The CSM Attachment API provides endpoints that allow both internal and external users to upload, download, and remove attachments associated with a table and to retrieve attachment metadata.

Only attachments associated with tables specified in the glide.rest.attachment_csm_api.allowed_tables system property are valid in any of the associated endpoint calls. Any logged in user, both snc_internal and snc_external, can access this API. Guests and public users do not have access rights.

This API respects any system limitations on uploaded files, such as maximum file size and allowed attachment types. You can control these settings using the com.glide.attachment.max_size and glide.attachment.extensions properties.

By default, this API has a rate limit of 500 per hour for unauthenticated and snc_external users. For more information about rate limiting, see Inbound REST API rate limiting.

CSM Attachment - DELETE /now/attachment_csm/{sys_id}

Deletes the specified attachment.

URL format

Versioned URL: /api/now/{api_version}/attachment_csm/{sys_id}

Default URL: /api/now/v1/attachment_csm/{sys_id}

Note: Available versions are specified in the REST API Explorer. For scripted REST APIs there is additional version information on the Scripted REST Service form.

Supported request parameters

Table 1. Path parameters
Name Description
api_version Optional. Version of the endpoint to access. For example, v1 or v2. Only specify this value to use an endpoint version other than the latest.

Data type: String

sys_id Sys_id of the attachment to delete. This attachment must belong to one of the tables listed within the glide.rest.attachment_csm_api.allowed_tables property in the System Properties [sys_properties] table.

Data type: String

Table 2. Query parameters
Name Description
None
Table 3. Request body parameters (XML or JSON)
Name Description
None

Headers

The following request and response headers apply to this HTTP action only, or apply to this action in a distinct way. For a list of general headers used in the REST API, see Supported REST API headers.

Table 4. Request headers
Header Description
None
Table 5. Response headers
Header Description
None

Status codes

The following status codes apply to this HTTP action. For a list of possible status codes used in the REST API, see REST API HTTP response codes.

Response body parameters (JSON or XML)

Name Description
None

Example: Sample cURL request

curl "https://instance.servicenow.com/api/now/v1/attachment_csm/615ea769c0a80166001cf5f2367302f5" \
--request DELETE \
--user 'username':'password'
None

CSM Attachment - GET /now/attachment_csm

Returns the metadata for multiple attachments.

Note: You can reference all sysparm query parameters using either their full name or their shortened name (without the sysparm_ prefix). For example, for sysparm_limit you can also use limit.

URL format

Versioned URL: /api/now/{api_version}/attachment_csm

Default URL: /api/now/v1/attachment_csm

Note: Available versions are specified in the REST API Explorer. For scripted REST APIs there is additional version information on the Scripted REST Service form.

Supported request parameters

Table 7. Path parameters
Name Description
api_version Optional. Version of the endpoint to access. For example, v1 or v2. Only specify this value to use an endpoint version other than the latest.

Data type: String

Table 8. Query parameters
Name Description
sysparm_limit Maximum number of records to return. For requests that exceed this number of records, use the sysparm_offset parameter to paginate record retrieval.

This limit is applied before ACL evaluation. If no records return, including records you have access to, rearrange the record order so records you have access to return first.

Note: Unusually large sysparm_limit values can impact system performance.

Data type: Number

Default: 20

Maximum: 100

sysparm_offset Starting record index for which to begin retrieving records. Use this value to paginate record retrieval. This functionality enables the retrieval of all records, regardless of the number of records, in small manageable chunks.

For example, the first time you call this endpoint, sysparm_offset is set to "0". To simply page through all available records, use sysparm_offset=sysparm_offset+sysparm_limit, until you reach the end of all records.

Don't pass a negative number in the sysparm_offset parameter.

Data type: Number

Default: 0

sysparm_query Required. Encoded query to use to search for attachments.

This parameter must at least contain sysparm_query=table_name=<table> where <table> can only be those tables specified in the glide.rest.attachment_csm_api.allowed_tables property located in the System Properties [sys_properties] table.

For example: sysparm_query=file_name=kb_knowledge.

Syntax: sysparm_query=<col_name><operator><value>.
  • <col_name>: Name of the table column to filter against.
  • <operator>: Supports the following values:
    • =: Exactly matches <value>.
    • !=: Does not match <value>.
    • ^: Logically AND multiple query statements.
    • ^OR: Logically OR multiple query statements.
    • LIKE: <col_name> contains the specified string. Only works for <col_name> fields whose data type is string.
    • STARTSWITH: <col_name> starts with the specified string. Only works for <col_name> fields whose data type is string.
    • ENDSWITH: <col_name> ends with the specified string. Only works for <col_name> fields whose data type is string.
    <value>: Value to match against.

