HP ALM REST API – Authentication

    Tutorial on how to authenticate HP ALM Session using REST API. Includes VB.NET and C# code for Sign-in and Sign-out resources.

    HP ALM provides two resources for Authentication.

    • Sign-in
    • Sign-out


    The sign-in resource request authorization. To successfully authenticate we have to post user and password in BASE64 encoding in the Authorization header.

    Sign-in resource sets the authentication cookies required for future requests.

    • ALM_USER
    • QCSession

    Sign-in URI

    Uri for sign-in is /qcbin/api/authentication/sign-in
    e.g. http://youralmserver:port/qcbin/api/authentication/sign-in

    For ALM Versions prior to 12.53

    Uri for sign-in is /qcbin/authentication-point/authenticate?login-form-required=y
    e.g. http://youralmserver:port/qcbin/authentication-point/authenticate?login-form-required=y

    If this URI is provided directly to the browser, you will get a prompt to enter your user name and password. Once you enter the correct credentials you will be taken to a blank screen.

    Doing it with code

    Parameters Required

    HP ALM Base URLhttp://youralmurl:port/qcbin
    HP ALM User NameuserName
    HP ALM PasswordPassword

    Sample Response

    ****  Request ***
    POST /qcbin/api/authentication/sign-in HTTP/1.1
    Authorization: Basic 123456789abcdef=
    Host: myserver:8081
    ****  Response ***
    HTTP/1.1 200 OK
    Set-Cookie: LWSSO_COOKIE_KEY=0123456789abcdef;Path=/;HTTPOnly
    Set-Cookie: QCSession=0123456789abcdef;Path=/;HttpOnly
    Expires: Thu, 01 Jan 1970 00:00:00 GMT
    Set-Cookie: ALM_USER=0123456789abcdef;Path=/
    Set-Cookie: XSRF-TOKEN=0123456789abcdef;Path=/
    Content-Length: 0

    Sign-in Code

    For ALM Versions prior to 12.53
    In the code replace /api/authentication/sign-in with /authentication-point/authenticate

    VB.NET code to get Authentication Cookies

    Private Function GetAuthenticationCookieContainer(almBaseUrl, almUserName, almPassword) As CookieContainer
     Dim authCookies = new CookieContainer()
     Dim auth As HttpWebRequest = WebRequest.Create(almBaseUrl + "/api/authentication/sign-in")
     Dim credentials As String = $"{almUserName}:{almPassword}"
     auth.CookieContainer = authCookies
     auth.Headers.Set(HttpRequestHeader.Authorization, "Basic " + Convert.ToBase64String(Encoding.UTF8.GetBytes(credentials)))
     Dim authResult As WebResponse = auth.GetResponse()
     Return authCookies
    End Function


    Dim AuthenticationCookieContainer = GetAuthenticationCookieContainer("http://youralmurl:port/qcbin", "aneejian", "Password")

    C# code to get Authentication Cookies

    private static CookieContainer GetAuthenticationCookie(string almBaseUrl, string almUserName, string almPassword)
        var authCookies = new CookieContainer();
        var auth = (HttpWebRequest)WebRequest.Create(almBaseUrl + "/api/authentication/sign-in");
        var credentials = $"{almUserName}:{almPassword}";
        auth.CookieContainer = authCookies;
        auth.Headers.Set(HttpRequestHeader.Authorization, "Basic " + Convert.ToBase64String(Encoding.UTF8.GetBytes(credentials)));
        var authResult = auth.GetResponse();
        return authCookies;


    var authenticationCookieContainer = GetAuthenticationCookie("http://youralmurl:port/qcbin", "aneejian", "Password");


    The sign-out resource logs the user off the system. It cancels the cookies returned by Sign-in.

    • QCSession 
    • ALM_USER 

    Sign-out URI

    Uri for sign-out is /qcbin/api/authentication/sign-out
    e.g. http://youralmserver:port/qcbin/api/authentication/sign-out

    For ALM Versions prior to 12.53

    Uri for sign-out is /qcbin/authentication-point/logout
    e.g. http://youralmserver:port/qcbin/authentication-point/logout

    If you pass this to the browser where you signed in, it will sign you out from ALM.

    Sign-out Code

    VB.NET code to Sign-out

    Private Sub Signout(almBaseUrl As String, AuthenticationCookieContainer)
     Dim auth = CType(WebRequest.Create(almBaseUrl + "/api/authentication/sign-out"), HttpWebRequest)
     auth.CookieContainer = AuthenticationCookieContainer
     Dim authResult = auth.GetResponse()
    End Sub


    SignOut("http://youralmurl:port/qcbin", AuthenticationCookieContainer)

    C# code to Sign-out

    private static void SignOut(string almBaseUrl, CookieContainer authenticationCookieContainer)
     var auth = (HttpWebRequest)WebRequest.Create(almBaseUrl + "/api/authentication/sign-out");
     auth.CookieContainer = authenticationCookieContainer; //authenticationCookieContainer is the CookieContainer you got from GetAuthenticationCookieContainer function.
     var authResult = auth.GetResponse();


    SignOut("http://youralmurl:port/qcbin", authenticationCookieContainer);

    Related Articles

    Recent Articles

    How to fix Date Time data type issue in Blue Prism?

    Know more about the date time issue while using the code stage in Blue Prism and understand how to fix it by dealing with the UTC offset.

    How to deserialize JSON in UiPath?

    Tutorial on how to properly deserialize JSON with UiPath Web Activities. Explains the concept of JSON Array and JSON Object.

    Dynamic or Variable Selectors in UiPath

    Tutorial on how to use dynamic selectors in UiPath. Explains how to use variables in UiPath selectors.

    Change Case Excel Add-In

    Change Case Excel Add-In is a powerful Excel Add-In that can change the case of selected cells. With easy to use Keyboard shortcuts, perform case conversion in style.

    Blue Prism Video Tutorial

    A well-structured video tutorial on Blue Prism, which is the right starting point for your RPA career. #rpa #blueprism

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Stay on top - Get latest articles in your inbox