How to create and update an artifact in sandbox via WS API

Document ID : KB000057510
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue

"Not authorized to perform action: Invalid key" when updating CA Agile Central artifact using curl command

Resolution

BEFORE YOU START:

Starting with v2.0 of Web Services API an extra layer of authentication is required for POST requests: it is not enough to supply username/password.
This change is documented in the "Security Token" section of WS API.

If you are creating or updating artifacts in production, on rally1.rallydev.com, and not on sandbox.rallydev.com, see "How to use API Key with cURL" article instead.
It is easier to use ApiKey functionality instead of a security token. ApiKey replaces the need for supplying both username/password and the security token.
Unfortunately ApiKey is not supported on sandbox.

HOW TO POST TO SANDBOX USING A BROWSER REST CLIENT:

A browser maintains an HTTP session which makes it possible to request a token in one request and then issue a POST request to which the token is appended without having to maintain the session manually.

Here we create a portoflioitem/feature/

Step 1:
Get the security token:

https://sandbox.rallydev.com/slm/webservice/v2.0/security/authorize


Result includes the security token:

User-added image

Step 2: create a CA Agile Central artifact, for example, a portoflioitem/feature. Noice that the security token has to be appended to the request:

https://sandbox.rallydev.com/slm/webservice/v2.0/portfolioitem/feature/create?key=07fd4ed0-1...

Here is a payload example:

{
"Portfolioitem/Feature":{
"Name": "my feature"
}
}


HOW TO POST TO SANDBOX USING USING CURL:

If a user updates, creates or deletes CA Agile Central artifacts via WS API outside of a browser, e.g. when using curl, the session has to be maintained manually. Without session cookie each curl request (in our case getting the token and the post request to update an artifact) will constitute separate HTTP sessions.

Step 1:
Tell curl to store a session cookie in order to persists the HTTP session
a. in the terminal, cd to the working directory
b.? curl -u "user@company.com:secret" https://sandbox.rallydev.com/slm/webservice/v2.0/security/authorize -c sandboxcookie.txt
A file sandboxcookie.txt will be created in the working directory. Here is a content example:

# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.

#HttpOnly_sandbox.rallydev.com?? ?FALSE?? ?/?? ?TRUE?? ?0?? ?JSESSIONID?? ?qs-sapp-011eo9hnroag41w1ax29stc60iwo.qs-sapp-01
#HttpOnly_.sandbox.rallydev.com?? ?TRUE?? ?/?? ?TRUE?? ?0?? ?SUBBUCKETID?? ?209


Note the output in the termninal, which includes the security token you will append to your post request in the next step:

{"OperationResult": {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "Errors": [],
?"Warnings": [], "SecurityToken": "055376dd-0dc6-424e-8c4a-453cebd98881"}}

Step 2:
Here is the curl command to update a defect:

curl -v -u "user@company.com:secret" -H "Content-Type: application/json" -d"{\"Defect\":{\"Resolution\":\"Not a Defect\",\"State\":\"Fixed\"}}" https://sandbox.rallydev.com/slm/webservice/v2.0/Defect/8060545781?key=055376dd-0dc6-424e-8c4a-453cebd98881 -b sandboxcookie.txt

The output in terminal will include a full JSON. Success!

User-added image

Related article:
"How to create a defect with a browser's REST client"
The steps described in the related article apply to both production and sandbox. In production we can choose to use a security token or ApiKey, but on sandbox only security token is supported.