Restrict API access

Available in versions: ALM 12.60 and later

You can restrict API access to a white-list of client types, using the RESTAPI_ACCESS_APIKEY_ONLY site parameter. By default this site parameter is set to N, meaning there is no restriction.

To enable restriction:

  1. Set the RESTAPI_ACCESS_APIKEY_ONLY site parameter to Y.

  2. Add a list of approved client types to the RESTAPI_WHITELIST_APIKEY site parameter, separated by commas.

  3. Add a matching Client-Type attribute to the body of the POST request.

    qcbin/rest/site-session:

    Header:
    Content-Type application/xml

    Add the following XML node to the posted data:

    <session-parameters>
    <client-type>·</client-type>
    </session-parameters

Limitation: Under certain circumstances, after enabling API access restriction you may find that you cannot access the ALM server. If this happens, please contact Support for a workaround.