Rally Software

 View Only
Expand all | Collapse all

Why am I now unable to use API keys to make updates in Rally with the API?

  • 1.  Why am I now unable to use API keys to make updates in Rally with the API?

    Posted Feb 06, 2019 03:21 PM

    Hi, 

     

    I am suddenly having a problem using API keys for an ajax call in Javascript to make updates using the Rally API. The method being used worked perfectly before, however this error is returned in all apps that use this method upon testing today:

    "{"OperationResult": {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "Errors": ["Not authorized to perform action: Invalid key"], "Warnings": []}}"

     

    Here is the method used:

    var xmlhttp = new XMLHttpRequest();
    xmlhttp.onreadystatechange = function () {
    if (this.readyState == 4 && this.status == 200) {
    //Use parse() method to convert JSON string to JSON object
    var responseJsonObj = JSON.parse(this.responseText);

    var a = document.getElementById('here');

    a.innerHTML = this.responseText;

    // console.log( responseJsonObj.name );
    // console.log( responseJsonObj.age );
    }
    };

    xmlhttp.open("POST", "https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/epics/" + objectID + "/tags/add?fetch=Name", true);

    // xmlhttp.setRequestHeader('Content-Type', contHeader);
    xmlhttp.setRequestHeader('zsessionid', rallyAPIKey);

    xmlhttp.send(JSON.stringify(postTest));
    }

     

    Has there been a change that makes something incorrect here? (I have also tried generating new API keys and had other users try as well)

     

    Thanks in advanced!



  • 2.  Re: Why am I now unable to use API keys to make updates in Rally with the API?

    Broadcom Employee
    Posted Feb 06, 2019 04:15 PM

    Hi Dominic,

     

    To answer your question: No, there hasn't been any change to the api-keys or that mechanism recently.

     

    It could be that the username who owns your api-key perhaps is disabled or locked. Do you know who is the username who owns the api-key you're using? Can you check to see the status of that username?

     

    Thanks,

    Sagi



  • 3.  Re: Why am I now unable to use API keys to make updates in Rally with the API?

    Broadcom Employee
    Posted Feb 06, 2019 04:28 PM

    Hi Dominic,

     

    Could you share the payload you're sending in that request?  I'd like to see if I can reproduce this.



  • 4.  Re: Why am I now unable to use API keys to make updates in Rally with the API?

    Broadcom Employee
    Posted Feb 06, 2019 04:51 PM

    I tested this on my end and it's working for me, but I'm just using a REST API client; haven't tried generating an XHR request yet.

     



  • 5.  Re: Why am I now unable to use API keys to make updates in Rally with the API?

    Broadcom Employee
    Posted Feb 06, 2019 04:58 PM

    I threw together a quick jQuery XHR request:

    $.ajax  ({
         type: 'POST',
         url: 'https://rally1.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/216341263288/tags/add?fetch=Name',
         dataType: 'json',
         async: true,
         headers: {
              zsessionid:'_4p1k3y4p1k3y4p1k3y4p1k3y4p1k3y'
         },
         data: JSON.stringify({
              "Tags":[
                        {"_ref":"/tag/260510816912"}
                   ]
              }
         ),
         contentType : 'application/json',
         success: function(data,textStatus, jQxhr){
              alert(textStatus);
         },
         error: function( jqXhr, textStatus, errorThrown ){
              alert(errorThrown);
         }
    });

     

    Response comes back looking good:

    {
         "OperationResult": {
              "_rallyAPIMajor": "2",
              "_rallyAPIMinor": "0",
              "Errors": [],
              "Warnings": [],
              "Results": [{
                        "_rallyAPIMajor": "2",
                        "_rallyAPIMinor": "0",
                        "_ref": "https://rally1.rallydev.com/slm/webservice/v2.0/tag/260510816912",
                        "_refObjectUUID": "fe23b670-fe19-4cbe-957c-1b69ebebebeb",
                        "_objectVersion": "1",
                        "_refObjectName": "foo",
                        "Name": "foo",
                        "_type": "Tag"
                   }
              ]
         }
    }


  • 6.  Re: Why am I now unable to use API keys to make updates in Rally with the API?

    Posted Feb 06, 2019 05:01 PM

    Hi Sagi and David, 

     

    I greatly appreciate the prompt responses. I am thinking that the issue may be related what Sagi has mentioned. I sent an email in order to find out if the Admins have made any changes. I will get back to you both once I receive a response. 

