I developed a chrome extension using Rally's WSAPI v2.0, and it basically does the following things:
- get user and project, and store them
- get current iteration everytime
- send a post request to create a workitem
For the THIRD step, I sometimes get error ["Not authorized to perform action: Invalid key"] since end of last month.
[updated]Error can be reproduced everytime if I log in Rally website via SSO before using the extension to send requests via apikey. What's the best practice to send subsequent requests via apikey in my extension since I can't control end users' habits?
I did see some similar posts but none of them is helpful... and in case it helps:
- I'm adding ZSESSIONID:apikey in my request header, instead of user / password to authenticate, so I believe no security token is needed (https://comm.support.ca.com/kb/api-key-and-oauth-client-faq/kb000011568)
- url starts with https://rally1.rallydev.com/slm/webservice/v2.0/
- issue is fixed after clearing cookies for https://rally1.rallydev.com/, but somehow it appears again some time later
- I checked the cookie when the issue was reproduced, and found one with name of ZSESSIONID and its value became something else rather than the apikey. Not sure if that matters though...
- code for request:
function initXHR(method, url, apikey, cbFunc) {
let httpRequest = new XMLHttpRequest();
...
httpRequest.open(method, url);
httpRequest.setRequestHeader('Content-Type', ' application\/json');
httpRequest.setRequestHeader('Accept', ' application\/json');
httpRequest.setRequestHeader('ZSESSIONID', apikey);
httpRequest.onreadystatechange = function() {
...
};
return httpRequest;
}
...
usReq = initXHR ('POST', baseURL+'hierarchicalrequirement/create', apikey, function(){...});Anyone has any idea / suggestion? Thanks a million!
