Rally Software

  • Private Community
 View Only

  • 1.  Rally API -

    Posted Jun 02, 2020 05:22 PM

    So, my API calls to Rally have started failing and I'm not sure where to even start with this. Checked the normal items - authentication is good, trying to create a defect with just the bare bones info, etc.The result of the authentication is shown below:

    {OperationResult":{_rallyAPIMajor":"2","_rallyAPIMinor":"0","Errors":[],"Warnings":[],"SecurityToken":"clkseRA53xsieSkuDLC70w4fGg"}}


    When I try to create a defect with Json, I get the following message:

    {CreateResult":{_rallyAPIMajor":"2","_rallyAPIMinor":"0","Errors":["Not authorized to perform action: Invalid key"],"Warnings":[]}}


    I'm making the call from another program. I've set up the web service to use the basic URL: https://rally1.rallydev.com/slm/webservice/v2.0, service type is REST and security is Basic. 

    I'm delivering this in a Json string using PUT  https://rally1.rallydev.com/slm/webservice/v2.0/Defect/create?key=[token]

    Any thoughts on where to look? 



    ------------------------------
    - Keith Jones
    - MCIC Vermont
    ------------------------------


  • 2.  RE: Rally API -

    Broadcom Employee
    Posted Jun 02, 2020 05:48 PM
    Hi Keith,

    You said this is 'started failing', this makes it sound as if it worked for you before. If that worked for you before - then apparently there is some change.
    The Api-Key needs to be passed as a header variable named: "ZSESSIONID". I am not sure that you'll need the security token when using the api-key as a header variable.

    Here's a screenshot of what it looks like in Postman. If you're using another tool or programming language, you need to include the 'ZSESSIONID' as a header variable. When using Postman, I can create a defect using this api-key in this way without the 

    Let us know if this helped. If not, can you please include screenshots of your code.

    Thanks,
    Sagi

    Original Message


  • 3.  RE: Rally API -

    Posted Jun 04, 2020 09:19 AM
    Sagi,

    Thank you for the information. Unfortunately, I don't know a lot about working with REST API - most of what I've done has just been cobbling together things from different sources. The client that makes the API calls has a structured system for creating the web services and methods, so I'm limited in what I can code. You are correct in that this *was* working. The client that makes the call had an upgrade related to UI and something in there may have broken the configuration. So I went in and completely recreated a new one, with the same result. I'll keep working on this from both sides - it was just a shot in the dark that the error message might point to something specific. Thanks again.

    ------------------------------
    - Keith Jones
    - MCIC Vermont
    ------------------------------

    Original Message


  • 4.  RE: Rally API -

    Broadcom Employee
    Posted Jun 04, 2020 09:35 AM
    Hi Keith,

    Sure. Take your time. We're here if you need us. Make sure you include the ZSESSIONID header variable, with a value set to your api-key, on all your Rally API calls. Hopefully that will help resolve this. If not - let us know more.

    Thanks,
    Sagi
    Original Message


  • 5.  RE: Rally API -

    Broadcom Employee
    Posted Jun 04, 2020 05:36 PM
    @Sagi Gabay, it doesn't look like he's trying to use API Key here; it looks like the old style basic credentials with a security token.

    I'm not sure how long security tokens are valid for; do you know if you're generating a new security token with each PUT request, Keith?​​​​​
    Original Message


  • 6.  RE: Rally API -

    Posted Jun 04, 2020 05:48 PM

    David,
    That sounds about right - in this program they use a workflow builder, and one of the first steps is to do the authentication call that takes place each time this process is initiated. It returns a security token which then gets stored in a variable and is used again on the defect creation during the same workflow. Something like this:
    {OperationResult":{_rallyAPIMajor":"2","_rallyAPIMinor":"0","Errors":[],"Warnings":[],"SecurityToken":"clkseRA53xsieSkuDLC70w4fGg"}}

    When I display the values during the defect creation, I can see that the token is still populated, so it doesn't appear to be losing that information. 

    And I apologize if I'm not using the correct terminology - I know nada about APIs - just what I've managed to piece together from the docs.



    ------------------------------
    - Keith Jones
    - MCIC Vermont
    ------------------------------

    Original Message


  • 7.  RE: Rally API -
    Best Answer

    Broadcom Employee
    Posted Jun 04, 2020 06:02 PM
    Yes, agreed @David LeDeaux .

    Check out this document, it suggests that this method was retired and should be replaced with using an api-key.​

    Keith,
    You may want to use an api-key instead. This doc should help you generate a valid api-key. Then you can apply it to your requests using that http header variable 'ZSESSIONID' that was previously mentioned.

    Let us know if that helps,
    Sagi
    Original Message


  • 8.  RE: Rally API -

    Posted Jun 26, 2020 02:20 PM
    Finally had a chance to get back to this - and yes, the API key works for me. The program that is calling the API had a Header parameter available. Works like a charm. Thanks!!!

    ------------------------------
    - Keith Jones
    - MCIC Vermont
    ------------------------------

    Original Message