Skip to page contentSkip to chat
ServiceNow support
    • Community
      Ask questions, give advice, and connect with fellow ServiceNow professionals.
      Developer
      Build, test, and deploy applications
      Documentation
      Find detailed information about ServiceNow products, apps, features, and releases.
      Impact
      Accelerate ROI and amplify your expertise.
      Learning
      Build skills with instructor-led and online training.
      Partner
      Grow your business with promotions, news, and marketing tools
      ServiceNow
      Learn about ServiceNow products & solutions.
      Store
      Download certified apps and integrations that complement ServiceNow.
      Support
      Manage your instances, access self-help, and get technical support.
How to restrict inbound REST web service calls - Support and Troubleshooting
  • >
  • Knowledge Base
  • >
  • Support and Troubleshooting (Knowledge Base)
  • >
  • How to restrict inbound REST web service calls
KB0818862

How to restrict inbound REST web service calls


9647 Views Last updated : Jan 19, 2024 public Copy Permalink English (Original)
  • English (Original)
  • Japanese
KB Summary by Now Assist

Issue

You might want to restrict inbound REST calls due to security internal concerns or agreements with third parties.

Cause

External business requirements

Resolution

 Taking into account the need to restrict inbound REST calls, we suggest three options may be considered:

1. Inbound REST API Access Policies:  Where you can add IP restrictions only for REST APIs, without impacting interactive user sessions. Find further details in our documentation: REST API access policies

You may also consider adding API Access Policies specific to the business requirements in the "sys_api_access_policy" table.

Please refer to the screenshots attached below which depict the process to create a new API Access Policy on your instance.

  • REST API PATH is populated based on the REST API selected and you have the flexibility to apply this policy to all methods, resources and/or versions.
  • You may choose from OOB Authentication Profiles or create a new one where you can select the "type" according to your requirements.

Please refer to this document to learn about the API access policy prioritization logic if there are multiple API access policies configured on your instance:  API access policy prioritization

In case the REST API Access Policies do not meet your business requirements, there are additional two options to explore.

2. Inbound REST API rules: There is another feature that can be used, Inbound REST API Limitation: To prevent excessive inbound REST API requests, set rules that limit the number of inbound REST API requests processed per hour. You can create rules to limit requests for specific users, users with specific roles, or all users. Find further details in our documentation: Inbound REST API rate limiting.

3. IP restriction: ServiceNow has a way to force API calls are only received from designated IP addresses, if you want to only allow IPs belonging to specific 3rd party to be able to make API calls to your ServiceNow instances.This would restrict access based on the client IP address. Evidently, the specific 3rd party could be another ServiceNow instance belonging to another Enterprise.

OOB we offer the possibility to do this through the IP restriction: see "KB0550613 - Identifying and Enabling IP address restrictions".


The world works with ServiceNow.

Sign in for more! There's more content available only to authenticated users Sign in for more!
Did this KB article help you?
Did this KB article help you?

How would you rate your Now Support digital experience?

*

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

What can we improve? Please select all that apply.

What are we doing well? Please select all that apply.

Tell us more

*

Do you expect a response from this feedback?

  • Terms and conditions
  • Privacy statement
  • GDPR
  • Cookie policy
  • © 2025 ServiceNow. All rights reserved.