Inbound Web Service TroubleshootingIssue <!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Contents Issue — What This Article CoversQuick Symptom TriageThe Inbound Request LifecycleUniversal Diagnostic ChecklistCommon Issue CategoriesHTTP Status Codes — Quick ReferenceRelated Articles 1. Issue — What This Article Covers Starting point for troubleshooting inbound web service issues — calls coming into a ServiceNow instance via REST, SOAP, GraphQL, or Scripted REST API. Symptoms covered No response, timeout, or connection failure.401 / 403 auth failures.429 throttling.Slow responses, or transactions cancelled at 5 minutes.Empty bodies, or fewer records returned than expected.500 Internal Server Errors. How to use this article This is a hub article. It points you to the right deep-dive. Start with the Quick Symptom Triage. ↑ Back to top 2. Quick Symptom Triage Match your symptom on the left, read the article on the right. The diagram below walks the same logic visually. What you're seeing Most likely cause Read this No response, connection refused, TLS handshake error Network, firewall, or certificate Section 5.1 below, plus KB0538621 (instance IPs) 401 Unauthorized or 403 Forbidden Auth, API key, or token issue Section 5.2 below, plus KB1296997 (API Keys) 403 returned even though the operation succeeded Known ACL response pattern on POST KB2697679 429 Too Many Requests, throttling, or "adding nodes didn't help" Rate limit rule, semaphore saturation, or per-table quota KB3046852 — Inbound Web Services Rate Limits Calls timing out exactly at 5 minutes Per-table transaction quota (300s default) KB3046852, Section 7 (Per-Table Quotas) Slow but eventually succeeds, intermittent 500/503 Query performance, indexing, or transient platform event Section 5.4 below, plus the Inbound API Timeouts & Slow Responses deep-dive (KB3047080) Empty response body, or fewer records returned than sysparm_limit requested ACLs filtering rows post-query Section 5.5 below, plus the sysparm_limit and ACLs deep-dive (KB3047115) Table API response sorted differently than expected Default sort behavior on Table API KB2628639 Web Service Export size or throttling concerns Export sizing limits KB0547836 ↑ Back to top 3. The Inbound Request Lifecycle Every inbound request passes through four stages. Most failures live in exactly one. Identifying the stage narrows the diagnostic path. Each stage maps to a subsection in Section 5. ↑ Back to top 4. Universal Diagnostic Checklist Capture these six items before clicking into any deep-dive article. They resolve most cases at first touch. Full HTTP response headers. Especially status code and any header starting with X-RateLimit- or Retry-After. Their presence or absence is itself diagnostic.Time of failure to the second, with timezone (UTC strongly preferred).Endpoint and target table (e.g., POST /api/now/table/incident).Client IP and integration user that made the call.Recent change context. Was there a platform upgrade, rate limit rule edit, ACL change, or client-side deployment in the last 30 days?A snapshot of https://<instance>.service-now.com/stats.do captured as close to the failure time as you can reach. Enable debug logging if the request never appears to arrive If you turn on debugging and don't see your request in the logs, the call is not reaching the instance — jump to Section 5.1 (Network & Delivery). Available debug properties: REST: glide.rest.debugSOAP: glide.processor.debug.SOAPProcessorJSONv2 (Fuji and later): no dedicated debug property; rely on Transaction and All logs. ↑ Back to top 5. Common Issue Categories Short summaries below. The deep-dive articles are where actual diagnosis happens. 5.1 Network & Delivery When: request doesn't reach the instance, TLS handshake errors, or debug logs show no entries for the failing call. Common causes: customer-side firewall or proxy block, missing/expired TLS trust chain, DNS or routing failure. Next: verify instance IP ranges in KB0538621. 5.2 Authentication, ACLs & Permissions When: 401, 403, or empty/unexpected response with a non-admin user. Two ACL levels apply: Processor-level — gates the endpoint. SOAP requires a SOAP role (soap, soap_query, etc.). REST requires rest_service.Table / record-level — gates which rows the user sees. Empty bodies or short result sets usually mean these. Quick check: if it works as admin but fails as the integration user, it's ACLs — not auth. Next: KB1296997 (API Keys), KB2780010 (JWKS), or KB2697679 (POST 403 with success). 5.3 Rate Limits, Semaphores & Throttling When: HTTP 429, or failures under load. Three layers — confusing them is the #1 source of misdiagnosis: Per-instance rate limit rules (sys_rate_limit_rules). Hourly cap per user/role. Doesn't scale with nodes.Per-node semaphores (API_INT, visible at stats.do). Does scale with nodes.Per-table transaction quotas. Cap duration/concurrency on a specific table. Doesn't scale with nodes. Quick check: 429 with X-RateLimit-* headers = Layer 1. 429 without them = Layer 2. Cancel at exactly 5 min = Layer 3. Next: KB3046852 — Inbound Web Services Rate Limits. Covers all three layers in depth. 5.4 Timeouts, Slow Responses & Server Errors When: calls take much longer than expected, time out without a clean 429, or return HTTP 500. Common causes: large/unfiltered Table API queries, missing indexes on integration filter fields, transient 5xx during maintenance windows, server exceptions in System Log. Next: Inbound API Timeouts & Slow Responses (KB3047080) covers triage flow, query optimization, and when to escalate. For immediate help, check System Log for stack traces and capture stats.do per Section 4. 5.5 Empty Bodies & Wrong Record Counts When: the call succeeds (200 or 201) but the response body is empty, or fewer records are returned than sysparm_limit requested. Common cause: ACLs filter rows after the query runs. The platform applies sysparm_limit first, then drops any rows the user can't read. Result: fewer rows than asked for, with no error. Import Set inserts can return 201 with an empty body for the same reason. Quick check: re-run as admin or as a user with unrestricted read on the target table. If the row count jumps, the cause is ACL filtering. Next: the sysparm_limit and ACLs deep-dive (KB3047115) covers diagnosis and mitigation. For the ACL mechanics themselves, see Section 5.2. ↑ Back to top 6. HTTP Status Codes — Quick Reference Match the code, jump to the section. Code Meaning What to do 400 Bad Request Malformed JSON, missing required field, or invalid endpoint. Fix the request body or URL. 401 Unauthorized Credentials missing, invalid, or expired. See Section 5.2. 403 Forbidden Credentials valid, but user lacks the required role or ACL. See Section 5.2. For the success-but-403 pattern, see KB2697679. 429 Too Many Requests Throttled by a rate limit rule, semaphore pool, or table quota. See Section 5.3. 500 Internal Server Error Exception in processing. Check System Log for the stack trace. See Section 5.4. 503 Service Unavailable Usually transient — instance maintenance window or short-term capacity event. Retry with backoff. If sustained, see Section 5.4. ↑ Back to top Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } . Resolution<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } .