Skip to main content
API Key authentication requires the com.glide.tokenbased_auth plugin installed on your ServiceNow instance (available from Washington D.C. release onwards). You need admin privileges to generate API keys.

Verify Token-Based Auth Plugin

Ensure the token-based authentication plugin is installed and activated on your ServiceNow instance before proceeding.

1

Quick Check via Navigation

The fastest way to confirm the plugin is active.

  • Sign in to your ServiceNow instance at https://[your-instance].service-now.com
  • In the left navigation filter, type api key
  • If you see System Web Services > REST API Key (tooltip: “Token for API key authentication”), the plugin is active — skip to the next section
  • If the menu item is missing, follow the full plugin check below
2

Full Plugin Check (only if menu item is missing)

Verify the plugin is installed via the Plugins module.

  • Navigate to System Applications > All Available Applications > All
  • Search for “Token Based Authentication” or plugin ID “com.glide.tokenbased_auth”
  • Verify the plugin is installed and activated
  • If not installed, contact your ServiceNow administrator or install from ServiceNow Store
  • The plugin is available from the Washington D.C. release onwards; Personal Developer Instances on Washington D.C. and later (including Australia) ship with it pre-installed

Generate an API Key

Create a new API key in ServiceNow for API authentication.

1

Navigate to REST API Key

Open the REST API Key module in ServiceNow.

  • In the left navigation filter, type api key
  • Click System Web Services > REST API Key (tooltip reads “Token for API key authentication”). On some older releases this may be exposed as System Web Services > REST > API Key Management
  • Click the New button to create a new API key
2

Configure the API Key

Set up the API key with appropriate details.

  • Enter a Name for the key (e.g., “StackOne Integration”)
  • User: select a user with the required roles (admin / itil / rest_service)
  • Active: leave checked
  • Description: optional
  • Auth Scope: leave empty unless you need to restrict the key to specific scopes
  • Expiry: leave empty for no expiration, or set a future date
  • Click Submit to save the record. ServiceNow will auto-generate the Token value
3

Copy the Generated Token

Retrieve the generated key from the saved record.

  • From the REST API Key list, reopen the record you just created
  • The Token field now contains the generated key (it may be masked — click the unlock/eye icon if shown)
  • Copy the token value and store it securely — this is the API Key value you will paste into the StackOne connection
4

Verify User Permissions

Ensure the user associated with the API key has necessary roles.

  • Navigate to User Administration > Users
  • Search for and open the user you selected for the API key
  • Click the Roles tab
  • Verify the user has required roles (admin, itil, rest_service)
  • Add missing roles if necessary

Allow API Key Auth on the Table API

By default ServiceNow’s REST API Access Policies for the Table API (Table GET API Access Policy and Table POST API Access Policy) only allow Basic Authentication. You must explicitly attach a REST API Key inbound authentication profile so the Table API accepts API Key auth. Without this step every request will return HTTP 401 - User is not authenticated, even with a valid key.

1

Open REST API Access Policies

Find the policies that gate access to the Table API.

  • In the left navigation filter, type api access
  • Click System Web Services > API Access Policies > REST API Access Policies
2

Option A — Update Existing Policies (Recommended)

Edit each pre-shipped Table API policy to allow API Key authentication. This is the least invasive path on a default ServiceNow instance.

  • Open Table GET API Access Policy
  • Scroll to the Inbound authentication profiles section on the form
  • Click Insert a new row… and select Rest api key policy (the REST API Key inbound profile shipped with the platform)
  • Click Update
  • Repeat the same edit on Table POST API Access Policy
3

Option B — Create a Single Wildcard Policy

Replace the two pre-shipped policies with one broad policy. Cleaner for dedicated integration users / dev instances.

  • From the REST API Access Policies list, click New
  • Name: StackOne Connector Policy (or similar)
  • Active: ✓
  • REST API: select Table API (this auto-fills REST API PATH as now/table)
  • Apply to all methods: ✓
  • Apply to all resources: ✓
  • Apply to all versions: ✓
  • Apply to all tables: ✓
  • Advertise all auth schemes: leave unchecked unless you need to allow other auth schemes (Basic Auth, etc.) on this policy
  • Under Inbound authentication profiles, click Insert a new row… and select Rest api key policy
  • Click Submit
  • After submitting, return to the policies list and delete (or set Active = false on) the two pre-shipped policies: Table GET API Access Policy and Table POST API Access Policy — otherwise they will continue to win precedence over your new policy because they match the same API

Verify the Rest api key policy Inbound Authentication Profile

ServiceNow ships a built-in inbound authentication profile named Rest api key policy that handles API Key auth. On Washington D.C. and later (including Australia) PDIs it is typically already active, but it must be Active=true for API Key auth to function.

1

Open Inbound Authentication Profiles

Find the list of inbound auth profiles on the instance.

  • In the left navigation filter, type inbound auth
  • Click System Web Services > API Access Policies > Inbound Authentication Profile
2

Confirm Rest api key policy is Active

Most instances already have this profile active — just verify it.

  • Look for a row named Rest api key policy
  • Open the record — confirm Active = true. If it’s currently false, tick Active ✓ and click Update
3

Create the Profile (only if missing)

On some hardened instances the Rest api key policy profile may have been removed. Recreate it.

  • From the Inbound Authentication Profile list, click New
  • Pick the REST API Key profile type if the form asks for a class
  • Name: Rest api key policy
  • Active: ✓
  • Click Submit

Verify with curl

Confirm both LIST and GET-by-ID endpoints accept the API Key.

1

Run a Test Request

A 200 response confirms the full chain (Access Policy + Inbound Profile + API Key + User roles) is correct.

  • Run: curl -H 'x-sn-apikey: <YOUR_TOKEN>' -H 'Accept: application/json' 'https://<instance>.service-now.com/api/now/table/incident?sysparm_limit=1'
  • Expect HTTP 200 with a JSON body containing a result array
  • If you still see HTTP 401 with User is not authenticated: confirm the access policy is Active, Rest api key policy is attached as an inbound profile (or Advertise all auth schemes is ticked on the policy), and the Rest api key policy profile itself is Active

Get Your Instance Name

Identify your ServiceNow instance name for the connection.

1

Extract Instance Name

The instance name is the subdomain in your ServiceNow URL.

  • Note your instance URL (e.g., https://dev12345.service-now.com)
  • The instance name is the subdomain before .service-now.com (e.g., dev12345)
  • For Personal Developer Instances, it typically follows the pattern dev#####

Linking the Account from the Hub

1

Navigate to the Hub

Use one of the three Linking Account Methods to access the Hub.
2

Fill out the fields

Fill out the following fields using details from your provider:
  • Instance Name
  • API Key
3

Connect

  • Click Connect
  • If applicable, the provider will redirect you to a sign-in or authorization page. Complete the provider’s authorization flow.
  • Once authorization is successful, you will see a confirmation popup

If the account linking is successful, you will see the newly linked account in your Accounts page.

Next Steps

Webhooks setup

Configure receiving Events for ServiceNow into StackOne.