> ## Documentation Index
> Fetch the complete documentation index at: https://docs.stackone.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Connect ServiceNow with API Key – StackOne Hub

> Link a ServiceNow account in the StackOne Hub using API Key. End-user guide to authorize the integration and start using ServiceNow actions.

<Warning>API Key authentication requires the com.glide.tokenbased\_auth plugin installed on your ServiceNow instance (available from Washington D.C. release onwards). You need admin privileges to generate API keys.</Warning>

<section data-guide-section data-guide-scopes="">
  <h2>Verify Token-Based Auth Plugin</h2>

  <p>Ensure the token-based authentication plugin is installed and activated on your ServiceNow instance before proceeding.</p>

  <Steps>
    <Step title="Quick Check via Navigation">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>The fastest way to confirm the plugin is active.</p>

        <ul>
          <li>Sign in to your ServiceNow instance at `https://[your-instance].service-now.com`</li>
          <li>In the left navigation filter, type `api key`</li>
          <li>If you see <strong>System Web Services > REST API Key</strong> (tooltip: "Token for API key authentication"), the plugin is active — skip to the next section</li>
          <li>If the menu item is missing, follow the full plugin check below</li>
        </ul>
      </div>
    </Step>

    <Step title="Full Plugin Check (only if menu item is missing)">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Verify the plugin is installed via the Plugins module.</p>

        <ul>
          <li>Navigate to <strong>System Applications</strong> > <strong>All Available Applications</strong> > <strong>All</strong></li>
          <li>Search for "Token Based Authentication" or plugin ID "com.glide.tokenbased\_auth"</li>
          <li>Verify the plugin is installed and activated</li>
          <li>If not installed, contact your ServiceNow administrator or install from ServiceNow Store</li>
          <li>The plugin is available from the Washington D.C. release onwards; Personal Developer Instances on Washington D.C. and later (including Australia) ship with it pre-installed</li>
        </ul>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Generate an API Key</h2>

  <p>Create a new API key in ServiceNow for API authentication.</p>

  <Steps>
    <Step title="Navigate to REST API Key">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Open the REST API Key module in ServiceNow.</p>

        <ul>
          <li>In the left navigation filter, type `api key`</li>
          <li>Click <strong>System Web Services > REST API Key</strong> (tooltip reads "Token for API key authentication"). On some older releases this may be exposed as <strong>System Web Services > REST > API Key Management</strong></li>
          <li>Click the <strong>New</strong> button to create a new API key</li>
        </ul>
      </div>
    </Step>

    <Step title="Configure the API Key">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Set up the API key with appropriate details.</p>

        <ul>
          <li>Enter a <strong>Name</strong> for the key (e.g., "StackOne Integration")</li>
          <li><strong>User</strong>: select a user with the required roles (admin / itil / rest\_service)</li>
          <li><strong>Active</strong>: leave checked</li>
          <li><strong>Description</strong>: optional</li>
          <li><strong>Auth Scope</strong>: leave empty unless you need to restrict the key to specific scopes</li>
          <li><strong>Expiry</strong>: leave empty for no expiration, or set a future date</li>
          <li>Click <strong>Submit</strong> to save the record. ServiceNow will auto-generate the <strong>Token</strong> value</li>
        </ul>
      </div>
    </Step>

    <Step title="Copy the Generated Token">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Retrieve the generated key from the saved record.</p>

        <ul>
          <li>From the REST API Key list, reopen the record you just created</li>
          <li>The <strong>Token</strong> field now contains the generated key (it may be masked — click the unlock/eye icon if shown)</li>
          <li>Copy the token value and store it securely — this is the API Key value you will paste into the StackOne connection</li>
        </ul>
      </div>
    </Step>

    <Step title="Verify User Permissions">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Ensure the user associated with the API key has necessary roles.</p>

        <ul>
          <li>Navigate to <strong>User Administration</strong> > <strong>Users</strong></li>
          <li>Search for and open the user you selected for the API key</li>
          <li>Click the <strong>Roles</strong> tab</li>
          <li>Verify the user has required roles (admin, itil, rest\_service)</li>
          <li>Add missing roles if necessary</li>
        </ul>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Allow API Key Auth on the Table API</h2>

  <p>By default ServiceNow's REST API Access Policies for the Table API (`Table GET API Access Policy` and `Table POST API Access Policy`) only allow Basic Authentication. You must explicitly attach a REST API Key inbound authentication profile so the Table API accepts API Key auth. Without this step every request will return `HTTP 401 - User is not authenticated`, even with a valid key.</p>

  <Steps>
    <Step title="Open REST API Access Policies">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Find the policies that gate access to the Table API.</p>

        <ul>
          <li>In the left navigation filter, type `api access`</li>
          <li>Click <strong>System Web Services > API Access Policies > REST API Access Policies</strong></li>
        </ul>
      </div>
    </Step>

    <Step title="Option A — Update Existing Policies (Recommended)">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Edit each pre-shipped Table API policy to allow API Key authentication. This is the least invasive path on a default ServiceNow instance.</p>

        <ul>
          <li>Open <strong>Table GET API Access Policy</strong></li>
          <li>Scroll to the <strong>Inbound authentication profiles</strong> section on the form</li>
          <li>Click <strong>Insert a new row\...</strong> and select <strong>Rest api key policy</strong> (the REST API Key inbound profile shipped with the platform)</li>
          <li>Click <strong>Update</strong></li>
          <li>Repeat the same edit on <strong>Table POST API Access Policy</strong></li>
        </ul>
      </div>
    </Step>

    <Step title="Option B — Create a Single Wildcard Policy">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Replace the two pre-shipped policies with one broad policy. Cleaner for dedicated integration users / dev instances.</p>