All parameters are case-sensitive. Queries can contain more than one entry, such as sysparm_query=<col_name><operator><value>[<operator><col_name><operator><value>].

For example:

(sysparm_query=caller_id=javascript:gs.getUserID()^active=true)

Encoded queries also supports order by functionality. To sort responses based on certain fields, use the ORDERBY and ORDERBYDESC clauses in sysparm_query.

Syntax:
  • ORDERBY<col_name>
  • ORDERBYDESC<col_name>

For example: sysparm_query=active=true^ORDERBYnumber^ORDERBYDESCcategory

This query filters all active records and orders the results in ascending order by number, and then in descending order by category.

Data type: String

Table 9. Request body parameters (XML or JSON)
Name Description
None

Headers

The following request and response headers apply to this HTTP action only, or apply to this action in a distinct way. For a list of general headers used in the REST API, see Supported REST API headers.

Table 10. Request headers
Header Description
Accept Data format of the response body. Supported types: application/json or application/xml.

Default: application/json

Table 11. Response headers
Header Description
None

Status codes

The following status codes apply to this HTTP action. For a list of possible status codes used in the REST API, see REST API HTTP response codes.

Table 12. Status codes
Status code Description
200 Successful. The request was successfully processed.
401 Unauthorized. The user credentials are incorrect or have not been passed.
500 Internal server error. An unexpected error occurred while processing the request. The response contains additional information about the error.

Response body parameters (JSON or XML)

Example: Sample cURL request

curl "https://instance.service-now.com/api/now/v1/attachment_csm?sysparm_limit=1" \
--request GET \
--header "Accept:application/json" \
--user "username":"password"
{
  "result": [
    {
      "table_sys_id": "5054b6f8c0a800060056addcf551ecf8",
      "size_bytes": "462",
      "download_link": "https://instance.service-now.com/api/now/v1/attachment_csm/615ea769c0a80166001cf5f2367302f5/file",
      "sys_updated_on": "2009-05-21 04:12:21",
      "sys_id": "615ea769c0a80166001cf5f2367302f5",
      "image_height": "",
      "sys_created_on": "2009-05-21 04:12:21",
      "file_name": "blocks.swf",
      "sys_created_by": "glide.maint",
      "compressed": "true",
      "average_image_color": "",
      "sys_updated_by": "glide.maint",
      "sys_tags": "",
      "table_name": "content_block_programmatic",
      "image_width": "",
      "sys_mod_count": "0",
      "content_type": "application/x-shockwave-flash",
      "size_compressed": "485",
      "created_by_name": "John Smith",
      "updated_by_name": "John Smith"
    }
  ]
}

CSM Attachment - GET /now/attachment_csm/{sys_id}/file

Returns the file attachment for the specified attachment sys_id.

URL format

Versioned URL: /api/now/{api_version}/attachment_csm/{sys_id}/file

Default URL: /api/now/v1/attachment_csm/{sys_id}/file

Note: Available versions are specified in the REST API Explorer. For scripted REST APIs there is additional version information on the Scripted REST Service form.

Supported request parameters

Table 13. Path parameters
Name Description
api_version Optional. Version of the endpoint to access. For example, v1 or v2. Only specify this value to use an endpoint version other than the latest.

Data type: String

sys_id Sys_id of the attachment. This attachment must belong to one of the tables listed within the glide.rest.attachment_csm_api.allowed_tables property in the System Properties [sys_properties] table.

Data type: String

Table: Attachments [sys_attachment]

Table 14. Query parameters
Name Description
None
Table 15. Request body parameters (XML or JSON)
Name Description
None

Headers

The following request and response headers apply to this HTTP action only, or apply to this action in a distinct way. For a list of general headers used in the REST API, see Supported REST API headers.

Table 16. Request headers
Header Description
Accept Data format of the response body. For example, use image/jpeg or image/png to accept JPEG or PNG image files exclusively. To allow all image types, specify image/*; to allow any file type, specify */*.

Default: */*

Table 17. Response headers
Header Description
X-Attachment-Metadata Metadata about the returned file, such as size, name, and file type.

Status codes

The following status codes apply to this HTTP action. For a list of possible status codes used in the REST API, see REST API HTTP response codes.

Response body parameters

Name Description
Contents of the attachment.

Example: Sample cURL request

curl "https://instance.servicenow.com/api/now/v1/attachment_csm/<attachment_sys_id>/file" \
--request GET \
--header "Accept:*/*" \
--user 'username':'password'
Recipient list Internal users Sheet1
sys_id	email
 Recipient list Internal users.xlsx

CSM Attachment - GET /now/attachment_csm/{sys_id}

Returns the metadata for the attachment file with the specific attachment sys_id.

