Authenticate with a ServiceNow instance using Basic Auth or OAuth 2.0 bearer token scoped to the CSM application
POST to /api/now/table/sn_customerservice_case with required fields (short_description, contact, account, severity) to create a customer case
Set the SLA definition by referencing the correct task_sla record or by relying on auto-attach rules tied to the case category
Poll GET /api/now/table/task_sla?sysparm_query=task={case_sys_id} to monitor breach_time and stage fields for active SLA timers
When stage equals 'Breached', trigger escalation by updating the case's assignment_group and priority fields via PATCH /api/now/table/sn_customerservice_case/{sys_id}
Send a notification using POST /api/now/table/sys_notification or invoke a Flow Designer action via the REST API to alert the account team
Known gotchas
The CSM case table is sn_customerservice_case, distinct from the ITSM incident table (incident) — using the wrong table returns empty results or permission errors
SLA timers pause during business hours gaps if a business_hours schedule is attached; breach_time in task_sla reflects wall-clock time, not net working time, which can cause false escalations
The June 2026 security update enforced authentication on several formerly open API endpoints — ensure all requests include a valid session token or OAuth bearer, even for read operations
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp