Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@ServiceNow MCP ServerFind all high priority incidents assigned to me"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
ServiceNow MCP Server
An MCP (Model Context Protocol) server that proxies authenticated ServiceNow REST API access through per-user OAuth 2.0 tokens. Every action runs as the authenticated user, inheriting their ACLs, roles, and audit trail.
Architecture
MCP Client ──► MCP Server (Express + Streamable HTTP) ──► ServiceNow REST API
│
└──► Redis (encrypted token store)Per-user OAuth 2.0: Authorization Code Grant flow — no shared service accounts
Encrypted token storage: AES-256-GCM encrypted at rest in Redis
Per-session MCP instances: Each MCP session gets its own server + transport pair
Rate limiting: Token bucket algorithm per user via Redis
Quick Start
Prerequisites
Node.js 22+
Redis (or Docker Compose)
A ServiceNow instance with an OAuth Application Registry entry
Development
# Install dependencies
npm install
# Copy and configure environment
cp .env.example .env
# Edit .env with your ServiceNow instance details
# Generate encryption key
npm run generate-key
# Add the output to your .env file
# Start in development mode
npm run devDocker Deployment
# One-shot setup (Linux VM)
chmod +x setup.sh
./setup.sh
# Or manually:
docker compose up -d --buildServiceNow Setup
OAuth Application
Navigate to System OAuth > Application Registry in ServiceNow
Create: "Create an OAuth API endpoint for external clients"
Configure:
Redirect URL:
https://<your-host>:8080/oauth/callbackNote the Client ID and Client Secret
Add these to your
.envfile
User Role Requirements
Users who will connect through this MCP server need the snc_platform_rest_api_access role to make REST API calls. Without it, ServiceNow returns a 403 on all API requests (this is enforced when the system property glide.rest.enable_role_based_access is true, which is the default on newer instances).
To grant access:
Per user: Assign
snc_platform_rest_api_accessdirectly to the user recordVia group: Create a group (e.g., "MCP Users"), add the role to the group, and manage membership there
This role only grants the ability to call REST APIs — actual record-level access is still governed by each user's existing ACLs and roles.
Available Tools (18 total)
Incident Management
Tool | Description |
| Query incidents with filters (state, priority, assigned to me) |
| Get full incident details by number or sys_id |
| Create a new incident |
| Update fields on an existing incident |
| Add a work note or customer-visible comment |
User & Group Lookup
Tool | Description |
| Search users by name, email, or employee ID |
| Search assignment groups by name |
| Get your own ServiceNow profile |
Knowledge Base
Tool | Description |
| Full-text search across knowledge bases |
| Get a full knowledge article |
Task Management
Tool | Description |
| Get all open tasks assigned to you |
| Get your pending approvals |
| Approve or reject a pending approval |
Update Set Management
Tool | Description |
| Change your current in-progress update set by sys_id or exact name |
| Create a new update set and optionally set it as current |
Service Catalog
Tool | Description |
| Search the service catalog |
| Get catalog item details and form variables |
| Submit a catalog request |
Security
Several tools enforce server-side identity protections to prevent impersonation or audit trail tampering:
Tool | Protection |
|
|
| Protected audit fields ( |
|
|
| Verifies the approval record belongs to the authenticated user before allowing action |
These protections are enforced at the server level and cannot be bypassed by the AI or user input.
Client Configuration
Claude Desktop
{
"mcpServers": {
"servicenow": {
"type": "streamablehttp",
"url": "https://your-host:8080/mcp"
}
}
}Configuration
All configuration via environment variables. See .env.example for the full list.
Variable | Required | Description |
| Yes | ServiceNow instance URL |
| Yes | OAuth client ID |
| Yes | OAuth client secret |
| Yes | OAuth callback URL |
| Yes | Base64-encoded 32-byte AES key |
| No | Redis connection string (default: |
| No | Server port (default: |
| No | Requests per user per minute (default: |
Adding New Tools
Copy src/tools/_template.ts and follow the pattern. Register your new tool in src/tools/registry.ts.
Testing
npm test # Run unit tests
npm run test:watch # Watch modeEndpoints
Path | Method | Description |
| GET | Health check |
| GET | Start OAuth flow |
| GET | OAuth callback |
| POST | MCP initialize + tool calls |
| GET | MCP SSE notifications |
| DELETE | Close MCP session |
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.