SOAP web services security ServiceNow enforces web service security using a combination of basic authentication challenge/response over the HTTPS protocol and system-level access control using contextual security. Administrators can control what system resources web services users can access by granting them one of the SOAP roles. SOAP rolesTo use SOAP web services, you must have the appropriate role for the operation you want to perform.Configure SOAP securityAdministrators can configure web service security for inbound SOAP requests made to the ServiceNow instance. Basic authenticationEnforce basic authentication for web services to require a username and password with a web service request.WS-SecurityValidate signed web services requests with WS-security.Strict security for web servicesStrict security for web services requires that users meet Contextual Security requirements to access instance resources. Mutual authentication for web servicesServiceNow supports mutual authentication for outbound web services.