Unauthorized 401 when calling /cases with POST

malatasi

Hello,

I was looking into testing our access by generating a simple request to the Pilot environment, using a POST request to the “/cases” relative path (rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases) and was getting a response back with the unauthorized 401 error.

So just wanted to confirm that the authorization header is required for this environment, and if so I have the following questions:

• Should the HMAC value (which is computed by the API client and provided in the signature attribute of the authorization header of the request) match that of the example provided in the security.html file, when the same security key is used in the computation (1234 in that case)?
  • If so, I wasn’t able to compute the exact HMAC base64-encoded signature, neither online nor through standard Java libraries (e.g. javax.crypto.Mac, javax.crypto.spec.SecretKeySpec, org.apache.commons.codec.binary.Hex, java.util.Base64)
  • Does the spacing for the sample signing text for the HMAC computation matter (specifically indentation within the JSON part of the text)?

Thanks!

Mohamad

brian.bourgault

Hi @malatasi,

There are number of reasons a request will fail and return 401 Unauthorized.

Our clients have found the best approach to learning the API has been to download Postman (free) and the World-Check One API Postman Collection. The API collection is available in the downloads tab on the Dev Com portal and the JSON environment file has the WC1 pilot user credentials so the API examples work right "out of the box"

You'll see the Pre-script has the Authorization header code required for every request.

And yes, a space in the signature will affect the authorization signature.

Hope this helps,

Brian

brian.bourgault

Consider watching:

World-Check One API – Overview and Quick Start