Rally Software

  • Private Community
 View Only

 Trying to get an authorization token status = 401

Mark Athas's profile image
Mark Athas posted Jan 31, 2022 07:29 PM
Calling https://rally1.rallydev.com/slm/webservice/v2.0/security/authorize using Basic Auth with a User:Pswd as a Base64 unquoted string, that has Workspace Admin Permission.  I get a 401.  Do they need Site Administration to get a token? Authorization: Basic QTk... in the header
Sagi Gabay's profile image
Broadcom Employee Sagi Gabay posted Feb 01, 2022 01:49 PM
Hi Mark,

401 error code suggests the user isn't authorized to generated the token. I'd like to share with you this knowledge base document. Please see the explanation of Api-Key.  Generally, Api-Key is an easier mechanism to use than the security token. I would recommend you generate an api-key and see if that will resolve your issue.

Any user can generate an api-key. You shall go to https://rally1.rallydev.com/login , then click API KEYS (at the top), then click Create Api Key, then select between a full access or a read-only key. The api-key should be thought of as a password, you shall not share it. Using the api-key is by including a http header variable to your Rally API calls. That http header variable should be named: "ZSESSIONID" and its value needs to be your api-key.

Please let us know if that helped.

Thanks,
Sagi
Mark Athas's profile image
Mark Athas posted Feb 01, 2022 09:59 PM
@Sagi Gabay  I use an API key for all my read functions.  Documentation indicates I need to use a ?key= param when doing a PUT/POST or DELETE.  I tried the API as a Cookie in the header to fetch a SecurityToken on: https://rally1.rallydev.com/slm/webservice/v2.0/security/authorize.  The /security/authorize fails with a known, defined user.

So if you mean:
(A) I can call the /security/authorize api to get a token response (see below), with my API key, instead of the Basic Authorization as the instructions indicate, I tried that, and it failed with 401

(B) but, if you mean I can use the POST/PUT or DELETE calls with just an APIKEY in the header Cookie, and not require a ?key= param... I have not tried that.

 
{
    "OperationResult": {
        "_rallyAPIMajor": "2",
        "_rallyAPIMinor": "0",
        "Errors": [],
        "Warnings": [],
        "SecurityToken":"<SECURITY_TOKEN>"
    }
}


Sagi Gabay's profile image
Broadcom Employee Sagi Gabay posted Feb 01, 2022 10:29 PM
Hi Mark,

An Api-Key can be used for all Rally API calls, including GET, POST, PUT and DELETE.  It is not a cookie.  
It should be sent as a HTTP Header Variable.  The variable name should be: "ZSESSIONID".  The variable value should be: your api-key.

Thanks,
Sagi
Mark Athas's profile image
Mark Athas posted Feb 02, 2022 12:14 PM
Here's my request/response:  (With <My APIKEY> replacing the apikey; with workspace and user obscured with zeros for privacy).  User with the apikey has Workspace Permission.  I wonder if that user (a service account) needs Subscription Admin.


Request
POST /slm/webservice/v2.0/workspacepermission/create?workspace=https%3A%2F%2Frally1.rallydev.com%2Fslm%2Fwebservice%2Fv2.0%2Fworkspace%2F00000000000 HTTP/1.1
< Host: rally1.rallydev.com
< User-Agent: python-requests/2.27.1
< Accept-Encoding: gzip, deflate
< Accept: */*
< Connection: keep-alive
< Cookie: ZSESSIONID=<My APIKEY>
< Content-Length: 148

Response
WorkspacePermission=%22Workspace%22%3A%22%2Fworkspace%2F00000000000%22%2C+%22Role%22%3A%22User%22%2C+%22User%22%3A%22%2Fuser%2F00000000000%22%7D%7D
> HTTP/1.1 401 Unauthorized
> Date: Wed, 02 Feb 2022 17:06:25 GMT
> Transfer-Encoding: chunked
> Connection: keep-alive
Sagi Gabay's profile image
Broadcom Employee Sagi Gabay posted Feb 02, 2022 12:18 PM
Hi Mark,

From your data I can see that ZSESSIONID is a Cookie. However, like said, ZSESSIONID should not be a cookie. It needs to be a HTTP Header Variable.
Below is a screenshot from Postman showing the http headers, notice that the ZSESSIONID is separate of Cookie.

Thanks,
Sagi

Mark Athas's profile image
Mark Athas posted Feb 02, 2022 01:31 PM
Still fails with 401 - Not Authorized, Account is a Workspace admin.  Also tried with Subscription Admin, also fails. 

Is there better documentation than: https://rally1.rallydev.com/slm/doc/webservice/  ?!?

< POST /slm/webservice/v2.0/workspacepermission/create HTTP/1.1
< Host: rally1.rallydev.com
< User-Agent: python-requests/2.27.1
< Accept-Encoding: gzip, deflate
< Accept: */*
< Connection: keep-alive
< ZSESSIONID: <MY_APIKEY>
< Content-Length: 148
< Content-Type: application/x-www-form-urlencoded
<

Also not sure how create references are to be passed.  Are they url params? or body json?  I'm using body json on create.

{
"Workspace": "/workspace/000000000",
"Role": "User",
"User": "/user/000000000"
}
Mark Athas's profile image
Mark Athas posted Feb 03, 2022 09:46 AM
Thanks for the trys @Sagi Gabay!  Thinking the same.  I'll open a support case.​​