(401) Unauthorized response executing POST using HttpWebRequest

gerhardtm

When I execute the following code with the requestendpoint variable set to "https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases", I get a result.

When I change the requestendpoint variable to "https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases/screeningRequest", I get a (401) Unauthorized error

My C# code is as follows:

DateTime dateValue = DateTime.UtcNow;

string date = DateTime.UtcNow.ToString("R");

string apikey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";

string apisecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";

string gatewayurl = "/v1/";

string gatewayhost = "rms-world-check-one-api-pilot.thomsonreuters.com";

string requestendpoint = "https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases/screeningRequest";

string postData = "{\"secondaryFields\":[],\"entityType\":\"INDIVIDUAL\",\"customFields\":[],\"groupId\":\"0a3687cf-6c70-198a-9b22-d3fa000009bb\",\"providerTypes\":[\"WATCHLIST\"],\"name\":\"john smith\"}";

UTF8Encoding encoding = new UTF8Encoding();

byte[] byte1 = encoding.GetBytes(postData);

string dataToSign = "(request-target): post " + gatewayurl + "cases\n" +

"host: " + gatewayhost + "\n" + // no https only the host name

"date: " + date + "\n" + // GMT date as a string

"content-type: " + "application/json" + "\n" +

"content-length: " + byte1.Length + "\n" +

postData;

string hmac = generateAuthHeader(dataToSign, apisecret);

string authorisation = "Signature keyId=\"" + apikey + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"" + hmac + "\"";

HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create(requestendpoint);

WebReq.Method = "POST";

WebReq.Headers.Add("Authorization", authorisation);

WebReq.Headers.Add("Cache-Control", "no-cache");

WebReq.ContentLength = postData.Length;

WebReq.Date = dateValue; // use datetime value GMT time

WebReq.ContentType = "application/json";

WebReq.ContentLength = byte1.Length;

Stream newStream = WebReq.GetRequestStream();

newStream.Write(byte1, 0, byte1.Length);

// Get the Response - Status OK

HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();

// Status information about the request

Console.WriteLine(WebResp.StatusCode);

Console.WriteLine(WebResp.ResponseUri);

// Get the Response data

Stream Answer = WebResp.GetResponseStream();

StreamReader _Answer = new StreamReader(Answer);

string jsontxt = _Answer.ReadToEnd();

// convert json text to a pretty printout

var obj = Newtonsoft.Json.JsonConvert.DeserializeObject(jsontxt);

var f = Newtonsoft.Json.JsonConvert.SerializeObject(obj, Newtonsoft.Json.Formatting.Indented);

Console.WriteLine(f);

Console.WriteLine("Press any key");

Console.ReadKey(); // pause for any key

}

// Combine the data signature and the API secret key to get the HMAC

// This is the Microsoft HMACSHA256 code copied from the documentation

public static string generateAuthHeader(string dataToSign, string apisecret)

{

byte[] secretKey = Encoding.UTF8.GetBytes(apisecret);

HMACSHA256 hmac = new HMACSHA256(secretKey);

hmac.Initialize();

byte[] bytes = Encoding.UTF8.GetBytes(dataToSign);

byte[] rawHmac = hmac.ComputeHash(bytes);

string hex = BitConverter.ToString(rawHmac).Replace("-", "");

return (Convert.ToBase64String(rawHmac));

}

Any help will be appreciated

Irfan.Khan

@gerhardtm

Please keep the data to sign value as below and it should work:

string dataToSign = "(request-target): post " + gatewayurl + "cases/screeningRequest\n" +
"host: " + gatewayhost + "\n" + // no https only the host name
"date: " + date + "\n" + // GMT date as a string
"content-type: " + "application/json" + "\n" +
"content-length: " + byte1.Length + "\n" +
postData

Kindly let me know if the solution helped you.

gerhardtm

Thank you, that did the trick.