Skip to main content

ServiceNow Integration

Connect with ServiceNow to collect compliance evidence directly from your instance

Written by Micah Spieler
Updated this week

The ServiceNow integration allows you to use Strike Graph's Bridge-style of integration to collect evidence directly from ServiceNow's REST API for your compliance needs. This integration uses OAuth authentication to securely connect to your ServiceNow instance and allows you to specify exactly which API endpoints to call and what data to collect.

With this integration, you can gather evidence from almost any part of ServiceNow, including:

  • User access lists and role assignments

  • Change and incident records

  • System configurations and properties

  • CMDB configuration items

  • Audit logs and activity history

  • And more!

Important note: Setting up the ServiceNow integration requires someone with administrator access to your ServiceNow instance to configure an OAuth Application Registry entry. This is a one-time setup step.

Setting Up the ServiceNow Integration

Prerequisites

  • An active ServiceNow instance with administrator access

  • Ability to create an OAuth Application Registry entry in ServiceNow

  • Appropriate permissions within Strike Graph to manage integrations

Step 1: Create an OAuth Application Registry entry in ServiceNow

Before connecting in Strike Graph, a ServiceNow administrator needs to register Strike Graph as an authorized OAuth application.

  1. In your ServiceNow instance, navigate to System OAuth > Application Registry

  2. Click New and select Create an OAuth API endpoint for external clients

  3. Fill out the form with the following:

    • Name: A recognizable name, such as "Strike Graph"

    • Client ID: ServiceNow will generate this automatically — copy it for the next step

    • Client Secret: ServiceNow will generate this automatically — copy it for the next step

    • Redirect URL: Copy the callback URL from Strike Graph (see Step 2 below) and paste it here

  4. Under OAuth Grants, confirm that both of the following grant types are enabled:

    • Authorization Code — required for the initial authentication flow

    • Refresh Token — required for Strike Graph to maintain the connection over time without requiring you to re-authenticate

    Important: If the Refresh Token grant type is not enabled, the integration will appear to connect successfully but will stop collecting evidence after the initial access token expires. If you've already created the registry entry and are experiencing reconnection issues, edit the entry to verify both grant types are checked.

  5. Save the entry

For more details on setting up inbound OAuth in ServiceNow, refer to ServiceNow's Inbound OAuth documentation.

Step 2: Connect your ServiceNow account in Strike Graph

  1. Navigate to Integrations in the main Strike Graph menu

  2. Find the ServiceNow integration card and click Add Integration

  3. Copy the Callback URL shown in the form — you will need to paste this into the ServiceNow OAuth Application Registry entry (see Step 1 above)

  4. Enter your ServiceNow Instance name. This is the subdomain of your ServiceNow URL — for example, if your instance URL is mycompany.service-now.com, your instance name is mycompany

  5. Enter the Client ID and Client Secret from your ServiceNow OAuth Application Registry entry

  6. Click Save

  7. You'll be redirected to ServiceNow to authorize the connection — sign in and approve the request

  8. You'll be redirected back to Strike Graph with the integration now active

Once connected, your ServiceNow integration will appear in the integration list with an "Active" status.

Please note: Access tokens for this integration expire after 90 days. Strike Graph will attempt to refresh the token automatically, but if the refresh fails you can reconnect the integration at any time using the Reconnect button.

Collecting Evidence from ServiceNow

Step 1: Select an evidence object

  1. Navigate to the evidence object where you want to add ServiceNow data

  2. Click the Attach button to open the attachment options, or click Automated Collection if you'd like the evidence to be recollected automatically before it expires (recommended)

  3. Select your ServiceNow integration from the list of available sources

Step 2: Configure your API request

The ServiceNow evidence collection form has three main components:

HTTP Method

Select the type of request you want to make:

  • GET — Retrieve data from an endpoint (most common)

  • POST — Send data to an endpoint and retrieve the response

API Route

Enter the ServiceNow API route you want to access. This should be the portion of the URL after your instance's base domain. For example, if the full endpoint URL is https://mycompany.service-now.com/api/now/table/sys_user, you would enter:

api/now/table/sys_user

Refer to the ServiceNow REST API documentation for the full list of available endpoints and their requirements.

