World Check One API Case Screening 401 Unauthorized.

ziad.abourizk

Hello,
I am creating a screening app in C# using the code snippet downloaded from Code Examples. When I try to use my API Key I am getting 401 error.

Error message
The remote server returned an error: (401) Unauthorized.
Data to Sign
(

(request-target): post /v1/cases
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Thu, 09 Aug 2018 13:44:45 GMT
content-type: application/json
content-length: 122
{"entityType":"INDIVIDUAL","groupId":"0a3687d0-64a6-1d01-9945-11b100000dfc","providerTypes":["WATCHLIST"],"name":"putin"}

Authorization header

Signature keyId="XXXXXXXXXXXXXXXXXXXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="RFA1OrzVIoACPV6uLxhQildTBNhjOVxtGhxt2iiQxcw="

Appreciate for the help!

Prabhjyot

@ziad.abourizk,

As per the below link your current issue is resolved. Can you please accept this answer, so that the same is verified?

Link -

https://community.developers.refinitiv.com/questions/30738/world-check-one-api-case-screening-401-unauthorize-2.html?childToView=30756#answer-30756

Irfan.Khan

@ziad.abourizk

Can you please remove or mask the API key from the post?

I have made the question private for the moment. I will make it public as soon as you have removed the API key.

Updates to follow in regard to the error.

Prabhjyot

@ziad.abourizk,

From the above provided information, the content length being generated for the below string is 122. However, on investigating further the actal content length seems to be 121.

{"entityType":"INDIVIDUAL","groupId":"0a3687d0-64a6-1d01-9945-11b100000dfc","providerTypes":["WATCHLIST"],"name":"putin"}

Secondly, can you please check the HMAC signature which is being generated using the postman is same as the one being generated from your code for the same timestamp?

ziad.abourizk

Hello @Prabhjyot.Mandla

I tried postman and c# code with same timestamp. The HMAC signature key is different.

Please see the details here.

Postman
var settings = {
"async": true,
"crossDomain": true,
"url": "https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases/screeningRequest",
"method": "POST",

"headers": {
"Date": "Sun, 12 Aug 2018 05:43:03 GMT",
"Authorization": "Signature keyId=\\\"XXXXXXXXXXXXXXXXXXXXXXXXXXX\\\",algorithm=\\\"hmac-sha256\\\",
headers=\\\"(request-target) host date content-type content-length\\\",signature=\\\"meuBzTyEuRjycW4Yh0/Gm0tm1un048HevwjfLVF607c=\\\"",

"Content-Length": "146",
"Content-Type": "application/json",
"Cache-Control": "no-cache",
"Postman-Token": "90a4d123-6f41-4b66-a0ba-6907745068e9"
},

"processData": false,
"data": "{\n \"groupId\":\"0a3687d0-64a6-1d01-9945-119200000daf\",\n \"entityType\": \"INDIVIDUAL\",\n \"providerTypes\": [\n \"WATCHLIST\"\n ],\n \"name\": \"Bashar\"\n}"
}

my C# code

(request-target): post /v1/cases
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Sun, 12 Aug 2018 05:43:03 GMT
content-type: application/json
content-length: 122
{"entityType":"INDIVIDUAL","groupId":"0a3687d0-64a6-1d01-9945-11b100000dfc","providerTypes":["WATCHLIST"],"name":"Bashar"}

Signature keyId="XXXXXXXXXXXXXXXXXXXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="w7zZZ8lWk+r+MMXV1H8xKUhVsQn9tw4/NUFpZ79v2Hs="