Authentication
The QA Sphere API uses API keys for authentication. Each request to the API must include a valid API key that is associated with your account. You can manage your API keys through the QA Sphere web application settings.
Creating an API Key
- Log into your QA Sphere account
- Navigate to Settings
- Select the API Keys section
- Click "Add API Key"
- Save your API key securely - you won't be able to see it again
Using Your API Key
Request Headers
To authenticate your requests, you must include the Authorization header with your API key prefixed by ApiKey .
curl \
-H "Authorization: ApiKey your.api.key.here" \
https://your-company.your-region-code.qasphere.com/api/public/v0/project/BD/run/1/tcase
API Key Format
Your API key consists of three components concatenated with dots:
{tenantID}.{apiKeyID}.{apiKeyToken}
For example: t123.ak456.abc789xyz
Never share your API key or commit it to version control. Use environment variables or secure secret management systems to store your API key.
Error Responses
| Status Code | Scenario | Description |
|---|---|---|
| 401 | Missing API Key | API key was not provided in the request header |
| 401 | Invalid API Key Format | Malformed or incorrectly formatted API key |
| 401 | Invalid Credentials | The provided API key is not valid |
| 403 | Suspended Tenant | The account associated with the API key is suspended |
| 400 | Wrong Domain | The domain in the request URL does not match the expected domain |
Best Practices
DO
- Store API keys securely using environment variables or secret management systems
- Use different API keys for different environments (development, staging, production)
- Rotate API keys periodically
- Monitor API key usage for unusual patterns
- Include proper error handling for authentication failures
DON'T
- Share API keys between different applications
- Commit API keys to version control
- Use production API keys in development environments
- Embed API keys directly in client-side code
- Use a single API key across multiple services
Session Management
- API keys do not expire automatically
- The system tracks the last activity timestamp for each tenant
- Activity is updated when API calls are made (maximum once per 24 hours)
- Tenant suspension will invalidate all API keys for that tenant
Troubleshooting
If you're experiencing authentication issues:
-
Verify the API key format and prefix
Authorization: ApiKey {tenantID}.{apiKeyID}.{apiKeyToken} -
Ensure your tenant account is not suspended
-
Verify you're using HTTPS for all API requests
-
Check the response headers for additional error information
If you need to regenerate an API key, you can do so from the QA Sphere web application settings. Remember to update all services using the old key.