Use API Key with cURL

Document ID : KB000057528
Last Modified Date : 14/02/2018
Show Technical Document Details


User gets "Not authorized to perform action: Invalid key" when making a create request with cURL.


Creating and updating Rally artifacts with command-line cURL requires that the user maintain a session with a cookie. Otherwise a GET request when a user gets a security token and a POST request when a user hits the create or update endpoint happen in the context of two separate HTTP sessions. By the time the second request is issued, the key acquired during the first request is expired, hence "Not authorized to perform action: Invalid key" error.

A cURL scenario in which a cookie is used to maintain the session? is described in this StackOverflow post. This post predates the released a new feature, API Key, which removed the need to explicitly request the token and append it to POST requests. API Key is different from the security token.

1. Generate an API Key from Rally Application Manager page

There is a link to Rally Application Manager available from the help page that introduces this feature.

Follow this link, login with your Rally credentials, and? generate the key
This API key can be used in the zsessionid header of a cURL command.

2. POST request

In the terminal issue a command that follows this syntax. Replace _myKeY123 with the valid API Key:
curl --header "zsessionid:_myKeY123" -H "Content-Type: application/json" -d"{\"Defect\":{\"Name\":\"bad defect\"}}" https://rally1.rallyde

Note that when using API Key it is no longer necessary to explicitly pass user credentials.