You might want to restrict inbound REST calls due to security internal concerns or agreements with third parties.


External requirements


Taking into account this use case, we recommend three options:

1. IP restriction: ServiceNow has a way to force API calls are only received from designated IP addresses, you can do this on HI > My IP Information. If you want to only allow servers within your local network to be able to make API calls to our ServiceNow instances.

OOB we offer the possibility to do this through the IP restriction: see "KB0550613 - Identifying and Enabling IP address restrictions".

In case the HI IP whitelist/blacklist solution does not meet your business requirements, there are a few options to explore in order to reach this behavior.

2. Inbound REST API rules: Additionally there is another feature that can be used, Inbound REST API Limitation: To prevent excessive inbound REST API requests, set rules that limit the number of inbound REST API requests processed per hour. You can create rules to limit requests for specific users, users with specific roles, or all users. Find further details in our documentation: Inbound REST API rate limiting (Madrid).

Note iconNote: Although we recommend these options, bear in mind that other features can be used to get the same behavior.

Article Information

Last Updated:2020-07-15 00:14:30