Invalid credentials error when authenticating python pyral code with ApiKey

Document ID : KB000057609
Last Modified Date : 14/02/2018
Show Technical Document Details


This article is specific to CA Agile Central API Toolkit for Python, known as pyral.
When using ApiKey authentication in pyral 1.1.1 code examples, specifically that comes with pyral installation, Invalid credentials error is returned:
/Library/Python/2.7/site-packages/requests-2.7.0-py2.7.egg/requests/packages/urllib3/util/ InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see
Traceback (most recent call last):
  File "", line 66, in <module>
  File "", line 26, in main
    rally = CA Agile Central(server, user, password, workspace=workspace, project=project)
  File "/Users/nmusaelian/my-python/pyral-1.1.1/pyral/", line 228, in __init__
  File "/Users/nmusaelian/my-python/pyral-1.1.1/pyral/", line 181, in check
    raise RallyRESTAPIError("Invalid credentials")
pyral.context.RallyRESTAPIError: Invalid credentials

The user is active, and ApiKey is valid. If config file uses USERNAME, PASSWORD, instead of APIKEY, it works as expected. Here is an example of a config file that causes the error when basic authentication is commented out:
#USER   =
#PASSWORD = secret
APIKEY = _abc123
PROJECT = Company X


Cause example is unfortunately outdated - it predates support for ApiKey.


The article assumes that the latest version of pyral 1.1.1 is used.

The following modification in the code will allow to authenticate successfully with a valid ApiKey.
if apikey:
        rally = CA Agile Central(server, apikey=apikey, workspace=workspace, project=project)
        rally = CA Agile Central(server, user=username, password=password, workspace=workspace, project=project)

Modified version of the file is attached.
A more complex example that prints all workspaces and projects available to the logged in user, is available in the examples sub-directory in pyral directory. This file uses the same if/else statement.

NOTE1: pyral supports both basic authentication (username/password) and ApiKey. However, if pyral is used in SSO environment, basic authentication will not work unless
  • the user's subscription allows white-listing and the user is on the SSO exceptions list, or
  • the subscription allows hybrid authentication (SSO or CA AC/Rally)
Pyral does not have support for SSO authentication. In SSO environment WS API requests can to be authenticated with ApiKey. A user does not have to be on the SSO exceptions list in order to use ApiKey.

NOTE 2: This article is specific to pyral.
If you are connecting to CA Agile Central WS API directly from your python code and bypassing the toolkit, you may still authenticate with ApiKey. Generate the API Key in CA Agile Central Application Manager?? and authenticate your requests by setting zsessionid header of the request to ApiKey, similar to how it is done with curl or a browser Rest client. For those examples see:
WS API request examples using curl and browser REST client


File Attachments: