Getting 401 response code when consuming World Check One APIs on ReactJS Frontend and also on Nod...

ali.saif

...e/ Express Backend

Hi,

I am using a demo account for World Check One APIs. I needed to consume a few APIs and display information on the Frontend (ReactJs). Can understand that due to browser's CORS policy was getting 401 response code on the Frontend but I tried consuming the API on a Node/ Express backend environment and still getting the same response code and no data. I have tested the APIs on Postman as well as Java and it is working fine but need a solution for JavaScript based Frontend and Backend.

Copying the code for reference:

// Using Axios client to consume API
const url = "https://api-worldcheck.refinitiv.com/v2/cases/screeningRequest";

  const body = JSON.stringify({
    groupId: "********",
    entityType: "INDIVIDUAL",
    caseId: "",
    providerTypes: ["WATCHLIST"],
    caseScreeningState: {
      WATCHLIST: "INITIAL",
    },
    name: "John Smith",
    nameTransposition: false,
    secondaryFields: [],
    customFields: [],
  });

  const options = {
    headers: {
      "Date": new Date(),
      "Content-Type": "application/json",
      "Authorization": authorisationCode(),
      "Content-Length": "10000",

    },
    redirect: "follow",
    body
  };

  axios
    .post(
      url,
      // body,
      options
    )
    .then((response) => {
      console.log("response", response);
    })
    .catch((error) => {
      console.log("error", error);
    });  

// method used to generate Authorisation Code, this is working fine
const authorisationCode = () => {
  var date = new Date().toGMTString();
  var dataToSign =
    "(request-target): get " +
    "/v2/" +
    "groups\n" +
    "host: " +
    "api-worldcheck.refinitiv.com" +
    "\n" +
    "date: " +
    date;
  var hmac = generateAuthHeader(dataToSign);
  var authorisation =
    'Signature keyId="' +
    "**********" +
    '",algorithm="hmac-sha256",headers="(request-target) host date",signature="' +
    hmac +
    '"';
  return authorisation;
};

const generateAuthHeader = (dataToSign) => {
  var hash = CryptoJS.HmacSHA256(
    dataToSign,
    "**********"
  );
  return hash.toString(CryptoJS.enc.Base64);
};

Following is the response both on Frontend and Backend respectively:

Frontend:

Backend:

status: 401,
    statusText: '',
    headers: AxiosHeaders {
      date: 'Fri, 14 Apr 2023 12:01:15 GMT',
      'transfer-encoding': 'chunked',
      connection: 'close',
      'content-security-policy': "default-src 'none'; frame-ancestors 'none'",
      'strict-transport-security': 'max-age=15552000; includeSubDomains',
      'x-frame-options': 'DENY',
      'x-xss-protection': '1; mode=block',
      'x-content-type-options': 'nosniff',
      authorization: 'WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length"'
    },

judith.pillado.lseg

Hello @ali.saif - thank you for reaching out to us! I will be investigating this and will get back to you once I have an update.

judith.pillado.lseg

Hello @ali.saif - I have reached out via email but did not receive a response. Have you been able to resolve?