Request Body (for POST requests only)

If you selected POST as your HTTP method, you'll see an additional field for the request body. This should be valid JSON formatted according to the requirements of the ServiceNow endpoint you're calling.

Step 3: Submit your request

  1. Click Attach (or Save if configuring Automated Collection) to execute the API request

  2. Strike Graph will process your request and collect the data

  3. Once complete, the evidence will be attached to your evidence object as a JSON file

Common ServiceNow API Routes for Compliance Evidence

ServiceNow's Table API is the primary mechanism for querying data across the platform. Most endpoints follow the pattern api/now/table/{table_name}, with optional query parameters to filter or limit results. The list below covers endpoints that are frequently relevant for compliance programs — confirm specific requirements (query parameters, pagination, field selection) in the ServiceNow Table API documentation.

User Access and Identity

  • api/now/table/sys_user — List of all users in the instance

  • api/now/table/sys_user_role — Role definitions

  • api/now/table/sys_user_has_role — User-to-role assignments

  • api/now/table/sys_user_group — User groups

  • api/now/table/sys_user_grmember — Group membership records

Change and Incident Management

  • api/now/table/change_request — Change requests (useful for change management evidence)

  • api/now/table/change_task — Tasks associated with change requests

  • api/now/table/incident — Incident records

  • api/now/table/problem — Problem records

Audit and Activity

  • api/now/table/sys_audit — Audit logs for record changes across the platform

  • api/now/table/sys_log — System logs

System Configuration

  • api/now/table/sys_properties — System properties and configuration settings

  • api/now/table/sys_security_policy — Security policy definitions

  • api/now/table/sys_policy — System policies

CMDB and Assets

  • api/now/table/cmdb_ci — Configuration items (all types)

  • api/now/table/cmdb_ci_computer — Computer configuration items

  • api/now/table/cmdb_ci_server — Server records

Tip: Many ServiceNow Table API endpoints return large record sets by default. You can use query parameters like sysparm_limit, sysparm_query, and sysparm_fields to scope the results down to just the data you need. For example:

api/now/table/sys_user?sysparm_fields=user_name,email,active,last_login&sysparm_limit=1000

  1. If you want the most recently updated records (rather than created), swap in sys_updated_on instead: sysparm_query=ORDERBYDESCsys_updated_on

  2. You can stack query conditions using ^ as an AND operator — for example, to get the 25 most recently created active users: sysparm_query=active=true^ORDERBYDESCsys_created_on&sysparm_limit=25

  3. For compliance purposes, sys_updated_on is often more useful than sys_created_on since it surfaces records that have changed recently, which is what auditors typically care about for things like access reviews or change requests

Troubleshooting

Authentication Issues

If you receive authentication errors when setting up or using the integration:

  1. Click the Reconnect button next to your ServiceNow integration in the Integrations Manager

  2. Verify that the Callback URL in your ServiceNow OAuth Application Registry matches exactly what is shown in Strike Graph

  3. Confirm that the Client ID and Client Secret are copied correctly and have not been rotated since setup

  4. Re-authorize the connection by following the OAuth prompts

Invalid API Route

If you receive an error about an invalid route:

  1. Double-check that your API route does not include the base domain (mycompany.service-now.com) — only the path after the domain should be entered

  2. Confirm the endpoint exists in the ServiceNow REST API documentation

  3. Ensure your ServiceNow user account has the necessary permissions to access the requested table or endpoint

Invalid JSON in Request Body

For POST requests, if you receive a JSON validation error:

  1. Ensure all keys and string values are wrapped in double quotes

  2. Validate your JSON using an online JSON validator before submitting

  3. Check the ServiceNow API documentation for the required request body format for the endpoint

Missing or Incomplete Data

If the evidence collects successfully but the data is not what you expected:

  1. Review whether you need to add query parameters (such as sysparm_query or sysparm_fields) to the API route to scope the results

  2. Verify that the ServiceNow user account associated with the integration has read access to the data you're requesting

  3. Check whether pagination is limiting results (use sysparm_limit and sysparm_offset to retrieve additional records)

Did this answer your question?