     

    Thanks! 

     

    Dominic



  • 7.  Re: Why am I now unable to use API keys to make updates in Rally with the API?

    Posted Feb 07, 2019 09:05 AM

    Dominic,

     

    You also may want to check to make sure the Sub Admins didn't change the API setting in the Subscription settings:

     



  • 8.  Re: Why am I now unable to use API keys to make updates in Rally with the API?

    Posted Feb 07, 2019 08:26 PM

    Hi Everyone, 

     

    I just want to give an update that I was able to contact our sub-admins and admin and they said that no changes have been made and they even sent a screenshot showing that the API keys are definitely enabled. Unfortunately I still can not find any solution to this. I would greatly appreciate if anyone had any other ideas to share. 

     

    Thanks!



  • 9.  Re: Why am I now unable to use API keys to make updates in Rally with the API?

    Broadcom Employee
    Posted Feb 08, 2019 10:09 AM

    Hi Dominic,

     

    Do you know who is the username that owns this api-key?

    The ultimate test to make certain that the api-key should work will be to login with that user and be able to do anything, even just see the user stories or defect. If the username is good then indeed the api-key should be good.

     

     

    I see your subscription is set up for SSO with exceptions. You need to also find out if this username is in this exception list or not. I don't want to write any usernames here since it's a public page. 

     

    If this username is not in the exception list then it means it must work via the SSO, which means that the authorization problem you're encountering may come from there. So, if this username is not in the exception list then I'll recommend you (that is your sub-admins) add it to the exception list so you can then test this user authentication directly at rally1.rallydev.com without the SSO. Then you shall both test what I suggested above and also your code.

     

    If indeed adding it to the exception list will help then either you just leave it this way (which if this username is assumed to develop some integration or connector then it may be the recommended approach anyways), or you can then find out from your SSO product why the authorization problem happened.

     

    Let us know if helped.

     

    Sagi



  • 10.  Re: Why am I now unable to use API keys to make updates in Rally with the API?

    Posted Feb 12, 2019 03:07 PM

    Hi Sagi, 

     

    It is my username that owns the API key being used. We have tried what you purposed and it still did not work. This was tested by our admin with her own API key who is on the SSO exception list. Still we are lost on what the problem could be...

     

    It is unlikely that this is a network issue because I am able to reach the Jira API from Rally without any issues with the authorization header being sent with that request.

     

    Thanks,

     

    Dominic



  • 11.  Re: Why am I now unable to use API keys to make updates in Rally with the API?

    Posted Feb 12, 2019 03:28 PM

    Sagi_Gabay I have been working with Dominic on this, would you suggest opening a support case for this?  I logged into Rally using my Whitelisted ID and I am also getting this error message when I enter my API Key.  Appreciate the support!



  • 12.  Re: Why am I now unable to use API keys to make updates in Rally with the API?

    Broadcom Employee
    Posted Feb 13, 2019 09:53 AM

    Hi Sheri, Dominic,

     

    Yes, please let's have a support case for this. Can you please open one (and if possible then even mention that case# here afterwards).

     

    Thanks,

    Sagi



  • 13.  Re: Why am I now unable to use API keys to make updates in Rally with the API?

    Posted Feb 13, 2019 04:11 PM

    Sagi_Gabay and dominic.ventre  I have opened case 01300588



  • 14.  Re: Why am I now unable to use API keys to make updates in Rally with the API?
    Best Answer

    Broadcom Employee
    Posted Feb 14, 2019 02:54 PM

    Following up on this for community resolution.

     

    This error can be thrown by the "alm-wsapi-read-only" grant being set on the API key in use.

     

    It is not necessary to provide "alm-wsapi-read-only" on a "full-access" key and in some cases, doing so can cause the API to see this as a read-only key.

     

    Use the https://rally1.rallydev.com/login/accounts/index.html#/keys page to verify the grants on the API key that you are using.

     

    An extenuating condition where this is seen with full-access keys, is one where POST operations have been or are being attempted with a read-only key and subsequently the "Invalid key" response has been cached for that request by a proxy or by our content delivery network (CDN).

     

    One workaround that can be attempted in this scenario is to try us1.rallydev.com as your hostname in your request instead of rally1.rallydev.com. This will bypass the CDN and bypass their caching mechanisms that may be serving stale requests. Note that if there is a caching proxy server in use at your location, there is no control over that from an Agile Central perspective and you will need to work with your network team to adjust rules to prevent responses from being cached.