Restrict API access

Available in versions: ALM 12.60 and later

You can restrict API access to a white-list of client types, using the RESTAPI_ACCESS_APIKEY_ONLY site parameter. By default this site parameter is set to N, meaning there is no restriction.

To enable restriction:

Set the RESTAPI_ACCESS_APIKEY_ONLY site parameter to Y.
Add a list of approved client types to the RESTAPI_WHITELIST_APIKEY site parameter, separated by commas.
Add a matching Client-Type attribute to the body of the POST request.
qcbin/rest/site-session:
Header:
Content-Type application/xml
Add the following XML node to the posted data:
```
<session-parameters>
```
```
…
```
```
<client-type>·</client-type>
```
```
…
```
```
</session-parameters
```

Limitation: Under certain circumstances, after enabling API access restriction you may find that you cannot access the ALM server. If this happens, please contact Support for a workaround.

Restrict API access

Send Help Center Feedback