Why does my REST request return No matching API?
This means that the request URI doesn't match any of the supported APIs. Check the APIs page (REST > APIs) to get valid URIs. Also note that all REST APIs are relative to /api, so your URI must look like: https://<instance.service-now.com>/api/.
I don't want to get responses on POST, PUT, or PATCH operations. Is there a way to suppress them?
Yes, use the X-No-Response-Body header to suppress responses.
How is the REST API different from the existing JSONv2?
There are several differences. For starters, REST supports XML. The REST API works on HTTP methods and follows REST best practices more closely, with proper headers and response status codes. There are more differences under the hood with respect to implementation and performance.
Will sending lots of REST requests with an authorization header may create sessions every time? How can I overcome this?
Yes, sending authentication information every time will create a session. Instead, handling cookies properly in your client code will bind requests to existing user sessions.
What are the different security measures for REST?
- All REST requests are authenticated using Basic Auth. To allow unauthenticated access, set glide property glide.basicauth.required.api to false. This will allow unauthenticated access to REST API.
- The REST API is secured using a user role called rest_service. Set this to inactive to allow access to the REST API for all users. Starting in Geneva, the rest_service role is no longer required to access the REST API.
- All tables are protected by ACLs defined on them. The REST API won't skip any of the ACLs defined on tables.
Is there mutual auth support for REST?
No. Mutual authentication is available only for outbound REST. Inbound requests to a ServiceNow REST API do not support mutual auth.