        <ul>
          <li>From the REST API Access Policies list, click <strong>New</strong></li>
          <li><strong>Name</strong>: `StackOne Connector Policy` (or similar)</li>
          <li><strong>Active</strong>: ✓</li>
          <li><strong>REST API</strong>: select <strong>Table API</strong> (this auto-fills REST API PATH as `now/table`)</li>
          <li><strong>Apply to all methods</strong>: ✓</li>
          <li><strong>Apply to all resources</strong>: ✓</li>
          <li><strong>Apply to all versions</strong>: ✓</li>
          <li><strong>Apply to all tables</strong>: ✓</li>
          <li><strong>Advertise all auth schemes</strong>: leave unchecked unless you need to allow other auth schemes (Basic Auth, etc.) on this policy</li>
          <li>Under <strong>Inbound authentication profiles</strong>, click <strong>Insert a new row\...</strong> and select <strong>Rest api key policy</strong></li>
          <li>Click <strong>Submit</strong></li>
          <li>After submitting, return to the policies list and <strong>delete</strong> (or set <strong>Active = false</strong> on) the two pre-shipped policies: <strong>Table GET API Access Policy</strong> and <strong>Table POST API Access Policy</strong> — otherwise they will continue to win precedence over your new policy because they match the same API</li>
        </ul>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Verify the Rest api key policy Inbound Authentication Profile</h2>

  <p>ServiceNow ships a built-in inbound authentication profile named <strong>Rest api key policy</strong> that handles API Key auth. On Washington D.C. and later (including Australia) PDIs it is typically already active, but it must be Active=true for API Key auth to function.</p>

  <Steps>
    <Step title="Open Inbound Authentication Profiles">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Find the list of inbound auth profiles on the instance.</p>

        <ul>
          <li>In the left navigation filter, type `inbound auth`</li>
          <li>Click <strong>System Web Services > API Access Policies > Inbound Authentication Profile</strong></li>
        </ul>
      </div>
    </Step>

    <Step title="Confirm Rest api key policy is Active">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Most instances already have this profile active — just verify it.</p>

        <ul>
          <li>Look for a row named <strong>Rest api key policy</strong></li>
          <li>Open the record — confirm <strong>Active = true</strong>. If it's currently false, tick <strong>Active</strong> ✓ and click <strong>Update</strong></li>
        </ul>
      </div>
    </Step>

    <Step title="Create the Profile (only if missing)">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>On some hardened instances the Rest api key policy profile may have been removed. Recreate it.</p>

        <ul>
          <li>From the Inbound Authentication Profile list, click <strong>New</strong></li>
          <li>Pick the <strong>REST API Key</strong> profile type if the form asks for a class</li>
          <li><strong>Name</strong>: `Rest api key policy`</li>
          <li><strong>Active</strong>: ✓</li>
          <li>Click <strong>Submit</strong></li>
        </ul>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Verify with curl</h2>

  <p>Confirm both LIST and GET-by-ID endpoints accept the API Key.</p>

  <Steps>
    <Step title="Run a Test Request">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>A 200 response confirms the full chain (Access Policy + Inbound Profile + API Key + User roles) is correct.</p>

        <ul>
          <li>Run: `curl -H 'x-sn-apikey: <YOUR_TOKEN>' -H 'Accept: application/json' 'https://<instance>.service-now.com/api/now/table/incident?sysparm_limit=1'`</li>
          <li>Expect HTTP 200 with a JSON body containing a `result` array</li>
          <li>If you still see HTTP 401 with `User is not authenticated`: confirm the access policy is Active, <strong>Rest api key policy</strong> is attached as an inbound profile (or <strong>Advertise all auth schemes</strong> is ticked on the policy), and the <strong>Rest api key policy</strong> profile itself is Active</li>
        </ul>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Get Your Instance Name</h2>

  <p>Identify your ServiceNow instance name for the connection.</p>

  <Steps>
    <Step title="Extract Instance Name">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>The instance name is the subdomain in your ServiceNow URL.</p>

        <ul>
          <li>Note your instance URL (e.g., `https://dev12345.service-now.com`)</li>
          <li>The instance name is the subdomain before `.service-now.com` (e.g., `dev12345`)</li>
          <li>For Personal Developer Instances, it typically follows the pattern `dev#####`</li>
        </ul>
      </div>
    </Step>
  </Steps>
</section>

<div data-whitelabel-hide>
  <h2>Linking the Account from the Hub</h2>

  <Steps>
    <Step title="Navigate to the Hub">
      Use one of the three <a href="/guides/accounts-section#linking-accounts">Linking Account Methods</a> to access the Hub.
    </Step>

    <Step title="Fill out the fields">
      Fill out the following fields using details from your provider:

      <ul>
        <li><strong>Instance Name</strong></li>
        <li><strong>API Key</strong></li>
      </ul>
    </Step>

    <Step title="Connect">
      <ul>
        <li>Click <strong>Connect</strong></li>
        <li>If applicable, the provider will redirect you to a sign-in or authorization page. Complete the provider's authorization flow.</li>
        <li>Once authorization is successful, you will see a confirmation popup</li>
      </ul>
    </Step>
  </Steps>

  <p>If the account linking is successful, you will see the newly linked account in your <a href="/guides/accounts-section">Accounts</a> page.</p>
</div>

## Next Steps

<Columns cols={2}>
  <Card title="Webhooks setup" href="/connectors/servicenow/guides/webhook-setup">
    <p className="connector-page-auth-description" style={{ fontSize: '14px', marginTop: 0, marginBottom: 0 }}>
      Configure receiving Events for ServiceNow into StackOne.
    </p>
  </Card>
</Columns>
