Here we go. I followed the QC Rest API documentation to study the order that QC expects requests to be made. I've tested it against ALM11. I'm new to cURL as well, but this should get you in and working......

<?php

//create a new cURL resource
$qc = curl_init();
//create a cookie file
$ckfile = tempnam ("/tmp", "CURLCOOKIE");

//set URL and other appropriate options
curl_setopt($qc, CURLOPT_URL, "http://qualityCenter:8080/qcbin/rest/is-authenticated");
curl_setopt($qc, CURLOPT_HEADER, 0);
curl_setopt($qc, CURLOPT_HTTPGET, 1);
curl_setopt($qc, CURLOPT_RETURNTRANSFER, 1);

//grab the URL and pass it to the browser
$result = curl_exec($qc);
$response = curl_getinfo($qc);

//401 Not authenticated (as expected)
//We need to pass the Authorization: Basic headers to authenticate url with the 
//Correct credentials.
//Store the returned cookfile into $ckfile
//Then use the cookie when we need it......
if($response[http_code] == '401')
{

        $url = "http://qualityCenter:8080/qcbin/authentication-point/authenticate";
        $credentials = "qc_username:qc_password";
        $headers = array("GET /HTTP/1.1","Authorization: Basic ". base64_encode($credentials));

    curl_setopt($qc, CURLOPT_URL, $url);
    curl_setopt($qc, CURLOPT_HTTPGET,1); //Not sure we need these again as set above?
    curl_setopt($qc, CURLOPT_HTTPHEADER, $headers);
    //Set the cookie
        curl_setopt($qc, CURLOPT_COOKIEJAR, $ckfile);
        curl_setopt($qc, CURLOPT_RETURNTRANSFER, true);

        $result = curl_exec($qc);
        $response = curl_getinfo($qc);

       //The response will be 200   
       if($response[http_code] == '200')
       {
        //Use the cookie for subsequent calls...
        curl_setopt($qc, CURLOPT_COOKIEFILE, $ckfile);
        curl_setopt($qc, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($qc, CURLOPT_URL, "http://qualityCenter:8080/qcbin/rest/domains/Your_Domain/projects/Your_Project/defects");

    //In this example we are retrieving the xml so...
        $xml = simplexml_load_string(curl_exec($qc));
        print_r($xml);

    //Call Logout
        logout($qc,"http://qualityCenter:8080/qcbin/authentication-point/logout");

       }
       else
       {
        echo "Authentication failed";
       }

    }
else
{
        echo "Not sure what happened?!";
}

//Close cURL resource, and free up system resources
curl_close($qc);

function logout($qc, $url)
{
    curl_setopt($qc, CURLOPT_URL, $url);
        curl_setopt($qc, CURLOPT_HEADER, 0);
        curl_setopt($qc, CURLOPT_HTTPGET,1);
        curl_setopt($qc, CURLOPT_RETURNTRANSFER, 1);

    //grab the URL and pass it to the browser
    $result = curl_exec($qc);
}

?>

Let me know if it worked!

Thanks,

Rich

Here is my solution in Perl for this problem: The authentication step is performed first, setting the cookie for the next libcurl request which then can be performed with no problems. This is a version for background jobs. For a dialog application, the credentials could be passed through from the user's input instead. Also, I had to do this with https instead of http. The Perl program also shows how to instruct curl for https (there is a very good how-to on http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/ ).

#!/usr/bin/perl 

# This script accesses, as a proxy, the REST API of the HP quality center
# Running it without query parameter, the complete list of defects is returned
# A query parameter, e.g. 'query={id[2283]}' will be passed as is to the HP QC API

# We are using the libcurl wrapper WWW::Curl::Easy
# The access is https, so a certificate has to be passed to libcurl
# The main point for using curl, however, is the authentication procedure:
# HP requires a preparative call to a special authentication service
# The authentication ticket will then be passed back as a cookie
# Only with this ticket, the real GET request on the defects can be performed

use WWW::Curl::Easy;

use strict;
use warnings;

use constant {
  URL_QC_DEFECTS   => "https://[QC DOMAIN]/qcbin/rest/domains/[DOMAIN]/projects/[PROJECT]/defects/",
  URL_QC_AUTH      => "https://[QC DOMAIN]/qcbin/authentication-point/authenticate",
  PATH_CERT        => "[PATH TO CREDENTIALS]"  # contains certificate and credentials, see below
  };

doRequest( URL_QC_DEFECTS . "?" . $ENV{QUERY_STRING} );
return 0;

sub doRequest {
  my ($url,$cookies,$response) = (shift,"","");
  eval {
    my $curl = get_curl_instance(\$cookies,\$response);
    authenticate( $curl );
    get( $curl, $url );
    if ($response =~ /.*?(<\?xml\b.*)/s) {
      print "Content-Type:text/xml\n\n";
      print $1;
      }
    else {
      die "The response from HP QC is not in XML format";
      }
    };
  if ($@) {
    print "Content-Type:text/plain\n\n$@";
    }
  }

sub get_curl_instance {

  my ($cookie,$response) = @_;

  my $curl = WWW::Curl::Easy->new( );  

  open( my $cookiefile, ">", $cookie) or die "$!";
  $curl->setopt( CURLOPT_COOKIEFILE, $cookiefile );  
  open( my $responsefile, ">", $response) or die "$!";  
  $curl->setopt( CURLOPT_WRITEDATA, $responsefile );  
  $curl->setopt( CURLOPT_SSL_VERIFYPEER, 1);
  $curl->setopt( CURLOPT_SSL_VERIFYHOST, 2);
  $curl->setopt( CURLOPT_CAINFO, cert() );  
  $curl->setopt( CURLOPT_FOLLOWLOCATION, 1 );
  return $curl;
  }

sub authenticate {
  my $curl = shift;
  my ($rc,$status);
  $curl->setopt( CURLOPT_URL, URL_QC_AUTH );
  $curl->setopt( CURLOPT_USERPWD, cred( ) );  
  if (($rc = $curl->perform( )) != 0) {
    die "Error Code $rc in curl->perform( ) on URL " . URL_QC_AUTH;
    }
  if (($status=$curl->getinfo(CURLINFO_HTTP_CODE))!="200") {
    die "HTTP-Statuscode $status from authentication call";
    }   
  }


sub  get {
  my ($curl,$url) = @_;
  my ($rc,$status);
  $curl->setopt( CURLOPT_URL, $url );
  $curl->setopt( CURLOPT_HEADER, { Accept => "text/xml" } );
  if (($rc = $curl->perform( )) != 0) {
    die "Error Code $rc from defects request";
    }
  if (($status=$curl->getinfo(CURLINFO_HTTP_CODE))!="200") {
    die "HTTP Statuscode $status from defects request";
    }   
  }

sub cred {
  open CRED, PATH_CERT . '/.cred_qc' or die "Can't open credentials file: $!";
  chomp( my $cred = <CRED>); 
  close CRED;
  return $cred;
  }

sub cert {
  return PATH_CERT . '/qc.migros.net.crt';
  }  

one of the important things to keep in mind is after authenticating you must do the following POST /qcbin/rest/site-session with cookies LWSSO

this will return QCSession and XSRF-TOKEN which are needed to perform any operations