It's all about the answers!

Ask a question

How to set session in REST API against RQM


aharon shacahr (111) | asked Jul 19 '16, 2:19 a.m.
I would like to create an automation script which needs to access RQM and retrieve some info.
I would like to access RQM using REST API.

The problem is that all the articles I found (i.e. modify test in RQM using REST)
indicates that I need to provide session-id as part of the request, but in order to provide session-id I need to manually login first, and that kind of killing of the automation process.

Is there anyway to create the REST session in a way which supports automation scripting?




2 answers



permanent link
Michael Triantafelow (4513) | answered Jul 19 '16, 10:15 a.m.
Ah, I see where the confusion is.  The video you watched was using a Firefox plug-in as the HTTP client.  That plug-in operates through the browser, which has some important differences from the way an HTTP client like Apache HTTP operates.  

When they say that you need to get that session ID to make this work, they are basically showing you a workaround for an issue that only occurs when you are working with a browser plug-in like the one they used.  Furthermore, in my experience, the error they are trying to work around only occurs on POST.  I've been able to use GET and PUT without that session ID, even in a browser plug-in.

So, assuming I understand your situation correctly, I think you can ignore the advice about the session ID from that video.

permanent link
Donald Nong (14.4k314) | answered Jul 19 '16, 10:40 p.m.
You always have to log in first, as all resources in RQM are protected. Your script is no different from a real person using a browser to access RQM. It will be a severe security hole if you can access RQM without logging in first.

In the video that you linked, the user already logged in as "CLM Administrator" - see the first Firefox tab. The RESTClient plugin running in the same Firefox will use the logged in session automatically. If you logged out RQM in the first tab, the RESTClient in the second tab will not work and will get you an HTTP 401 error code.

Whether you use the "X-Jazz-CSRF-Prevent" header is a different story, as it is only required with the PUT and POST operations, but not GET.

There are plenty of articles and forum posts talking about how to log in using a script, for example the below two.
https://jazz.net/library/article/633
https://jazz.net/forum/questions/140936/curl-get-wi-rtc-403

You can incorporate this into your script and you don't need to log in "manually".

Comments
aharon shacahr commented Jul 20 '16, 5:27 a.m.
Even in the link you provided i saw that I need to pass cookies as part of the CURL command - "The example snippets assume that you are authenticated to a server.."
Well I don't want to be already authenticate to the server - what I need is a simple way where I can send user/password as part of the command - and that would create the authentication for me.
What am I missing here?

Michael Triantafelow commented Jul 20 '16, 9:26 a.m.

 Have you seen the RQM URL Utility?



This is a thin wrapper around an HTTP client that provides some convenient ways to do things like authentication.  Note that this is for use with the QM Reportable REST API.  Not sure if you are looking to use that or to use the OSLC REST API.

Your answer


Register or to post your answer.