...e/ Express Backend
Hi,
I am using a demo account for World Check One APIs. I needed to consume a few APIs and display information on the Frontend (ReactJs). Can understand that due to browser's CORS policy was getting 401 response code on the Frontend but I tried consuming the API on a Node/ Express backend environment and still getting the same response code and no data. I have tested the APIs on Postman as well as Java and it is working fine but need a solution for JavaScript based Frontend and Backend.
Copying the code for reference:
// Using Axios client to consume API
const url = "https://api-worldcheck.refinitiv.com/v2/cases/screeningRequest";
const body = JSON.stringify({
groupId: "********",
entityType: "INDIVIDUAL",
caseId: "",
providerTypes: ["WATCHLIST"],
caseScreeningState: {
WATCHLIST: "INITIAL",
},
name: "John Smith",
nameTransposition: false,
secondaryFields: [],
customFields: [],
});
const options = {
headers: {
"Date": new Date(),
"Content-Type": "application/json",
"Authorization": authorisationCode(),
"Content-Length": "10000",
},
redirect: "follow",
body
};
axios
.post(
url,
// body,
options
)
.then((response) => {
console.log("response", response);
})
.catch((error) => {
console.log("error", error);
});
// method used to generate Authorisation Code, this is working fine
const authorisationCode = () => {
var date = new Date().toGMTString();
var dataToSign =
"(request-target): get " +
"/v2/" +
"groups\n" +
"host: " +
"api-worldcheck.refinitiv.com" +
"\n" +
"date: " +
date;
var hmac = generateAuthHeader(dataToSign);
var authorisation =
'Signature keyId="' +
"**********" +
'",algorithm="hmac-sha256",headers="(request-target) host date",signature="' +
hmac +
'"';
return authorisation;
};
const generateAuthHeader = (dataToSign) => {
var hash = CryptoJS.HmacSHA256(
dataToSign,
"**********"
);
return hash.toString(CryptoJS.enc.Base64);
};
Following is the response both on Frontend and Backend respectively:
Frontend:
Backend:
status: 401,
statusText: '',
headers: AxiosHeaders {
date: 'Fri, 14 Apr 2023 12:01:15 GMT',
'transfer-encoding': 'chunked',
connection: 'close',
'content-security-policy': "default-src 'none'; frame-ancestors 'none'",
'strict-transport-security': 'max-age=15552000; includeSubDomains',
'x-frame-options': 'DENY',
'x-xss-protection': '1; mode=block',
'x-content-type-options': 'nosniff',
authorization: 'WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length"'
},