Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.


Log in to subscribe to topics and get notified when content changes.


Validate signed web services requests with WS-security.

ServiceNow supports WS-Security 1.1 to validate signed web services requests. Enable WS-Security to:
  • Verify SOAP messages originate from a known sender
  • Verify SOAP messages have not been altered in transit
Note: ServiceNow does not use WS-Security as an encryption mechanism. ServiceNow relies on the HTTPS protocol to encrypt all communications.

WS-Security is intended to work in conjunction with basic authentication. When ServiceNow receives a SOAP message, it reviews the basic authentication header to determine if the SOAP user has rights to the instance. It reviews the WS-Security header to determine the validity of the incoming message. Requests affected by attacks such as a man-in-the-middle attack have an invalid WS-Security header and are blocked.