Configure API key - Token-based authentication
- UpdatedFeb 1, 2024
- 3 minutes to read
- Washington DC
- Platform Security
Configure an API key to support authentication for REST API endpoints.
Before you begin
Role required: admin
Plugin required: API Key and HMAC Authentication (com.glide.tokenbased_auth)
Procedure
-
Create an inbound authentication profile.
- Navigate to All > System Web Services > API Access Policies > Inbound Authentication Profiles.
-
Select New.
The system displays the message What kind of authentication profile?
-
Select Create API Key authentication profiles.
-
On the form, fill in the fields.
Table 1. API Key authentication profiles Field Description Name Name to identify the authentication policy. Application Scope of the authentication policy. Auth Parameter Select the auth parameter for the authentication request. You can select the default options or create a new auth parameter: - x-sn-apikey: Auth Header
- x-sn-apikey: Query Parameter header
Note: The selected option has to be defined in the REST call as part of the Auth Header or Query Parameter. - Submit the form.
-
Create a REST API key.
- Navigate to All > System Web Services > API Access Policies > REST API Key.
- Select New.
-
On the form, fill the fields:
Table 2. API Key Field Description Name Name to identify the REST API Key Description Description for the REST API Key. Active Status of the REST API Key. User User associated to the REST API Key. Use the look-up icon to select the user. Auth Scope Option to add auth scope to manage the authority of the REST API Key. Token The REST API key generated by the Now Platform. Copy the key to use as part of the REST API call within the Header or Query parameter. - Submit the form.
-
Open the record that was created to view the token generated by the Now Platform for the user.
-
Create a REST API Access policy.
- Navigate to All > System Web Services > REST API Access Policies.
- Select New.
-
On the form, fill in the fields.
Table 3. API Access Policies Field Description Name Unique name of the API access policy. Active Option to make the API access policy active. REST API The REST API to which the access policy is applied. For example, Attachment API. REST API PATH API path of the REST API. This field is auto-populated based on the selected REST API. For example, now/attachment. HTTP Method Method used for interacting with the API. This field is auto-populated based on the selected REST API. Version Version of the API. For example, v1. This field is auto-populated based on the selected REST API. Note: If you want to create an authentication policy for all versions of a REST API, you must create individual policies for each version.Resource Child resource of the REST API. This field is auto-populated based on the selected REST API. For example, /now/attachment Application Scope of the application. Global Enable this field to apply auth policy to all methods, versions, and resources for the API. Note: Token Based Auth isn’t allowed in the Global REST API Policy.Apply to all methods Enable this field to apply the auth policy for the API to all the methods, versions, and resources for the API. Apply to all resources Enable this field to apply the auth policy for the API to all the versions. Apply to all versions Enable this field to apply the auth policy for the API to all the resources. - Add the API Authentication profile that was created.
- Submit the form.
You can send the REST API call with the x-sn-apikey (token) that was generated by the Now Platform during the API Key creation within the Header or Query parameter based on the configuration for authentication.Warning: Use POST request when submitting any sensitive information to the server.