REST API authenticates as "guest" user when no authorization is providedDescription<!-- div.margin{ padding: 10px 40px 40px 30px; } table.tocTable{ border: 1px solid; border-color:#E0E0E0; background-color: rgb(245, 245, 245); padding-top: .6em; padding-bottom: .6em; padding-left: .9em; padding-right: .6em; } table.noteTable{ border:1px solid; border-color:#E0E0E0; background-color: rgb(245, 245, 245); width: 100%; border-spacing:2; } table.internaltable { white-space:nowrap; text-align:left; border-width: 1px; border-collapse: collapse; font-size:14px; width: 85%; } table.internaltable th { border-width: 1px; padding: 5px; border-style: solid; border-color: rgb(245, 245, 245); background-color: rgb(245, 245, 245); } table.internaltable td { border-width: 1px; padding: 5px; border-style: solid; border-color: #E0E0E0; color: #000000; } .title { color: #D1232B; font-weight:normal; font-size:28px; } h1{ color: #D1232B; font-weight:normal; font-size:21px; margin-bottom:-5px } h2{ color: #646464; font-weight:bold; font-size:18px; } h3{ color: #000000; font-weight:BOLD; font-size:16px; text-decoration:underline; } h4{ color: #646464; font-weight:BOLD; font-size:15px; text-decoration:; } h5{ color: #000000; font-weight:BOLD; font-size:13px; text-decoration:; } h6{ color: #000000; font-weight:BOLD; font-size:14px; text-decoration:; } --> REST API authenticates as "guest" user when no authorization is provided Issue When using an inbound REST API call with no authorization provided, records are created as the "guest" user. The system logs, with the REST debugger enabled, start by showing the following entries: API_INT-thread-2 SYSTEM DEBUG: #450619 [REST API] RESTAPIProcessor : Started initializing REST RequestAPI_INT-thread-2 SYSTEM DEBUG: #450619 [REST API] URIHandler : Resolving URI: /now/table/incidentAPI_INT-thread-2 SYSTEM DEBUG: #450619 [REST API] RESTAPIProcessor : URI Resolving Duration duration_micro_secs=296API_INT-thread-2 SYSTEM DEBUG: #450619 [REST API] RESTAPIProcessor : Finished initializing REST RequestAPI_INT-thread-2 SYSTEM HTTP authorization validated user 'guest' Symptoms When making an inbound REST API web service call to the instance, the user is authenticated as "guest". REST API call with no authorization header.REST API call with an authorization header."guest" user account is used to process the request. Cause By default, the system property glide.basicauth.required.api is set to true. When this value is false, all inbound REST API calls are processed as the "guest" user. Resolution Modify the glide.basicauth.required.api sys_properties record and set the value to true. In the filter navigator, enter sys_properties.LIST.Search for name = glide.basicauth.required.api.Update the value from false to true.Click Update to save the new value.