We are trying to hit the v2/cases/screeningRequest from our Haskell application. The request is made from a function called postWith. We are getting 400 bad request when request made from application whereas getting 200 response when request is made from Postman. The generated signature is same as with the postman signature when Date is hard-coded in postman. I also think the issue is not with the Date generated since it is also in sync with Postman generated Date.
I'm pasting the request headers and body here for your reference which I tried at 21.00 IST.
dataToSign:
"(request-target): post /v2/cases/screeningRequest\nhost: api-worldcheck.refinitiv.com\ndate: Tue, 22 Aug 2023 15:29:58 GMT\ncontent-type: application/json\ncontent-length: 237\n{\"caseId\":\"\",\"caseScreeningState\":{\"WATCHLIST\":\"INITIAL\"},\"customFields\":[],\"entityType\":\"INDIVIDUAL\",\"groupId\":\"5555555555555555555555555\",\"name\":\"John Smith\",\"nameTransposition\":false,\"providerTypes\":[\"WATCHLIST\"],\"secondaryFields\":[]}"
Authorisation header:
"Signature keyId=\"***\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"GF/aRq1tVSO/2M6pXzCkFvz+SomD3HIUWkZVbhlnZ78=\""
Request body:
{"caseId":"","caseScreeningState":{"WATCHLIST":"INITIAL"},"customFields":[],"entityType":"INDIVIDUAL","groupId":"***","name":"John Smith","nameTransposition":false,"providerTypes":["WATCHLIST"],"secondaryFields":[]}
All request headers:
headers = [(\"Host\",\"api-worldcheck.refinitiv.com\"),(\"Authorization\",\"Signature keyId=\\\"***\\\",algorithm=\\\"hmac-sha256\\\",headers=\\\"(request-target) host date content-type content-length\\\",signature=\\\"GF/aRq1tVSO/2M6pXzCkFvz+SomD3HIUWkZVbhlnZ78=\\\"\"),(\"Date\",\"Tue, 22 Aug 2023 15:29:58 GMT\"),(\"Content-Length\",\"237\"),(\"Content-Type\",\"application/json\"),(\"User-Agent\",\"haskell wreq-0.5.4.0\")]
This header is been taken from terminal so no need of worrying about the extra back slashes.
Note: the exact request body works on postman with same header even with the same useragent.