SEQ-8: Retrieve the audit log for a case

ziad.abourizk

Can anybody please help me how I can call a Seq 8 API Call from c#.net.These are my details

gatewayurl + "cases/" + caseSystemId + "/auditEvents";

What will be the dataToSign

Thanks in Advance

Irfan.Khan

@ziad.abourizk

I think the content length you are sending is incorrect.

Please compare the content length for the same payload in Postman and the one generated using your code.

Please do not UTF encode the payload for this API call.

Simply put the payload in a variable, lets say "msg" and directly calculate its length by using

msg_length=msg.Length; # Do not UTF 8 encode the payload and then calculate the length.

# After the length has been calculate feed it to the dataToSign variable.

Also, send the same content length in the authorization header too (msg.Length;)

Irfan.Khan

@ziad.abourizk

The dataToSign variable should be as below:

(request-target): post /v1/cases/0a3687d0-61fc-1aa9-9898-79020002677f/auditEvents

host: rms-world-check-one-api-pilot.thomsonreuters.com

date: Thu, 16 Aug 2018 06:51:17 GMT

content-type: application/json

content-length: 103

{ "query" : "actionType==SCREENED_CASE;eventDate>2010-01-01T00:00:00Z;eventDate<2020-01-01T00:00:00Z" }

Here,

0a3687d0-61fc-1aa9-9898-79020002677f- is my case system Id, you have to use your own case system Id to make this API call successful.

The below is the payload being used this request and should be fed in the dataToSign variable as well. However, the kind of content you are using depends on your use case. Please refer the audit API filter section in the schema reference document to know how can you use it.

"actionType==SCREENED_CASE;eventDate>2010-01-01T00:00:00Z;eventDate<2020-01-01T00:00:00Z" }

auditfilter.png

The authorization for this API call should be:

"Signature keyId="XXXXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date",signature="9waz5wx4FBLCZWpFumfM7514rpUe17oH5B9QeLRWHU8="

Kindly let me know if you need further clarification on this.

Irfan.Khan

@ziad.abourizk

Just to add on to my previous email, I will try suggesting an easy way to check if the API call you are making has the correct dataToSign value and the authorization in it.

First make an API request using your code. And lets say you are getting a 401 and you think that the dataToSign value or the authorization is incorrect, you can make the below checks to verify their format.

1. Use the "pre request script" option in Postman. The pre request script very clearly provides the right format of value required for each API call.

For example: Please check the pre-request script code of Postman for the audit API below:

function generateAuthHeader(dataToSign){
    var hash = CryptoJS.HmacSHA256(dataToSign,environment["api-secret"]);
    return hash.toString(CryptoJS.enc.Base64); 
}


var date = new Date().toGMTString();
var content = request.data.replace("{{user-id}}", environment["user-id"]);
var contentLength = unescape(encodeURIComponent(content)).length;


var dataToSign = "(request-target): post " + environment["gateway-url"] + "cases/" + environment["case-system-id"] + "/auditEvents\n" +
        "host: " + environment["gateway-host"] + "\n" +
        "date: " + date + "\n" +
        "content-type: " + environment["content"] +"\n" + 
        "content-length: " + contentLength + "\n" + 
        content;

var hmac = generateAuthHeader(dataToSign);
var authorisation = "Signature keyId=\"" + environment["api-key"] + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"" + hmac + "\"";


postman.setEnvironmentVariable("authorisation",authorisation);
postman.setEnvironmentVariable("currentDate",date);
postman.setEnvironmentVariable("contentLength",contentLength);

Please check the variable "dataToSign" and "authorisation" and compare it with the values generated by your code to find out the correct format. I am also attaching the screen capture of Postman that clearly shows where you can find the pre request script in Postman.

postmansnippet.png

2. Use the code section of the Postman to find the format in which the authorization header should be send.

Kindly let me know if you need further clarification on this.

ziad.abourizk

@Irfan.Khan

I am getting 401 error.

dataToSign

(request-target): post /v1/cases/0a3687d0-6523-15e6-994e-5ed400008dc8/auditEvents
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Thu, 16 Aug 2018 07:27:37 GMT
content-type: application/json
content-length: 121
{ "query" : "actionType == SCREENED_CASE; eventDate > 2010 - 01 - 01T00: 00:00Z; eventDate < 2020 - 01 - 01T00: 00:00Z" }

authorization

Signature keyId="xxxf",algorithm="hmac-sha256",headers="(request-target) host date",signature="t9iYCse0PXHcp8q0QHmlFk4HCr/Rx6uzq8OEUlXuvYM="

// Send the Request to the API server
HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create(requestendpoint);
// Set the Headers
WebReq.Method = "POST";
WebReq.Headers.Add("Authorization", authorisation);
WebReq.Headers.Add("Cache-Control", "no-cache");
WebReq.Date = dateValue; // use datetime value GMT time
WebReq.ContentType = "application/json";
WebReq.ContentLength = byte1.Length;
Stream newStream = WebReq.GetRequestStream();
newStream.Write(byte1, 0, byte1.Length);

// Get the Response - Status OK
HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
// Status information about the request

Thanks,

ziad.abourizk

https://community.developers.refinitiv.com/discussion/comment/30958#Comment_30958

@Irfan.Khan

I changed the authorization to

Signature keyId="xxxf",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="t9iYCse0PXHcp8q0QHmlFk4HCr/Rx6uzq8OEUlXuvYM="

its not 401 its a 400.

"The remote server returned an error: (400) Bad Request."}

Irfan.Khan

https://community.developers.refinitiv.com/discussion/comment/30981#Comment_30981

@ziad.abourizk

Please refer to the last reply I have sent in this post.

400 Bad request is due to incorrect payload format.

ziad.abourizk

https://community.developers.refinitiv.com/discussion/comment/30960#Comment_30960

thank you @Irfan.Khan, content length was the issue.