Book Image

Mastering ServiceNow - Second Edition

Book Image

Mastering ServiceNow - Second Edition

Overview of this book

ServiceNow is a SaaS application that provides workflow form-based applications. It is an ideal platform for creating enterprise-level applications giving requesters and fulfillers improved visibility and access to a process. ServiceNow-based applications often replace email by providing a better way to get work done. The book steps through the main aspects of the ServiceNow platform, from the ground up. It starts by exploring the core architecture of ServiceNow, including building the right data structure. To add business logic and control data, and interactivity to user interaction, you will be shown how to code on both server and the client. You will then learn more about the power of tasks, events and notifications. The book will then focus on using web services and other mechanisms to integrate ServiceNow with other systems. Furthermore, you will learn how to secure applications and data, and understand how ServiceNow performs logging and error reporting. You will then be shown how to package your applications and changes, so they can be installed elsewhere and ways to maintain them easily. If you wish to create an alternative simple interface, then explore ways to make ServiceNow beautiful using Service Portal. By the end of the book, you will know the fundamentals of the ServiceNow platform, helping you be a better ServiceNow System Administrator or developer.
Table of Contents (18 chapters)
Mastering ServiceNow Second Edition
About the Author
About the Reviewer

Securing web services

As explored in Chapter 7, Exchanging Data - Import Sets, Web Services, and Other Integrations, the web services hosted by ServiceNow use basic authentication as the primary means for proving identity. A username and password should be used by the remote system when it connects to the instance. This is commonly referred to as a system account.


Basic authentication is HTTP-level authentication. The calling system must provide a Base64-encoded value of username:password to the authorization header. The connection is refused if this is not present, making it fast and efficient. In addition, since headers are protected by HTTPS, malicious users cannot intercept this in transit.

When creating a user account for use in web services, it is a good idea to consider the following points:

  • Create a new user account for each integration target, especially for those used by external suppliers. Don't use the same one each time, in case you need to disable it!


    Note that integrations...