Join 34,000+ subscribers and receive articles from our blog about software quality, testing, QA and security.

New API v2 migration problems



I’m trying to migrate our scripts from miniapi to new v2 API.
I’ve found 2 problems so far. :slight_smile:

In miniapi we use inactive user to authorization (we got this suggestion from your support)

Now I can only access v2 API with real user and real authorization.
But this is not accepted solution.

How should we access v2 API without use real user? (we cannot create domain user for automatic tests)

I got ‘HTTP Error 400: Bad Request’ always when I’m trying to send POST.
I use python scripts which work well for miniapi e.g.:

mydata=[('name', 'name')]
    req = urllib2.Request(url=url, data=data, headers=properties.headerv2)
    base64string = base64.encodestring('%s:%s' % (properties.username, properties.password)).replace('\n', '')
    req.add_header("Authorization", "Basic %s" % base64string)
    response = urllib2.urlopen(req)

Testail log returns:

Details: <missing>
File: /var/www/testrail/sys/helpers/ex.php
Line: 29
Status Code: 500
Host: ***********
Uri: /index.php?/api/v2/add_suite/3/ (POST)
Browser: Python-urllib/2.7
PHP: 5.3.10-1ubuntu3.4
Server: Linux 3.2.0-29-generic #46-Ubuntu SMP Fri Jul 27 17:03:23 UTC 2012 x86_64
at ex::raise (ex.php:29)
at ex::raise (controller.php:184)
at Controller->_validate_get_input (controller.php:130)
at Controller->_validate (v2.php:1103)
at V2_controller->add_suite (controller.php:106)
at Controller->_invoke_web (controller.php:74)
at Controller->_invoke (gizmo.php:101)
at require_once (index.php:106)

Project with id=3 exists.
This code works well for miniapi.
I have no problem with GET methods.
Thx for help.



Thanks for your posting. Please see below for my answers:

  1. Do you use Active Directory as authentication backend with our auth.php script? If so, you can bypass AD authentication for certain users. You would need to modify the authenticate_user function as follows, e.g.:

if ($name == '') { return new AuthResultFallback(); }

  1. 400 can be returned for several reasons, the most likely being an invalid request format. Please make sure to submit your data (e.g. name and description of the test suite) as JSON. This is also explained in the migration guide:

The response also usually includes an error message that describes the error or provides additional details.



Ad 1.
Yes, we use AD. We need user who cannot be authorized via www but only when python script is executing. We have AuthResultFallback() for this user enabled but it should be allowed to access to TestRail via www as well as inactive user wasn’t allowed to access to miniapi.
Inactive user didn’t use also our TR users limit.

Ad 2.
Thx, this problem solved - JSON format required indeed.

mydata={'name': 'name'}
data = json.dumps(mydata)


This is no longer supported and the new API no longer allows disabled/inactive user accounts. One reason for this is that the new API now has full support for multiple users, roles and permissions and this also requires the user account to be active. Yes, this counts against the license limit but you can also use a regular user account for the API instead if you prefer this.

The usual workflow with a separate API user would be create this user via TestRail’s user interface (Administration > Users & Roles) and then bypass AD authentication in the AD module for this user (in case you don’t want to to have this user to your domain).