I am using the rally API key for authentication of the rest services. Services get authenticated with any API key that starts with underscore (_). Looks like API key is validated by checking whether it starts with underscore or not.
Is this correct or Is it a bug in rest service authentication.?
Api key is generated at https://rally1.rallydev.com/login/accounts/index.html#/keys
Hi anil.vanaparthi ,
I might be misunderstanding the question. It does appear all APIKeys start with an '_', but the entire key is validated before access is granted to CA Agile Central webservices. You can test by changing a few characters in a key.
Hi Sean Davis,
ya i tried giving wrong api key, but still it works.
For example "_abc" is also being validated as correct. It fails only if it doesn't start with underscore.
My guess is your REST client is caching session information. Try from something like cURL and you will see the requests fail as you change your APIKey.
I think issue here is not because of caching. When i give api key without underscore it fails, so it is always taking the latest key.
I have event tried from mozilla Rest client and i face the same issue.
I am using a trial version of CA Agile central. Is this causing the issue?
I cannot reproduce the issue internally, so it might be best to create a support ticket. You can do that via https://support.ca.com or by calling 800-225-5224.