I am following the guidance here: http://alm-help.saas.hp.com/en/12.50/api_refs/REST_TECH_PREVIEW/Content/General/Session_Management.html

I send the following request to alm12.test.com/qcbin/authentication-point/alm-authenticate

Headers:

Content-Type: application/xml Accept: application/xml

Request

<?xml version='1.0' encoding='utf-8'?><alm-authentication><user>userxy</user><password>yyy</password></alm-authentication>

Which results in the following repsonse (LWSSO_COOKIE_KEY): Content-Length: 0 Date: Mon, 02 May 2016 13:28:00 GMT Set-Cookie: LWSSO_COOKIE_KEY=o1MfQIVWQg2x09CKUlkqARQsRHAhvADYsKhl4AM2ARiJpJesV_fA6xVeYbm4ek1CPdbmmsOGMaCORTsOmHMJVa3V5JKQLIywiubZQQtFfV15PS82qj4bRJ6mhmGqZU6XU8DMPLYuSLfRjfjLrxtix6cMHD1JpdlYHhTxfbo5No62s36Hw8UH12lZlrGzPfY_EFJE8k28TPqflXJQccdHErbCG8.;Path=/;HTTPOnly Server: Jetty(7.5.4.v20111024)

No I send a request to alm12.test.com/qcbin/rest/site-session to open a session Header Content-Type: application/xml Accept: application/xml Cookie: LWSSO_COOKIE_KEY=o1MfQIVWQg2x09CKUlkqARQsRHAhvADYsKhl4AM2ARiJpJesV_fA6xVeYbm4ek1CPdbmmsOGMaCORTsOmHMJVa3V5JKQLIywiubZQQtFfV15PS82qj4bRJ6mhmGqZU6XU8DMPLYuSLfRjfjLrxtix6cMHD1JpdlYHhTxfbo5No62s36Hw8UH12lZlrGzPfY_EFJE8k28TPqflXJQccdHErbCG8.;Path=/;HTTPOnly

Unfortunately I just get an error code 400 - Bad Request.

What am I doing wrong?

The cookie value that you pass seems incorrect.

It should be LWSSO_COOKIE_KEY=oPGiBQVkwhZ4uThtZj1MfQIVWQg2x09CKUlkqARQsRHAhvADYsKhl4AM2ARiJpJesV_fA6xVeYbm4ek1CPdbmmsOGMaCORTsOmHMJVa3V5JKQLIywiubZQQtFfV15PS82qj4bRJ6mhmGqZU6XU8DMPLYuSLfRjfjLrxtix6cMHD1JpdlYHhTxfbo5No62s36Hw8UH12lZlrGzPfY_EFJE8k28TPqflXJQccdHErbCG8.

Don't include ;Path=/;HTTPOnly

Here is the Python Implementation:

First POST request ( LWSSO_COOKIE_KEY ) Second POST request ( QCSession )

self.headers = {}
response = requests.post(self.auth_endpoint, auth=HTTPBasicAuth(self.user_name, self.password),
                                 headers=self.headers)
        if response.status_code == 200:
            cookieName = response.headers.get('Set-Cookie')
            LWSSO_COOKIE_KEY = cookieName[cookieName.index("=") + 1: cookieName.index(";")]
            self.cookies['LWSSO_COOKIE_KEY'] = LWSSO_COOKIE_KEY
        response = requests.post(self.qc_session_endpoint, headers=self.headers, cookies=self.cookies)
        if response.status_code == 200 | response.status_code == 201:
            cookieName = response.headers.get('Set-Cookie').split(",")[1]
            QCSession = cookieName[cookieName.index("=") + 1: cookieName.index(";")]
            self.cookies['QCSession'] = QCSession