Rally - How to create and update an artifact in sandbox via WS API

book

Article ID: 57510

calendar_today

Updated On:

Products

CA Agile Central On Premise (Rally) CA Agile Central SaaS (Rally)

Issue/Introduction

Since the sandbox does not support using an API key, it is necessary to request a security token to perform write operations.  Trying to create, update or delete work items without a key will result in "Not authorized to perform action: Invalid key".  This article will demonstrate two methods for example calls, however it is still necessary to store a token in a cookie regardless of the methods used.



Cause

Starting with v2.0 of Web Services API an extra layer of authentication is required for POST requests: it is not enough to supply username/password.  This change is documented in the "Security Token" section of WS API".

 

If you are creating or updating artifacts in production, on rally1.rallydev.com, and not on sandbox.rallydev.com, see "How to use API Key with cURL" article instead.

  

It is easier to use ApiKey functionality instead of a security token. ApiKey replaces the need for supplying both username/password and the security token.  ApiKey is not supported on sandbox.

Resolution

HOW TO POST TO SANDBOX USING A BROWSER REST CLIENT:

A browser maintains an HTTP session which makes it possible to request a token in one request and then issue a POST request to which the token is appended without having to maintain the session manually.


Here we create a portfolioitem/feature/


Step 1: 

Get a security token:

https://sandbox.rallydev.com/slm/webservice/v2.0/security/authorize


Result includes the security token:



Step 2: 

Create a CA Agile Central artifact, for example, a portfolioitem/feature. Notice that the security token has to be appended to the request:

https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/create?key=07fd4ed0-1...


Here is a payload example:

{
"Portfolioitem/Feature":{
"Name": "my feature"
}
}



HOW TO POST TO SANDBOX USING USING CURL:

If a user updates, creates or deletes CA Agile Central artifacts via WS API outside of a browser, for example when using curl, the session has to be maintained manually. Without a session cookie each curl request (in our case getting the token and the post request to update an artifact) will constitute separate HTTP sessions.


Step 1:

Tell curl to store a session cookie in order to persists the HTTP session

a. in the terminal, cd to the working directory

b. curl -u "[email protected]:secret" https://sandbox.rallydev.com/slm/webservice/v2.0/security/authorize -c sandboxcookie.txt

 

A file sandboxcookie.txt will be created in the working directory. Here is a content example:

# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.

#HttpOnly_sandbox.rallydev.com?? ?FALSE?? ?/?? ?TRUE?? ?0?? ?JSESSIONID?? ?qs-sapp-011eo9hnroag41w1ax29stc60iwo.qs-sapp-01
#HttpOnly_.sandbox.rallydev.com?? ?TRUE?? ?/?? ?TRUE?? ?0?? ?SUBBUCKETID?? ?209


Note the output in the terminal, which includes the security token you will append to your post request in the next step:

{"OperationResult": {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "Errors": [], "Warnings": [], "SecurityToken": "055376dd-0dc6-424e-8c4a-453cebd98881"}}


Step 2:

Here is the curl command to update a defect:

curl -v -u "[email protected]:secret" -H "Content-Type: application/json" -d"{\"Defect\":{\"Resolution\":\"Not a Defect\",\"State\":\"Fixed\"}}" https://sandbox.rallydev.com/slm/webservice/v2.0/Defect/8060545781?key=055376dd-0dc6-424e-8c4a-453cebd98881 -b sandboxcookie.txt


The output in terminal will include a full JSON. Success!

Additional Information

Related article:

"How to create a defect with a browser's REST client"

The steps described in the related article apply to both production and sandbox. In production we can choose to use a security token or ApiKey, but on sandbox only security token is supported.

Attachments

1558713135879000057510_sktwi1f5rjvs16svy.png get_app
1558713133983000057510_sktwi1f5rjvs16svx.png get_app
1558713132120000057510_sktwi1f5rjvs16svw.png get_app
1558713130102000057510_sktwi1f5rjvs16svv.png get_app