URL format

Versioned URL: /api/now/{api_version}/attachment_csm/{sys_id}

Default URL: /api/now/v1/attachment_csm/{sys_id}

Note: Available versions are specified in the REST API Explorer. For scripted REST APIs there is additional version information on the Scripted REST Service form.

Supported request parameters

Table 19. Path parameters
Name Description
api_version Optional. Version of the endpoint to access. For example, v1 or v2. Only specify this value to use an endpoint version other than the latest.

Data type: String

sys_id Sys_id of the attachment record for which to return metadata. This attachment must belong to one of the tables listed within the glide.rest.attachment_csm_api.allowed_tables property in the System Properties [sys_properties] table.

Data type: String

Table 20. Query parameters
Name Description
None
Table 21. Request body parameters (XML or JSON)
Name Description
None

Headers

The following request and response headers apply to this HTTP action only, or apply to this action in a distinct way. For a list of general headers used in the REST API, see Supported REST API headers.

Table 22. Request headers
Header Description
Accept Data format of the response body. Supported types: application/json or application/xml.

Default: application/json

Table 23. Response headers
Header Description
None

Status codes

The following status codes apply to this HTTP action. For a list of possible status codes used in the REST API, see REST API HTTP response codes.

Response body parameters (JSON or XML)

Example: Sample cURL request

curl "https://instance.servicenow.com/api/now/v1/attachment_csm/615ea769c0a80166001cf5f2367302f5" \
--request GET \
--header "Accept:application/json" \
--user "username":"password"
{
  "result": {
    "table_sys_id": "5054b6f8c0a800060056addcf551ecf8",
    "size_bytes": "462",
    "download_link": "https://instance.service-now.com/api/now/v1/attachment_csm/615ea769c0a80166001cf5f2367302f5/file",
    "sys_updated_on": "2019-05-21 04:12:21",
    "sys_id": "615ea769c0a80166001cf5f2367302f5",
    "image_height": "",
    "sys_created_on": "2019-05-21 04:12:21",
    "file_name": "blocks.swf",
    "sys_created_by": "glide.maint",
    "compressed": "true",
    "average_image_color": "",
    "sys_updated_by": "glide.maint",
    "sys_tags": "",
    "table_name": "content_block_programmatic",
    "image_width": "",
    "sys_mod_count": "0",
    "content_type": "application/x-shockwave-flash",
    "size_compressed": "485",
    "created_by_name": "John Smith",
    "updated_by_name": "John Smith"
  }
}

CSM Attachment - POST /now/attachment_csm/file

Uploads a specified binary file as an attachment to a specified record.

The endpoint also returns the metadata for the saved attachment.

URL format

Versioned URL: /api/now/{api_version}/attachment_csm/file

Default URL: /api/now/v1/attachment_csm/file

Note: Available versions are specified in the REST API Explorer. For scripted REST APIs there is additional version information on the Scripted REST Service form.

Supported request parameters

Table 25. Path parameters
Name Description
api_version Optional. Version of the endpoint to access. For example, v1 or v2. Only specify this value to use an endpoint version other than the latest.

Data type: String

Table 27. Request body parameters (XML or JSON)
Name Description
<String> Path to the binary file to attach to the specified record.

Data type: String

Headers

The following request and response headers apply to this HTTP action only, or apply to this action in a distinct way. For a list of general headers used in the REST API, see Supported REST API headers.

Table 28. Request headers
Header Description
Accept Data format of the response body. Supported types: application/json or application/xml.

Default: application/json

Content-Type Required. Data format of the file to post. For example, use image/jpeg or image/png to post JPEG or PNG image files exclusively. To allow all image types, specify image/*; to allow any file type, specify */*.
Table 29. Response headers
Header Description
None

Status codes

The following status codes apply to this HTTP action. For a list of possible status codes used in the REST API, see REST API HTTP response codes.

Response body parameters (JSON or XML)

ElementDescription
result Metadata of the requested attachment.

Data type: Object

"result": {
  "average_image_color": "String",
  "compressed": "String", 
  "content_type": "String",
  "created_by_name": "String",
  "download_link": "String",
  "file_name": "String",
  "image_height": "String",
  "image_width": "String",
  "size_bytes": "String",
  "size_compressed": "String",
  "sys_created_by": "String",
  "sys_created_on": "String",
  "sys_id": "String",
  "sys_mod_count": "String",
  "sys_tags": "String",
  "sys_updated_by": "String",
  "sys_updated_on": "String",
  "table_name": "String",
  "table_sys_id": "String",
  "updated_by_name": "String"
}
result.average_image_color If the attachment is an image, the sum of all colors.

