Creating a Helix ALM user and security group for the REST API
We recommend creating a dedicated Helix ALM user for use only with the REST API. This offers the following benefits:
- You can limit the API user's security permissions to the specific actions performed by the API.
- When you review the Helix ALM item history or audit trail, you can more easily distinguish between changes made by the API and manual changes made by other users.
Perform the following tasks in the Helix ALM desktop or web client.
1. Add a new security group specifically for API users. For example, you may want to name this group REST API Users.
- Make sure the Allow Login Via SOAP command in the General category is enabled. This command gives users in the group access to log in using the API.
- Enable any other commands for actions the API needs to perform. Keep in mind that the API can only return data that the authenticated user has access to. If the user cannot see the data in the desktop or web client, it also cannot be accessed by API.
2. Create an API user. Note the username and password for logging in to the API.
- Add the user to the new API security group.
- Assign licenses to the user. The user must have the appropriate license assigned to perform actions. For example, to work with issues, the user must have an issue management license.
- Add an API key for the user. API keys let you authenticate more securely with the REST API. See Authentication.