What is a Scripted REST API?
A Scripted REST API lets you expose custom HTTP endpoints on your ServiceNow instance. Unlike the Table API which follows a fixed pattern, you control exactly what the endpoint accepts, what logic it runs, and what it returns.
Creating a Scripted REST API
Navigate to System Web Services > Scripted REST APIs. Create a new API record with a name and API namespace. Then add resources — each resource is a URL path with HTTP methods (GET, POST, PUT, DELETE) and a script that handles requests.
Basic GET endpoint example
(function process(request, response) {
var table = request.queryParams.table || 'incident';
var limit = parseInt(request.queryParams.limit) || 10;
var gr = new GlideRecord(table);
gr.setLimit(limit);
gr.query();
var results = [];
while (gr.next()) {
results.push({
sys_id: gr.getValue('sys_id'),
number: gr.getValue('number'),
short_description: gr.getValue('short_description')
});
}
response.setStatus(200);
response.setBody(JSON.stringify({ result: results }));
})(request, response);POST endpoint with request body
(function process(request, response) {
var body = JSON.parse(request.body.dataString);
if (!body.short_description) {
response.setStatus(400);
response.setBody(JSON.stringify({ error: 'short_description required' }));
return;
}
var gr = new GlideRecord('incident');
gr.setValue('short_description', body.short_description);
gr.setValue('category', body.category || 'software');
var sys_id = gr.insert();
response.setStatus(201);
response.setBody(JSON.stringify({ result: { sys_id: sys_id } }));
})(request, response);Authentication and ACLs
Scripted REST APIs respect the same ACLs as the Table API. The user whose credentials are used for the API call must have access to the tables and records the script interacts with. You can add additional role checks inside the script itself.
API Explorer
ServiceNow includes an API Explorer at System Web Services > REST API Explorer where you can test your endpoints interactively.