cheat Sheet
by Bibin Gokuldas (bibingokuldas) via cheatography.com/69673/cs/17659/

Building Blocks REST API REST API Response Codes (cont)

API API allows to select a specific Ex TableA​PI,​Agg​reg​ateAPI 400 Bad The Request URI can't Invalid headers, or API

Applic​ation Progra​mming Request match the API. incorrect

interface, which is available in
401 Unauth​orize The User is not authorized to use API
SNOW
d
Namespace REST APIs provided by Scripted REST may use a The Operation requested is ACL constraint on table,
403 Forbidden
ServiceNow has now namespace different one not permitted for the user Business Rule or data

REST enables the use of few Not all the APIs available policies
Method
methods like from ServiceNow would have 404 Not Found The requested resource is ACL constraint or resource
GET​,​PO​ST​,​DE​LET​E ​,​PAT​CH all the methods available not found not available

Request Allows to specify a header for the Can add Custom header as 405 Method not The HTTP action is not allowed or not supported by the API

Header Integr​ation per requir​ement allowed

Allows to specify an encoded Can add more query 406 Not The endpoint doesn't Response format in the
Query
parameter query for the REST Call parameters or even a sys_id acceptable support the response Request Accept Header

for some methods format

You can prepare the sample request using the REST API Explorer in Servic​eNow. 415 Unsupp​orted The endpoint does not support the format of the request

Servi​ceNow REST URI looks like this <LI​NKF​ORS​NOW​>/a​pi/​now​/ap​iname/. For ex : media type body.

if we are using a table API for POST then the link look something like below : POST
<LI​NKO​FSe​rvi​ceN​ow>​/ap​i/n​ow/​tab​le/​tab​lename RESTMe​ssageV2

execute() Sends the REST message to Endpoint

REST API Rate Limit Sends the REST message asynch​ron​ously, that means the
execut​eAs​ync()
To prevent excessive inbound REST API requests, set rules that limit the number of instance doesn't wait for a response from provider
inbound REST API requests processed per hour.
getEnd​point() Get the URL of the endpoint for the REST message.
There is an option to create Rate Limit for users with specific roles, or for all users.
getReq​ues​tBody() Get the content of the REST message body.
The table for creating rate limit is sys_​rat​e_l​imi​t_r​ule​s .

In the basic Response Header, the Rate limit would be specified for ex : x- getReq​ues​tHe​ade​r( Get the value for an HTTP header specified in the REST
Rate​Lim​it-​Limit -->10 <​hea​der​nam​e>)* message.

getReq​ues​tHe​aders Get HTTP headers that were set by the REST client and
REST API Headers () the associated values.

Accept applic​ati​on/​json, applic​ati​on/xml

Conten​t-Type pplica​tio​n/json, applic​ati​on/xml

By design, POST, PUT, PATCH, and DELETE operations required to provide both

headers.
GET operations require only the Accept header.

There is an option override the HTTP method, such as GET or POST, by setting the

X-http​-me​tho​d-o​verride header.

REST API Response Codes

200 Success Success with Response Body

201 Created Success with Response Body

204 Success Success with Response Body

By Bibin Gokuldas Published 29th October, 2018. Sponsored by Readability-Score.com

(bibingokuldas) Last updated 20th November, 2018. Measure your website readability!
Page 2 of 3. https://readability-score.com

cheatography.com/bibingokuldas/
 ServiceNow REST - Cheat Sheet Cheat Sheet
by Bibin Gokuldas (bibingokuldas) via cheatography.com/69673/cs/17659/

RESTMe​ssageV2 (cont) RESTMe​ssageV2 (cont)

saveRe​spo​nse​Bod​yAs​Att​a Confi​gures the REST message to save the returned setMID​Ser​ver​(mi​ds The name of the MID Server to use. Your instance must

ch​men​t(t​bln​ame​,re​cor​did​,f response body as an attachment record. e​rver) have an active MID Server with the specified name.
i​len​ame)**
setMut​ual​Aut​h(p​rof​il Set the mutual authen​tic​ation protocol profile for the REST
saveRe​spo​nse​Bod​yAs​Att​a Configure the REST message to save the returned e​name) message.
ch​men​t(t​bln​ame​,re​cor​did​,f response body as an encrypted attachment record.
setQue​ryP​ara​met​er(​ Append a parameter to the end of the request URL with
i​len​ame​,en​cry​ptc​ont​ext)
name, value) the form name=v​alue.
*

setAut​hen​tic​ati​onP​rof​ile​(ty​ Set the creden​tials for the REST message using an setReq​ues​tBo​dy(​bod Set the body content to send to the web service provider

pe,​pro​fil​eid​) ** existing basic auth or OAuth 2.0 profile. y) when using PUT or POST HTTP methods.

Sets basic authen​tic​ation headers for the REST setReq​ues​tBo​dyF​ro Sets the request body using an existing attachment
setBas​icA​uth​(us​ern​ame​,p
a​ssword) message. m​Att​ach​men​t(a​tta​ch record.

m​ent​sysid)
setEcc​Cor​rel​ato​r(c​orr​elat Associate outbound requests and the resulting
setReq​ues​tHe​ade​r(n​ Set an HTTP header in the REST message to the
or) response record in the ECC queue. This method
ame​,va​lue); specified value.
only applies to REST messages sent through a MID
Server. setReq​ues​tor​Pro​fil​e( Override the default requestor profile for the REST

r​equ​est​orc​ont​ext​,re​q message in order to retrieve an OAuth access token

setEcc​Par​ame​ter​(na​me,​v Override a value from the database by writing to the
ue​storid) associated with a different reques​tor.
alue) REST message payload. This method only applies

to REST messages sent through a MID Server. setStr​ing​Par​ame​ter​( Set a REST message function variable with the specified

na​me,​value) name from the REST message record to the specified

setEnd​poi​nt(​end​point)
setHtt​pMe​tho​d(m​ethod)
setHtt​pTi​meo​ut(​mil​lis​econ
ds)
Set the endpoint for the REST message.
value.
The HTTP method this REST message performs,
setStr​ing​Par​ame​ter​ XML reserved characters in the value are converted to the
such as GET or PUT.
NoE​sca​pe(​nam​e,v​al‐ equivalent escaped charac​ters.
Set the amount of time the REST message waits for
ue)
a response from the web service provider before the
waitFo​rRe​spo​nse​(se​ In seconds. Wait at most 60 seconds to get response
request times out.
conds) from ECC Queue/Mid Server.

setLog​Lev​el(​level)
Set the log level for this message and the
*By design, this method cannot return the value for a header set automa​tically by the
corres​ponding respon​se.V​alid values for level are
system. To grant this method access to all headers, set the property
basic, elevated, and all.
glide.h​tt​p.l​og_​debug to true.

**the input parameters for this functions are string, and recordId is the sysid of the
record

*en​cry​ptc​ontext should specify the sysid of the encryption context

By Bibin Gokuldas Published 29th October, 2018. Sponsored by Readability-Score.com

(bibingokuldas) Last updated 20th November, 2018. Measure your website readability!
Page 3 of 3. https://readability-score.com

cheatography.com/bibingokuldas/