ALM REST API v12.50 error 401

Question

Good afternoon, I am working on a C# application that needs to connect to HPQC v12.50 using the REST API. I have been able to authenticate and then I am trying to re-use the cookie I received as a webresponse to perform queries. However, I am stuck with an error 401 and after having read multiple forums and HP's doc about the REST API, I can't figure out what I am doing wrong.

Here is my chunk of code:

    public void LoginAlm(string StrServer, string StrUser, string StrPassword, string StrDomain, string StrProject)
    {
        //First, I am authenticating to the server (this works fine)
        string StrServerLogin = StrServer + "/authentication-point/authenticate";
        HttpWebRequest myWebRequest = (HttpWebRequest)WebRequest.Create(StrServerLogin);
        myWebRequest.Headers[HttpRequestHeader.Authorization] = "Basic " + Base64Encode(StrUser + ":" + StrPassword);
        WebResponse webResponse = myWebRequest.GetResponse();

        //Then, I am extracting the cookie from the header to re-use it for me subsequent requests.
        HttpWebRequest myWebRequest1 = (HttpWebRequest)WebRequest.Create(StrServer + "/rest/domains/"+StrDomain+"/projects/"+StrProject+"/defects&#1");
        string StrCookie = webResponse.Headers.ToString();
        StrCookie = StrCookie.Substring(StrCookie.IndexOf("Set-Cookie:") + 12);
        StrCookie = StrCookie.Substring(0, StrCookie.IndexOf("\r\n"));
        myWebRequest1.Headers[HttpRequestHeader.Cookie] = StrCookie;

        //Then, I am trying to perform my request, and the following line would always return an error 401.
        WebResponse webResponse1 = myWebRequest1.GetResponse();

        StreamReader reader = new StreamReader(webResponse1.GetResponseStream());
        textBox6.Text = reader.ReadToEnd();
    }

One thing I noticed in HP's doc is that I should be receiving a token as a response, but it does not seem to be there...

It is my first experience with REST API and I am sorry if it seems trivial but I've wasted too much time on this already!

Answer 1

Finally, I rechecked the documentation of the REST API and found out the correct authentication URL to use is "/api/authentication/sign-in" with ALM v12.50.

It will return the following cookies in the header of the webresponse: - LWSSO_COOKIE_KEY - QCSession - ALM_USER - XSRF-TOKEN

These cookies have to be added to your next webrequest, in the cookie container. For those of you who would need the code, here it is in C#:

    public void LoginAlm(string StrServer, string StrUser, string StrPassword, string StrDomain, string StrProject)
    {
        //Creating the WebRequest with the URL and encoded authentication
        string StrServerLogin = StrServer + "/api/authentication/sign-in";
        HttpWebRequest myWebRequest = (HttpWebRequest)WebRequest.Create(StrServerLogin);
        myWebRequest.Headers[HttpRequestHeader.Authorization] = "Basic " + Base64Encode(StrUser + ":" + StrPassword);
        WebResponse webResponse = myWebRequest.GetResponse();

        //Once this is done, we create a new request, this example to get the information about defect #1 on a given project
        HttpWebRequest myWebRequest1 = (HttpWebRequest)WebRequest.Create(StrServer + "/rest/domains/"+StrDomain+"/projects/"+StrProject+"/defects/1");

        //Then, we create a cookie container to the webrequest where we will store the cookie that we've received from the authentication webresponse
        myWebRequest1.CookieContainer = new CookieContainer();
        Uri target = new Uri(StrServer);

        //We extract the LWSSO_COOKIE_KEY cookie and add it to the cookie container
        string StrCookie = webResponse.Headers.ToString();
        string StrCookie1 = StrCookie.Substring(StrCookie.IndexOf("LWSSO_COOKIE_KEY=") + 17);
        StrCookie1 = StrCookie1.Substring(0, StrCookie1.IndexOf(";"));
        myWebRequest1.CookieContainer.Add(new Cookie("LWSSO_COOKIE_KEY", StrCookie1) { Domain = target.Host });

        //Then the QCSession cookie
        string StrCookie2 = StrCookie.Substring(StrCookie.IndexOf("QCSession=") + 10);
        StrCookie2 = StrCookie2.Substring(0, StrCookie2.IndexOf(";"));
        myWebRequest1.CookieContainer.Add(new Cookie("QCSession", StrCookie2) { Domain = target.Host });

        //Then the ALM_USER cookie
        string StrCookie3 = StrCookie.Substring(StrCookie.IndexOf("ALM_USER=") + 9);
        StrCookie3 = StrCookie3.Substring(0, StrCookie3.IndexOf(";"));
        myWebRequest1.CookieContainer.Add(new Cookie("ALM_USER", StrCookie3) { Domain = target.Host });

        //And finally the XSRF-TOKEN cookie
        string StrCookie4 = StrCookie.Substring(StrCookie.IndexOf("XSRF-TOKEN=") + 12);
        StrCookie4 = StrCookie4.Substring(0, StrCookie4.IndexOf(";"));
        myWebRequest1.CookieContainer.Add(new Cookie("XSRF-TOKEN", StrCookie4) { Domain = target.Host });

        //We then send our webrequest and collect the webresponse
        WebResponse webResponse1 = myWebRequest1.GetResponse();
        StreamReader reader = new StreamReader(webResponse1.GetResponseStream());
    }

I hope it will help!

Answer 2

HP version 12 has changed little bit in terms of authentication. They have changed the url from authentication-point/authenticate to "/authentication-point/alm-authenticate"

Once above URL is successfully posted, user needs to post "/rest/site-session" URL with following request body.

"<alm-authentication><user><![CDATA[username]]></user><password><![CDATA[password]]></password></alm-authentication>"

Answer 3

After making a post request to the authentication-point/authenticated you have to make another post request request to rest/site-session, to create a session then only you will be able to do further operation