I'm using python at the backend and want to call the API via python code and don't want to use javascript at all.
@tc
Thank you for your response.
I just wrote a sample python script for saving a case API call. You can have a look at this and find out how to place the content in the dataToSign variable.
Kindly note the sample code provided is just to give you an example of how to send successful requests to WC1 API.
During implementation, we expect our client to use their own code which has tried and tested to get consistent results.
As I understand, you would like to call the APIs using your Python code and not using the Postman. Or would you like to call the APIs using Postman but want to write the pre request script in Python instead of JS?
If you are using your code in your server to call the API requests, then you do not have to use the pre request script, you can write the functions in python which would mimic what pre request script does like creating HMAC using your API key and dataToSign variable, creating date header value in GMT and sending authorization headers in a distinct format to the WC1 API.
this is exactly what i am doing, but getting 401 in case while creating a case, as it requires body inside request as well as inside datatoSign string.`var dataToSign = "(request-target): post " + environment["gateway-url"] + "cases\n" + "host: " + environment["gateway-host"] + "\n" + "date: " + date + "\n" + "content-type: " + environment["content"] +"\n" + "content-length: " + contentLength + "\n" + content; `I am able to get the exact same authorization string which i get in postman (date and hmac is different ofcourse) but getting 401.
@Irfan.Khan: Thanks a lot for the code. It worked. i am getting 401 on the first call for every request i make, request after the first one are a success. are you aware about this issue?
401 request and response headers:`{'Authorization': 'Signature keyId="a4364e62-e58b-4b64-9c71-faead5417557",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="ddj05fvtrMzyOAnduFYe5ZIRb+qSUUUqAVVSxsfGMko="', 'Date': 'Thu, 01 Nov 2018 12:37:55 GMT', 'Content-Type': 'application/json', 'Content-Length': '159'}``{'X-Application-Context': 'application', 'Authorization': 'WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length', 'Transfer-Encoding': 'chunked', 'Date': 'Fri, 02 Nov 2018 05:24:18 GMT', 'Server': '""'}`
@Irfan.Khan ^
@Irfan.Khan: this is happening for every request, the first request is 401 and next consecutive requests are the success, and after some time the same cycle repeats.
I see that request header has the below date header value:
'Thu, 01 Nov 2018 12:37:55 GMT'
While the response headers has the below date header value:
'Fri, 02 Nov 2018 05:24:18 GMT'
Clearly the time stamp being sent in the request is invalid, hence you are getting a 401 error. May be when you send the first request it picks up the old date header value from the code and this why the first request fails with a 401.
If you are sending concurrent request and do not generate new time stamp for each request, then requests will start failing after 40 to 50 seconds as the time stamp will become outdated. The time difference allowed between the response date header and the request header value is 30 to 40 seconds, anything more than that and the API server will reject the request.
Hope this helps.
Following up to find out if you need further assistance on this.
Thanks.
Thanks a ton, @Irfan.Khan for the assistance.Everything is working fine now.
Request you to accept the answer so that it can guide other users having queries of same nature.