General Notes and Limitations


  • The REST API cannot run in a configuration where a proxy server requires Basic Authentication before allowing access to the REST resources.
  • When an invalid Accept header is passed, status 500 is returned instead of a status in the 400 range.
  • The only values supported for the Accept-Encoding header are gzip and deflate. If neither of these values is specified, the response is not encoded.


This version of the REST API provides access to defects and some of the supporting resources. Much of the functionality in the technical preview is still available on a technical preview basis. See the ALM REST API Technical Preview documentation, available in the ALM documentation library.

URL encoding

Request URIs sent by an application must be URL encoded. For example, use %20 instead of a space character. For more information about URL encoding, see W3 Schools: URL encoding

Resend cookies

In any request you send to the server, return all cookies sent by the server in the preceding response using the "Set-Cookie" header. See Failing to resend cookies can result in authentication expiration while the user is interacting with the REST API service.

Content-type and Accept headers

When sending data, always send a Content-Type header to specify the type of data being sent from the client to the server.

Do not send a Content-Type header unless content is sent.

Always send an Accept header to specify the format of the data to receive from the server.

Site configuration parameters

Several site configuration parameters affect REST-based applications. For more information, see the ALM Site Parameters.  Search for "REST".