This example uses a Google Chrome REST client, but apart from the differences in the UI, the steps are the same regardless of the the browser's choice.

Example 1: Create a new defect

Step 1. Generate security token:

URL: https://rally1.rallydev.com/slm/webservice/v2.0/security/authorize
Method: GET

Step 2. Create a defect:

The key obtained in Step 1 has to be appended to the request key=your key goes here

URL: https://rally1.rallydev.com/slm/webservice/v2.0/Defect/create?key=f8e4afc5-....
Method: POST
Payload:

{
"Defect":{
"Name": "bad defect"
}
}

Response will show a link to the newly created defect:
https://rally1.rallydev.com/slm/webservice/v2.0/defect/<DEFECT_OID>

Note that all required fields must be set. In this example only the Name field which is by default required needs to be set.


Example 2: Update an existing defect

Browser maintains the session, and as long as the session is not terminated, the same security token can be used.

If the session was terminated ,e.g. due by the user or due to inactivity, a new token must be requested as step 1 in the previous example shows.
Below it is assumed that the same token is still valid, and the first step is omitted.

Update a defect: Let's say we want to set an Owner and the State on this defect. The Owner is a reference to the object, hence the reference that uses the respective user's

ObjectID. A query in the WS API will return the reference:

URL: https://rally1.rallydev.com/slm/webservice/v2.0/defect/15297487557?key=f8e4afc5-....
Method: POST
Payload:
{"Defect":{
"State":"Open",
"Owner":"/user/<USER_OID>"
}
}