Rally - Creating an Oauth token manually
search cancel

Rally - Creating an Oauth token manually


Article ID: 140086


Updated On:


Rally SaaS


This walks through the steps to create a client application, generate an auth token and exchange for an access token


Release : SAAS



First you'll need to create an oauth client.  The key pieces of information moving forward will be the callback URL, client ID and client secret

Next you'll create a URL going to https://rally1.rallydev.com/login/oauth2/auth and use the following parameters:


  • state: a key to use to validate the auth token, typically a UUID.
  • response_type: set to 'code'.
  • redirect_uri: this must match the URL you specified when creating your client id and secret above.
  • client_id: is the client_id that was created above.
  • scope set to 'alm'.


Example URL:


Once that URL is accessed, you'll be redirected to an Authorization Request page 

After you click "Allow Access" you'll be sent back to the page that you specified above when you set up your client in Rally.  The URL will now include an auth code that you will use in your next request

Your next request will be a POST request to https://rally1.rallydev.com/login/oauth2/token using a x-www-form-urlencoded content-type

You'll add the following body parameters:


  • code the 'code' you received in the URL of the previous request.
  • redirect_uri: must match the redirect_uri you specified when creating the client above.
  • grant_type: set to 'authorization_code'.
  • client_id: set to your client id, generated when creating the client above.
  • client_secret: set to your client secret, generated when creating the client above.


The access_token will be used in subsequent requests to Rally and passed as a ZSESSIONID header parameter like you would for an API key.