Base URL
https://[instance].service-now.com/api/now/table/[table_name]
// Examples:
https://mycompany.service-now.com/api/now/table/incident
https://mycompany.service-now.com/api/now/table/sys_user
https://mycompany.service-now.com/api/now/table/cmdb_ci_server
Authentication
OAuth 2.0 (recommended for production)
// Step 1: Get access token
POST /oauth_token.do
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_id=YOUR_ID&client_secret=YOUR_SECRET
// Step 2: Use the token
GET /api/now/table/incident
Authorization: Bearer eyJhbGc...
Basic Authentication
// Base64-encode username:password
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
// Never use a named user's credentials — always create a dedicated integration user
// with only the roles required for the integration
GET — retrieve multiple records
GET /api/now/table/incident
?sysparm_query=active=true^priority=1^state!=6
&sysparm_limit=50
&sysparm_offset=0
&sysparm_fields=number,short_description,state,assigned_to,priority
&sysparm_display_value=true
&sysparm_exclude_reference_link=true
Authorization: Bearer [token]
Complete query parameter reference
| Parameter | Description | Example |
|---|---|---|
| sysparm_query | Encoded query — same syntax as GlideRecord | active=true^priority=1 |
| sysparm_limit | Max records to return (default 10, max 10000) | 100 |
| sysparm_offset | Number of records to skip (for pagination) | 100 |
| sysparm_fields | Comma-separated list of fields to return | number,state,assigned_to |
| sysparm_display_value | true=display values, false=raw, all=both | true |
| sysparm_exclude_reference_link | Remove link objects from reference fields | true |
| sysparm_view | Form view to use for determining fields | desktop |
| sysparm_suppress_auto_sys_field | Exclude sys_created_on etc. from response | true |
GET — retrieve single record by sys_id
GET /api/now/table/incident/6816f79cc0a8016401c5a33be04be441
?sysparm_display_value=true
&sysparm_fields=number,short_description,state,resolved_at
// Response: 200 OK with single record object (not an array)
GET — retrieve by unique field value
GET /api/now/table/incident
?sysparm_query=number=INC0001234
&sysparm_limit=1
// Or using the Table API's field-specific lookup:
GET /api/now/table/incident?number=INC0001234
POST — create a record
POST /api/now/table/incident
Content-Type: application/json
Authorization: Bearer [token]
{
"short_description": "Printer not working in Finance",
"urgency": "2",
"impact": "2",
"category": "hardware",
"subcategory": "printer",
"caller_id": "6816f79cc0a8016401c5a33be04be441"
}
// Response: 201 Created
{
"result": {
"sys_id": "abc123...",
"number": "INC0001234",
"short_description": "Printer not working in Finance",
...
}
}
Reference fields (like caller_id) accept sys_ids. Do not pass display values — they will fail. Retrieve the sys_id first if you only have the display value.
PATCH — update specific fields
PATCH /api/now/table/incident/[sys_id]
Content-Type: application/json
Authorization: Bearer [token]
{
"state": "6",
"close_code": "Solved (Permanently)",
"close_notes": "Replaced printer cartridge. Printer working normally."
}
// Response: 200 OK with the updated record
// Only the fields you send are updated — others remain unchanged
PUT — replace entire record
PUT /api/now/table/incident/[sys_id]
Content-Type: application/json
Authorization: Bearer [token]
// PUT replaces the entire record — fields not included are cleared to default
// Use PATCH in almost all cases — PUT is destructive for fields you don't include
{
"short_description": "Updated description",
"state": "2",
// All other fields not included here will be cleared
}
DELETE — remove a record
DELETE /api/now/table/incident/[sys_id]
Authorization: Bearer [token]
// Response: 204 No Content
// This is a hard delete — use carefully
// The calling user needs delete ACL access to the record
Pagination
// Page 1 — first 100 records
GET /api/now/table/incident?sysparm_limit=100&sysparm_offset=0
// Page 2 — next 100 records
GET /api/now/table/incident?sysparm_limit=100&sysparm_offset=100
// Page 3
GET /api/now/table/incident?sysparm_limit=100&sysparm_offset=200
// Check X-Total-Count response header to know total records
// X-Total-Count: 1247
// Calculate last page: Math.ceil(1247 / 100) = 13 pages
Display values vs raw values
// sysparm_display_value=false (default)
// Reference fields return sys_id
// Choice fields return stored value (e.g. "1" for "New")
{
"state": "1",
"assigned_to": { "value": "6816f79c...", "link": "..." }
}
// sysparm_display_value=true
// Reference fields return display name
// Choice fields return display label
{
"state": "New",
"assigned_to": { "display_value": "John Smith", "link": "..." }
}
// sysparm_display_value=all
// Returns both value and display_value for every field
{
"state": { "value": "1", "display_value": "New" },
"assigned_to": { "value": "6816...", "display_value": "John Smith" }
}
Error codes and handling
// 200 OK — GET/PATCH successful
// 201 Created — POST successful, check Location header
// 204 No Content — DELETE successful
// 400 Bad Request — malformed JSON, invalid field values
// 401 Unauthorized — invalid or expired token
// 403 Forbidden — authenticated but no ACL access
// 404 Not Found — record or table does not exist
// 429 Too Many Requests — rate limited, check Retry-After header
// 500 Internal Server Error — server-side error
// Good error handling in consuming code:
async function getIncident(sysId) {
const response = await fetch(`/api/now/table/incident/${sysId}`, {
headers: { 'Authorization': `Bearer ${token}` }
});
if (response.status === 404) return null;
if (response.status === 401) { await refreshToken(); return getIncident(sysId); }
if (!response.ok) throw new Error(`API error: ${response.status}`);
const data = await response.json();
return data.result;
}
Related guides:
- ServiceNow REST API complete guide — deeper coverage of all APIs
- OAuth 2.0 guide — authentication for API calls
- Scripted REST APIs — building custom endpoints
- HTTP status codes — handling every response code
- Encoded queries — sysparm_query syntax reference