Web services release notes

Web Services product enhancements and updates in the Geneva release.

Activation information

Platform feature - active by default

New in the Geneva release

Scripted REST APIs With Scripted REST APIs, customers can build their APIs on the ServiceNow platform with support for security, versioning, content-negotiation and API Explorer integration. Customers can define their API, configure a custom path and scripting logic to receive incoming requests, and build custom responses allowing for much greater flexibility when building integrations.
CORS support Cross-Origin Resource Sharing (CORS) support allows customers to specify which REST APIs on their ServiceNow instance allow cross-domain AJAX requests from specific whitelisted domains. Support for CORS allows customers to create new types of integrations with the ServiceNow platform that were not previously possible.
Attachment REST API The new Attachment REST API allows integrations to more easily interact with attachments on the ServiceNow platform using patterns common to REST APIs. Create, Query and Delete actions are mapped to appropriate HTTP methods as expected in REST and support is provided for interacting with attachments as binary streams.

Changed in the Geneva release

  • Several new RESTMessageV2 methods are available, such as methods to work with attachments, including binary data support.
  • You can generate variable substitutions for outbound REST messages automatically using the Auto-generate variables related link on the HTTP Method form.
  • Outbound REST messages support sending OAuth 2.0 authentication headers, including support for the OAuth 2.0 Authorization Code flow to obtain access and refresh tokens.
  • Basic authentication credentials for REST messages are defined in basic authentication profiles instead of text fields on the REST Message form.
  • Version 2 of the Table API is available. This version provides improved response codes when getting multiple records. Version 1 of the Table API remains available.
  • Requests to the version 1 Table API GET api/now/table/{tableName} endpoint that return an empty result set now return an empty array in the response body, instead of an empty response body.
  • Inbound REST APIs require an Authorization header with each request.
  • Outbound REST messages support OAuth 2.0 authentication using OAuth 2.0 profiles.
  • Outbound REST forms have improved UI text and field help.
  • You can select a web service namespace when using the REST API Explorer.
  • You can add additional query parameters and request headers when using the REST API Explorer.
  • The REST API Explorer provides Powershell code samples.
  • You can copy code samples directly from the REST API Explorer.
  • The new rest_api_explorer role is required to access the REST API Explorer.
  • You can access the REST API Explorer for a table directly from the Table form with the Explore REST API related link.
  • Fields in the REST API Explorer that accept only certain values were changed to choice or reference fields instead of text fields.
  • You can construct a request body in the REST API Explorer by selecting fields and setting values, or by writing raw text.
  • The REST API Explorer allows you to upload binary payloads, such as for the Attachment API.
  • The new ACL Type choice REST_Endpoint is available. ACLs of this type apply only to Scripted REST API resources.
  • Outbound REST HTTP Method records always inherit security settings from the parent record if the HTTP Method does not override the parent settings.
  • The SOAP Message Function Envelope provides additional details around variables, including which variables are optional or mandatory.
  • The properties glide.soap.outbound.variable_context_depth and glide.soap.outbound.include_variable_context allow you to control the length and format of variables in SOAP envelopes.
  • The rest_service role is no longer required to access REST APIs.