Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.
  • Madrid
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store


Log in to subscribe to topics and get notified when content changes.


Validate signed web services requests with WS-security.

ServiceNow supports WS-Security 1.1 to validate signed web services requests. Enable WS-Security to:
  • Verify SOAP messages originate from a known sender
  • Verify SOAP messages have not been altered in transit
Note: ServiceNow does not use WS-Security as an encryption mechanism. ServiceNow relies on the HTTPS protocol to encrypt all communications.

WS-Security is intended to work in conjunction with basic authentication. When ServiceNow receives a SOAP message, it reviews the basic authentication header to determine if the SOAP user has rights to the instance. It reviews the WS-Security header to determine the validity of the incoming message. Requests affected by attacks such as a man-in-the-middle attack have an invalid WS-Security header and are blocked.