Restrict API access
Available in versions: ALM 12.60 and later
You can restrict API access to a white-list of client types, using the RESTAPI_ACCESS_APIKEY_ONLY site parameter. By default this site parameter is set to N, meaning there is no restriction.
To enable restriction:
Set the RESTAPI_ACCESS_APIKEY_ONLY site parameter to Y.
Add a list of approved client types to the RESTAPI_WHITELIST_APIKEY site parameter, separated by commas.
Add a matching Client-Type attribute to the body of the POST request.
qcbin/rest/site-session:
Header: Content-Type application/xml Add the following XML node to the posted data:
<session-parameters>
…
<client-type>·</client-type>
…
</session-parameters
Limitation: Under certain circumstances, after enabling API access restriction you may find that you cannot access the ALM server. If this happens, please contact Support for a workaround.