World Check One API Case Screening 401 Unauthorized.

Options
cliff.ching
cliff.ching Newcomer
in World-Check One

Hi,

Trying to call the initial screening method in C# but failed. So far I am able to call other GET and POST request like create case, retrieve results by case ID and retrieve profile so I believe the hash function should work.

Error message

The remote server returned an error: (401) Unauthorized.

Data to Sign

(request-target): post /v1/cases/0a3687cf-611f-1b89-9879-5ac3001512ed/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Fri, 02 Mar 2018 07:07:56 GMT
content-type: application/json
content-length: 0

Authorization header

Signature keyId="0b9f66af-04f0-413f-aae7-b4ea74bf97db",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="buACKiUSn0QciQtpSL0bfdFXxGIy/txpL17Y9hb9dMM="

Appreciate for the help!

Tagged:

Best Answer

  • Irfan.Khan
    Irfan.Khan LSEG
    Answer ✓

    Hello @cliff.ching ,

    As the "SEQ-4a: Screen a case" calling the endpoint "screeningRequest" does not have a body in its request, so I think you should not include "content-type" and "content-length" in the "datatoSign" string object and in the authorization header.

    I am writing a code snippet below. Can you please re code your script similar to the below snippet and let me know if it works.

    string dataToSign = "(request-target): post " + gatewayurl + "groups\n" +  "host: " + gatewayhost + "\n" +  // no https only the host name 
     "date: " + date;  // GMT date as a string

         string hmac = generateAuthHeader(dataToSign, apisecret);
    string authorisation = "Signature keyId=\"" + apikey + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" + hmac + "\"";

    The WCI API post requests like "SEQ-2b: Save a very simple case" has a body and hence you should include "content-type" and "content-length" in both "data to sign" headers but not in "SEQ-4a: Screen a case".

    For knowing what kind of data to send in which request, I strongly recommend you to install native Postman. Then download our Postman collections from the developer community "Download Section" and import it to Postman and fire APIs from it to understand how Postman sends data to the WC1 API. You can also generate the code in your preferred language in Postman which can help you to write better code to achieve your use case.

    You can download Postman Collections from the link below. You have to use your dev com log in credentials to view the page.

    https://developers.thomsonreuters.com/customer-and-third-party-screening/world-check-one-api/downloads

    Kindly let me if your code is working after making the mentioned amendments.

    Thanks,

    Irfan Khan

Answers

Categories