Step 1 — Configure the REST API Access Policy
ServiceNow gates access to the Table API behind REST API Access Policies. You need a policy covering the Table API that allows Basic Authentication.
Open REST API Access Policies
Find the policies that gate access to the Table API.
- Sign in to your ServiceNow instance at
https://[your-instance].service-now.com - In the left navigation filter, type
api access(or navigate to System Web Services > API Access Policies > REST API Access Policies) - Click REST API Access Policies to open the list of existing policies
Identify Existing Table API Policies
Recent ServiceNow releases (Washington D.C. and later, including Australia) ship with method-specific policies instead of a single “Basic Auth” policy.
- Newer releases (Washington D.C.+): look for Table GET API Access Policy and Table POST API Access Policy — pre-installed and Active=true by default
- Older releases: look for a single policy named Basic Auth (REST API = Table API, REST API PATH =
now/table) - If either layout is present and Active, you can skip to Step 2 below
- If you previously created a custom wildcard policy (e.g., for API Key auth) and removed the pre-shipped policies, ensure that policy has Advertise all auth schemes ticked or includes a Basic Auth inbound profile — otherwise Basic Auth will return HTTP 401
Option A — Use the Pre-shipped Policies (Default)
Simplest path — keep the policies ServiceNow ships and just verify they are active.
- Open Table GET API Access Policy — confirm Active is checked, then Update if you changed anything
- Open Table POST API Access Policy — confirm Active is checked
- If Table POST shows Apply to all methods/resources/versions = false, verify the Resource pattern is
/now/table/{tableName}and the table list covers the tables you plan to write to (incident, problem, change_request, etc.) - These pre-shipped policies allow Basic Auth by default — no profile attachment is required because the platform applies the BasicAuth profile automatically once it is active (see Step 2)
Option B — Create a New Policy if None Exist
If the pre-shipped policies are missing (or you deleted them in favour of a single broad policy), create one yourself.
- From the REST API Access Policies list, click New
- Name:
StackOne Connector Policy(or similar) - Active: ✓
- REST API: select Table API (REST API PATH auto-fills to
now/table) - Apply to all methods: ✓
- Apply to all resources: ✓
- Apply to all versions: ✓
- Apply to all tables: ✓
- Advertise all auth schemes: ✓ — this allows Basic Auth alongside any explicit profiles. Skip this only if you want to restrict to specific profiles
- Under Inbound authentication profiles, click Insert a new row… and add a Basic Auth profile if one exists in the dropdown (e.g., BasicAuth for none public processors). If only API Key profiles appear, leave this empty — Advertise all auth schemes will cover Basic Auth
- Click Submit
(Optional) Add a Resource-by-ID Policy
Only needed if GET-by-ID requests (e.g. /now/table/incident/{sys_id}) start returning 401 even after the above policies are active. Most newer releases do not require this.
- If you see a policy named REST API resource by id (or similar), open it and set Active = true
- If not present and you hit 401s on GET-by-ID, click New with: REST API = Table API, REST API PATH =
now/table, Resource =/now/table/{tableName}/{sys_id}, Apply to all methods/tables/versions = true, attach a Basic Auth inbound profile, then Submit
Step 2 — Activate the BasicAuth Inbound Authentication Profile
ServiceNow ships with a built-in inbound authentication profile named BasicAuth for none public processors that handles Basic Auth across all non-public REST endpoints. On many releases — including Australia PDIs — this profile is inactive by default. If it stays inactive, every Basic Auth request returns HTTP 401 - User is not authenticated, even with valid credentials and a permissive Access Policy.
Open Inbound Authentication Profiles
Find the list of inbound auth profiles on the instance.
- In the left navigation filter, type
inbound auth - Click System Web Services > API Access Policies > Inbound Authentication Profile
Activate BasicAuth (if it exists)
Most instances already have the profile — just toggle it on.
- Look for a row named BasicAuth for none public processors (description “BasicAuth for all none public processors”,
Apply to all none public processors = true) - Open the record — if Active = false, tick Active ✓ and click Update
- Because
Apply to all none public processors = true, no further wiring is required — Basic Auth will work for any access policy that doesn’t explicitly restrict the auth profile list
Create the Profile (only if missing)
On some hardened instances the BasicAuth profile may have been removed. Recreate it.
- From the Inbound Authentication Profile list, click New
- Pick the Basic Auth profile type if the form asks for a class
- Name:
BasicAuth for none public processors - Active: ✓
- Apply to all none public processors: ✓
- Description:
BasicAuth for all none public processors - Click Submit
Get Your ServiceNow Instance Name
Your ServiceNow instance name is the subdomain in your ServiceNow URL.
Identify Instance Name
Find your ServiceNow instance name from your login URL.
- Sign in to your ServiceNow instance
- Note your instance URL format (e.g.,
https://dev12345.service-now.com) - Your instance name is the subdomain before
.service-now.com(e.g.,dev12345) - For Personal Developer Instances, the name typically follows the pattern
dev#####
Get Your Username and Password
Use your existing ServiceNow account credentials.
Locate Your Credentials
Use the same username and password you use to sign in to ServiceNow.
- Username: Your ServiceNow account username (e.g., admin or your assigned username)
- Password: Your ServiceNow account password
- Ensure your account has necessary roles by navigating to User Administration > Users, search for your username, and check the Roles tab
- Required roles: admin, itil, or rest_api_explorer for Table API access
Linking the Account from the Hub
Navigate to the Hub
Fill out the fields
- Instance Name
- Username
- Password
If the account linking is successful, you will see the newly linked account in your Accounts page.
Next Steps
Webhooks setup
Configure receiving Events for ServiceNow into StackOne.