Restrict API access

Available in versions: ALM 12.60 and later

You can restrict API access to a white-list of client types, using the RESTAPI_ACCESS_APIKEY_ONLY site parameter. By default this site parameter is set to N, meaning there is no restriction.

To enable restriction:

  1. Set the RESTAPI_ACCESS_APIKEY_ONLY site parameter to Y.

  2. Add a list of approved client types to the RESTAPI_WHITELIST_APIKEY site parameter, separated by commas.

  3. Add a matching Client-Type attribute to the body of the POST request.


    Content-Type application/xml

    Add the following XML node to the posted data:


Limitation: Under certain circumstances, after enabling API access restriction you may find that you cannot access the ALM server. If this happens, please contact Support for a workaround.