Authenticate

To receive services from the ALM platform, the application must provide an authentication token as a cookie in the request header. To obtain this token, you need to be authenticated by a mechanism outside of ALM, in one of the following ways:

LWSSO. The application passes an LWSSO (Light Weight Single Sign On) cookie in the request header. For details, see Authenticate using LWSSO.

API key. Obtain a Client ID and an API Key Secret from ALM Administration and enter them in a POST message. For details, see Authenticate using API keys.

When SSO is enabled, to access ALM Site Administration via RESTful API, only API keys authentication is supported.

Authenticate using LWSSO

Perform the following steps:

1. POST an authorization request to /qcbin/authentication-point/alm-authenticate with XML format.

   <alm-authentication>

      <user>sa_username</user>

      <password>sa_password</password>

   </alm-authentication>

   On success, returns HTTP code 200 and sets the LWSSO_COOKIE_KEY.

2. After authentication, POST a request to /qcbin/rest/site-session with XML format.

   <session-parameters>

      <client-type>REST client</client-type>

   </session-parameters>

   On success, returns HTTP code 201 and returns a QCSession cookie and an XSRF-TOKEN cookie.

Authenticate using API keys

Perform the following steps:

1. Obtain a Client ID and API Key Secret from ALM administration. For details on how to obtain API keys using ALM administration, see How to Manage API Keys.

2. POST request to /qcbin/rest/oauth2/login with JSON format.

   {"clientId":"Client ID", "secret":"API key secret"}

   On success, returns HTTP code 200 and sets the LWSSO_COOKIE_KEY and returns a QCSession cookie and an XSRF-TOKEN cookie.