Rest API authentication support in SSC 20.1x

First of all, Fortify created a lot of trouble by disabling Basic authentication with REST APIs. When app is deployed behind TLS, then it can be an acceptable solution.

Besides, with this change the FortifyToken Header started returning 401 for any user token created.

curl -X GET "">xxxxxxxxxxx:8443/.../projectVersions -H "Accept: application/json" -H "Authorization: FortifyToken MzhlODY2MzctMzI1My00NjdkLWExNjgtZGY4ODNhNzc1ZDlm" -H "Content-Type: application/json" -k
{"message":"Access Denied. Unauthorized access","responseCode":401,"errorCode":-10301}

Here token provided is AnalysisUpload token and as per definition :
This multi-use token specification is used to facilitate authentication to Software Security Center (SSC) when a user wishes to programmatically upload a Fortify project report (FPR) to an application version for multiple uploads, and list all application versions associated with the user.

This stopped working as well. The documentation is also not proper.
Something needs to be done about it.

Tags: