cases/ScreeningRequest on WorldCheck one API return 401 on postman

kingsley
kingsley Newcomer
in World-Check One

Hi Team,

I used the world check one API on postman for weeks and it worked but late last week it stopped working and started returning 401 errors when I make requests that require payloads. I've provided screenshots of my attempts.
Looking forward to a speedy resolution.

My request body looks like this:

{

"groupId":"{{group-id}}",

"entityType": "INDIVIDUAL",

"providerTypes": [

"WATCHLIST"

],

"name": "putin",

"secondaryFields":[],

"customFields":[]

}


Tagged:

Best Answer

  • Prabhjyot
    Prabhjyot LSEG
    Answer ✓

    @kingsley,

    Thank you for the response.

    It appears the content length which is being calculated for the payload is incorrect. 

    { "groupId":"5nzbfq98nr3g1ekclj7euibjk", "entityType": "INDIVIDUAL", "providerTypes": [ "WATCHLIST" ], "name": "putin", "secondaryFields":[], "customFields":[] }

    If the payload is passed in the above format, the content length should be - Content-Length: 161 

    {

    "groupId":"{ {group-id}}",

    "entityType": "INDIVIDUAL",

    "providerTypes": [

    "WATCHLIST"

    ],

    "name": "putin",

    "secondaryFields":[],

    "customFields":[]

    }

    If the body is passed in the above format, then the content length should be - Content-Length: 176

    You may use this link in order to reformat the request payload while using postman.

    Also, if you are using non English characters in the request body, the payload needs to be UTF-8 encoded.

    Please provide us the latest request and response header along with the request body, if the error exists after calculating the correct content-length.

Answers

  • Prabhjyot
    Prabhjyot LSEG

    @kingsley,

    Can you please share the request and response headers along with the request body to investigate on the cause of Error 401?

    You can access the headers via the console logs of the Postman. Use the shortcut ALT+CTRL+C on Windows native app.

  • kingsley
    kingsley Newcomer

    Date: Tue, 26 May 2020 04:59:57 GMTContent-Type: application/jsonAuthorization: Signature keyId="XXXXXXXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="pP7vf94UneBDryaY/2mL7yy3GQRvlNBKWPIIe9WYMOA="Content-Length: 179User-Agent: PostmanRuntime/7.25.0Accept: */*Cache-Control: no-cachePostman-Token: b723614c-f3a0-4693-b936-6831c9c98028Host: rms-world-check-one-api-pilot.thomsonreuters.comAccept-Encoding: gzip, deflate, brConnection: keep-alive▶Request Body


    { "groupId":"5nzbfq98nr3g1ekclj7euibjk", "entityType": "INDIVIDUAL", "providerTypes": [ "WATCHLIST" ], "name": "putin", "secondaryFields":[], "customFields":[] }▶Response HeadersStrict-Transport-Security: max-age=15552000, includeSubdomainsAuthorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length"Transfer-Encoding: chunkedDate: Tue, 26 May 2020 04:59:57 GMTServer: ""

  • Prabhjyot
    Prabhjyot LSEG
    https://community.developers.refinitiv.com/discussion/comment/60418#Comment_60418

    I have masked the API key from the above response.

  • kingsley
    kingsley Newcomer
    https://community.developers.refinitiv.com/discussion/comment/60420#Comment_60420

    thank you

  • kingsley
    kingsley Newcomer

    The content length is calculated dynamically with the following pre-request script on postman. Is there anything i need to change in this script?

    function generateAuthHeader(dataToSign){

    var hash = CryptoJS.HmacSHA256(dataToSign,environment["api-secret"]);

    return hash.toString(CryptoJS.enc.Base64);

    }

    function isEnvValuePopulated(envVal) {

    if (_.isEmpty(pm.environment.get(envVal))) {

    pm.environment.set(envVal, "--REQUIRED-VALUE-MISSING--");

    return false;

    } else {

    return true;

    }

    }

    isEnvValuePopulated("group-id");

    var date = new Date().toGMTString();

    var content = request.data;

    content = content.replace("{{group-id}}", environment["group-id"]);

    var contentLength = unescape(encodeURIComponent(content)).length;

    var dataToSign = "(request-target): post " + environment["gateway-url"] + "cases/screeningRequest\n" +

    "host: " + environment["gateway-host"] + "\n" +

    "date: " + date + "\n" +

    "content-type: " + environment["content"] +"\n" +

    "content-length: " + contentLength + "\n" +

    content;

    var hmac = generateAuthHeader(dataToSign);

    var authorisation = "Signature keyId=\"" + environment["api-key"] + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"" + hmac + "\"";

    postman.setEnvironmentVariable("authorisation",authorisation);

    postman.setEnvironmentVariable("currentDate",date);

    postman.setEnvironmentVariable("contentLength",contentLength);

  • Prabhjyot
    Prabhjyot LSEG

    @kingsley,

    No change is required in the postman pre-request script. Can you please try this link to re-format the payload and use the updated one to give it a re-try?

    If this does not help, could you please try re-installing postman on your system and see if that helps?

  • kingsley
    kingsley Newcomer

    I just re-installed postman and re-formatted the payload but it still doesn't work. It seems like this issue is specific to just my computer because I've seen this request work on other computers but not mine.
    I'll get back to that later. But for now I'm trying to use a python script to connect to this endpoint.

    This is the message

    f"(request-target): post {fetch_metadata_key('gateway_url')} cases/screenRequest\nhost: {fetch_metadata_key('gateway_host')}\n date: {date}\n content-type: application/json\n content-length: {str(content_length)}\n{str(payload)}"

    This is the HMAC algorithm

    import hmac, hashlib, base64

    def generate_auth_header(message):

    message = bytes('Message', 'utf-8')

    secret = bytes(fetch_metadata_key('api_secret'), 'utf-8')

    signature = base64.b64encode(hmac.new(secret, message, digestmod=hashlib.sha256).digest())

    return signature

    I use this function to return the date in the right format

    def get_time_format_GMT():

    return datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')

    Then i concatenate the authorization header like this

    authorization = f"Signature keyId=\"{fetch_metadata_key('aml_api_key')}\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"{hmac}\""


    The cases/screeningRequest return 401. What am i missing with my implementation or do you have a sample python implementation of this authorization mechanism?

  • Prabhjyot
    Prabhjyot LSEG
    https://community.developers.refinitiv.com/discussion/comment/60444#Comment_60444

    @kingsley,

    I have dropped you an email for further discussion on the same. Looking forward for your response.

Categories