Data type: String

Unit: RGB or number of pixels.

result.compressed Flag that indicates whether the attachment file has been compressed.
Possible values:
  • true: File has been compressed.
  • false: File has not been compressed.

Data type: String

result.content_type Content-type of the associated attachment file, such as image or jpeg or application/x-shockwave-flash.

Data type: String

result.created_by_name Full name of entity that originally created the attachment file.

Data type: String

result.download_link Download URL of the attachment on the ServiceNow instance.

Data type: String

result.file_name File name of the attachment.

Data type: String

result.image_height If an image file, the height of the image.

Data type: String

Unit: Pixels

result.image_width If an image file, the width of the image.

Data type: String

Unit: Pixels

result.size_bytes Size of the attachment.

Data type: String

Unit: Bytes

result.size_compressed Size of the compressed attachment file. If the file is not compressed, empty.

Data type: String

Unit: Bytes

result.sys_created_by Entity that originally created the attachment file.

Data type: String

result.sys_created_on Date and time that the attachment file was initially saved to the instance.

Data type: String

result.sys_id Sys_id of the attachment file.

Data type: String

result.sys_mod_count Number of times the attachment file has been modified (uploaded to the instance).

Data type: String

result.sys_tags Any system tags associated with the attachment file.

Data type: String

result.sys_updated_by Entity that last updated the attachment file.

Data type: String

result.sys_updated_on Date and time that the attachment file was last updated.

Data type: String

result.table_name Name of the table to which the attachment is associated.

Data type: String

result.table_sys_id Sys_id of the table associated with the attachment.

Data type: String

result.updated_by_name Full name of entity that last updated the attachment file.

Data type: String

Example: Sample cURL request

Shows how to upload the .jpg file Issue_screenshot.jpg in the /images directory.

curl "https://instance.servicenow.com/api/now/v1/attachment_csm/file?table_name=incident&table_sys_id=d71f7935c0a8016700802b64c67c11c6&file_name=Issue_screenshot" \
--request POST \
--header "Accept:application/json" \
--header "Content-Type: image/jpeg" \
--user "username":"password" \
--data-binary "@/images/Issue_screenshot.jpg"
{
  "result": {
    "table_sys_id": "d71f7935c0a8016700802b64c67c11c6",
    "size_bytes": "36597",
    "download_link": "https://instance.service-now.com/api/now/v1/attachment_csm/6ea10fe64f411200adf9f8e18110c739/file",
    "sys_updated_on": "2019-01-22 15:14:07",
    "sys_id": "6ea10fe64f411200adf9f8e18110c739",
    "image_height": "",
    "sys_created_on": "2019-01-22 15:14:07",
    "file_name": "Issue_screenshot",
    "sys_created_by": "username",
    "compressed": "true",
    "average_image_color": "",
    "sys_updated_by": "username",
    "sys_tags": "",
    "table_name": "incident",
    "image_width": "",
    "sys_mod_count": "0",
    "content_type": "image/jpeg",
    "size_compressed": "25130",
    "created_by_name": "John Smith",
    "updated_by_name": "John Smith"
  }
}

CSM Attachment - POST /now/attachment_csm/upload

Uploads a multipart file attachment.

The multipart POST method does not accept any parameters. You must specify the table name and record sys_id values within the form body. See the cURL example below for a sample of a multipart/form-data request.
Note: When using multipart POST, ensure the file content is contained in the final part of the message only. Earlier parts should contain only metadata such as table name and record sys_id.
When sending a multipart/form-data POST request to upload a file attachment, include attachment data in the form body, not in the URL parameters or request body.
Table 31. Mandatory values
Value Description
Content-Type Content-Type of the file, included in the message body for multipart uploads.
Note: You must define the Content-Type within the file portion of the POST message, not within the form data.

Data type: String

table_name Name of the table to which you want to attach the file. This table must be specified in the glide.rest.attachment_csm_api.allowed_tables property in the System Properties [sys_properties] table.

Data type: String

table_sys_id Sys_id of the record on the specified table to which you want to attach the file.

Data type: String

URL format

Versioned URL: /api/now/{api_version}/attachment_csm/upload

Default URL: /api/now/v1/attachment_csm/upload

Note: Available versions are specified in the REST API Explorer. For scripted REST APIs there is additional version information on the Scripted REST Service form.

