I was just wondering if the API is enabled to work with a test automation tool can anyone with a valid account interact with it? Is there anyway to control who has the permission to write scripts that “get” or “push” test results?
If not what are the risks that this could affect performance or cause any other damage" Are they basically limited to their global role? Can testers push results or does the user need to be a lead?
We are on a self hosted server running on https using version 18.104.22.16830. We are also behind a proxy that receives the https requests on port 443 and then forwards the requests to the TestRail server running Apache but listening on port 80 via http. This is required as the Apache server recieving the https traffic sits in a different zone taking external traffic then forwards it through a firewall where the app and db servers reside.