Say goodbye to Basic Auth with Event Management! With the Washington release, the platform introduces the capability to set up Inbound REST API keys. When connecting systems, the most often preferred authentication method is API keys, as they eliminate concerns about OAuth expirations or the use of usernames and passwords with Basic Auth. API keys are straightforward to use, requiring merely an HTTP header or query parameter.

 

Previously, API keys could only be utilized for outbound REST requests. However, with the introduction of this new feature, it is now possible to create API keys for inbound REST requests. This enhancement allows for the creation of keys, thereby facilitating easier control over API access and ensuring secure and efficient system integration.

 

This is a great resource on the platform level features that we are going to leverage: Inbound REST API Keys

 

 

 

 

Applying this concept to Event Management Connectors

 

For Event Management Connectors, the process is a little different. But setup would allow you to send in events with a URL, no headers or authentication layers required from the source system. For example: https://webhooks.mysite.com/secrettoken

 

1. Verify the plug API Key and HMAC Authentication (com.glide.tokenbased_auth) is activated. (if not installed, install this plugin).

 

1. Change your Scope to: Event Management Connectors

 

1. Create the Inbound Authentication Profile:

   1. Navigate to All > System Web Services > API Access Policies > Inbound Authentication Profile.
      
      

       

   2. Click New.

   3. Click Create API Key authentication profiles.

   4. 

       

   5. Provide a descriptive name in the Name field.



2. In the Auth Parameter field, add the Query Parameter for x-sn-apikey.

Optional: if you prefer auth headers or want both options, add: Auth Header record for x-sn-apikey.

 

 

 

 

NEXT: Create the REST API key for each specific integration

 

1. 
   

   Navigate to All > System Web Services > API Access Policies > REST API Key.

   
   

 

1. Click New.


2. Provide a descriptive name, like the name of the integration and select a user.
   The user needs to be created with the evt_mgmt_integration role. Create a new one on the sys_user table to use here to facilitate the right access.

 

1. Unlock Auth Scope and add: UserAccount
   
   

 

1. Use the form menu and choose Save.

 

The system generates a token and saves it in the Token field. To see the token, use the lock icon and copy the contents display below the field. This is your query parameter (or header) value when your other system sends a REST API request to ServiceNow.

 

 

 

 

Repeat this step, for each integration that needs an API token.

 

Create and Apply the API Access Policy

 1. Navigate to All > System Web Services > API Access Policies > REST API Access Policies.

 

 

1. Click New.


2. Provide a descriptive name like Event Mgmt Connectors, and select the REST API: Event Connectors

** remember you need to be in the event mgmt. connectors scope for this to work.

 

1. Add your new API Authentication Profile to the embedded list on the form.

 

 

 

1. Click Submit.

 

 

 

 

RESULTS:

Now you are ready to start sending events. In your monitoring tool you can send events either with the header or the query param: x-sn-apikey.

 

For example: https://[INSTANCENAME].service-now.com/api/sn_em_connector/em/inbound_event?source=[SOURCENAME]&sys_id=[SYSID OF PUSH CONNECTOR INSTANCE]&x-sn-apikey=[AUTH TOKEN]