Supported request parameters

Table 32. Path parameters
Name Description
api_version Optional. Version of the endpoint to access. For example, v1 or v2. Only specify this value to use an endpoint version other than the latest.

Data type: String

Table 33. Query parameters
Name Description
None
Table 34. Request body parameters (XML or JSON)
Name Description
None

Headers

The following request and response headers apply to this HTTP action only, or apply to this action in a distinct way. For a list of general headers used in the REST API, see Supported REST API headers.

Table 35. Request headers
Header Description
Content-Type Data format of the request body. Set this value to multipart/form-data when using the multipart POST method.
Table 36. Response headers
Header Description
Location URL of the new attachment in the ServiceNow platform instance.

Status codes

The following status codes apply to this HTTP action. For a list of possible status codes used in the REST API, see REST API HTTP response codes.

Response body parameters (JSON or XML)

ElementDescription
result Metadata of the requested attachment.

Data type: Object

"result": {
  "average_image_color": "String",
  "compressed": "String", 
  "content_type": "String",
  "created_by_name": "String",
  "download_link": "String",
  "file_name": "String",
  "image_height": "String",
  "image_width": "String",
  "size_bytes": "String",
  "size_compressed": "String",
  "sys_created_by": "String",
  "sys_created_on": "String",
  "sys_id": "String",
  "sys_mod_count": "String",
  "sys_tags": "String",
  "sys_updated_by": "String",
  "sys_updated_on": "String",
  "table_name": "String",
  "table_sys_id": "String",
  "updated_by_name": "String"
}
result.average_image_color If the attachment is an image, the sum of all colors.

Data type: String

Unit: RGB or number of pixels.

result.compressed Flag that indicates whether the attachment file has been compressed.
Possible values:
  • true: File has been compressed.
  • false: File has not been compressed.

Data type: String

result.content_type Content-type of the associated attachment file, such as image or jpeg or application/x-shockwave-flash.

Data type: String

result.created_by_name Full name of entity that originally created the attachment file.

Data type: String

result.download_link Download URL of the attachment on the ServiceNow instance.

Data type: String

result.file_name File name of the attachment.

Data type: String

result.image_height If an image file, the height of the image.

Data type: String

Unit: Pixels

result.image_width If an image file, the width of the image.

Data type: String

Unit: Pixels

result.size_bytes Size of the attachment.

Data type: String

Unit: Bytes

result.size_compressed Size of the compressed attachment file. If the file is not compressed, empty.

Data type: String

Unit: Bytes

result.sys_created_by Entity that originally created the attachment file.

Data type: String

result.sys_created_on Date and time that the attachment file was initially saved to the instance.

Data type: String

result.sys_id Sys_id of the attachment file.

Data type: String

result.sys_mod_count Number of times the attachment file has been modified (uploaded to the instance).

Data type: String

result.sys_tags Any system tags associated with the attachment file.

Data type: String

result.sys_updated_by Entity that last updated the attachment file.

Data type: String

result.sys_updated_on Date and time that the attachment file was last updated.

Data type: String

result.table_name Name of the table to which the attachment is associated.

Data type: String

result.table_sys_id Sys_id of the table associated with the attachment.

Data type: String

result.updated_by_name Full name of entity that last updated the attachment file.

Data type: String

Example: Sample cURL request

curl "https://instance.service-now.com/api/now/v1/attachment_csm/upload" \
--request POST \
--header "Accept:application/json" \
--header "Content-Type:multipart/form-data" \
--user "username":"password" \
 -F "table_name=incident" \
 -F "table_sys_id=d71f7935c0a8016700802b64c67c11c6" \
 -F "uploadFile=@/image/banner-CS0001345_v1_1.jpeg"
{
  "result": {
    "table_sys_id": "d71f7935c0a8016700802b64c67c11c6",
    "size_bytes": "36597",
    "download_link": "https://instance.service-now.com/api/now/v1/attachment_csm/994adbc64f511200adf9f8e18110c796/file",
    "sys_updated_on": "2019-02-02 14:00:21",
    "sys_id": "994adbc64f511200adf9f8e18110c796",
    "image_height": "",
    "sys_created_on": "2019-02-02 14:00:21",
    "file_name": "banner-CS0001345_v1_1.jpeg",
    "sys_created_by": "username",
    "compressed": "true",
    "average_image_color": "",
    "sys_updated_by": "username",
    "sys_tags": "",
    "table_name": "incident",
    "image_width": "",
    "sys_mod_count": "0",
    "content_type": "image/jpeg",
    "size_compressed": "25130",
    "created_by_name": "John Smith",
    "updated_by_name": "John Smith"
  }
}