API Security with ServiceNow

Hi, we’re considering integration between InsightVM and ServiceNow, but concerned about the security of allowing API access. From what I understand:

  1. When integrating with ServiceNow, the API key must be created by a user with Platform Admin rights - this means the resulting API key will have the same permissions.

  2. I’ve been advised that API traffic between InsightVM and ServiceNow is not encrypted - which includes transmission of the API key? If this is correct, surely that would result in the potential for our API key to be discovered and abused (with Platform Admin rights!).

Thanks