Verify Token-Based Auth Plugin
Ensure the token-based authentication plugin is installed and activated on your ServiceNow instance before proceeding.
Quick Check via Navigation
The fastest way to confirm the plugin is active.
- Sign in to your ServiceNow instance at
https://[your-instance].service-now.com - In the left navigation filter, type
api key - If you see System Web Services > REST API Key (tooltip: “Token for API key authentication”), the plugin is active — skip to the next section
- If the menu item is missing, follow the full plugin check below
Full Plugin Check (only if menu item is missing)
Verify the plugin is installed via the Plugins module.
- Navigate to System Applications > All Available Applications > All
- Search for “Token Based Authentication” or plugin ID “com.glide.tokenbased_auth”
- Verify the plugin is installed and activated
- If not installed, contact your ServiceNow administrator or install from ServiceNow Store
- The plugin is available from the Washington D.C. release onwards; Personal Developer Instances on Washington D.C. and later (including Australia) ship with it pre-installed
Generate an API Key
Create a new API key in ServiceNow for API authentication.
Navigate to REST API Key
Open the REST API Key module in ServiceNow.
- In the left navigation filter, type
api key - Click System Web Services > REST API Key (tooltip reads “Token for API key authentication”). On some older releases this may be exposed as System Web Services > REST > API Key Management
- Click the New button to create a new API key
Configure the API Key
Set up the API key with appropriate details.
- Enter a Name for the key (e.g., “StackOne Integration”)
- User: select a user with the required roles (admin / itil / rest_service)
- Active: leave checked
- Description: optional
- Auth Scope: leave empty unless you need to restrict the key to specific scopes
- Expiry: leave empty for no expiration, or set a future date
- Click Submit to save the record. ServiceNow will auto-generate the Token value
Copy the Generated Token
Retrieve the generated key from the saved record.
- From the REST API Key list, reopen the record you just created
- The Token field now contains the generated key (it may be masked — click the unlock/eye icon if shown)
- Copy the token value and store it securely — this is the API Key value you will paste into the StackOne connection
Allow API Key Auth on the Table API
By default ServiceNow’s REST API Access Policies for the Table API (Table GET API Access Policy and Table POST API Access Policy) only allow Basic Authentication. You must explicitly attach a REST API Key inbound authentication profile so the Table API accepts API Key auth. Without this step every request will return HTTP 401 - User is not authenticated, even with a valid key.
Open REST API Access Policies
Find the policies that gate access to the Table API.
- In the left navigation filter, type
api access - Click System Web Services > API Access Policies > REST API Access Policies
Option A — Update Existing Policies (Recommended)
Edit each pre-shipped Table API policy to allow API Key authentication. This is the least invasive path on a default ServiceNow instance.
- Open Table GET API Access Policy
- Scroll to the Inbound authentication profiles section on the form
- Click Insert a new row… and select Rest api key policy (the REST API Key inbound profile shipped with the platform)
- Click Update
- Repeat the same edit on Table POST API Access Policy
Option B — Create a Single Wildcard Policy
Replace the two pre-shipped policies with one broad policy. Cleaner for dedicated integration users / dev instances.
- From the REST API Access Policies list, click New
- Name:
StackOne Connector Policy(or similar) - Active: ✓
- REST API: select Table API (this auto-fills REST API PATH as
now/table) - Apply to all methods: ✓
- Apply to all resources: ✓
- Apply to all versions: ✓
- Apply to all tables: ✓
- Advertise all auth schemes: leave unchecked unless you need to allow other auth schemes (Basic Auth, etc.) on this policy
- Under Inbound authentication profiles, click Insert a new row… and select Rest api key policy
- Click Submit
- After submitting, return to the policies list and delete (or set Active = false on) the two pre-shipped policies: Table GET API Access Policy and Table POST API Access Policy — otherwise they will continue to win precedence over your new policy because they match the same API
Verify the Rest api key policy Inbound Authentication Profile
ServiceNow ships a built-in inbound authentication profile named Rest api key policy that handles API Key auth. On Washington D.C. and later (including Australia) PDIs it is typically already active, but it must be Active=true for API Key auth to function.
Open Inbound Authentication Profiles
Find the list of inbound auth profiles on the instance.
- In the left navigation filter, type
inbound auth - Click System Web Services > API Access Policies > Inbound Authentication Profile
Confirm Rest api key policy is Active
Most instances already have this profile active — just verify it.
- Look for a row named Rest api key policy
- Open the record — confirm Active = true. If it’s currently false, tick Active ✓ and click Update
Verify with curl
Confirm both LIST and GET-by-ID endpoints accept the API Key.
Run a Test Request
A 200 response confirms the full chain (Access Policy + Inbound Profile + API Key + User roles) is correct.
- Run:
curl -H 'x-sn-apikey: <YOUR_TOKEN>' -H 'Accept: application/json' 'https://<instance>.service-now.com/api/now/table/incident?sysparm_limit=1' - Expect HTTP 200 with a JSON body containing a
resultarray - If you still see HTTP 401 with
User is not authenticated: confirm the access policy is Active, Rest api key policy is attached as an inbound profile (or Advertise all auth schemes is ticked on the policy), and the Rest api key policy profile itself is Active
Get Your Instance Name
Identify your ServiceNow instance name for the connection.
Linking the Account from the Hub
Navigate to the Hub
Fill out the fields
- Instance Name
- API Key
If the account linking is successful, you will see the newly linked account in your Accounts page.
Next Steps
Webhooks setup
Configure receiving Events for ServiceNow into StackOne.