Best way to implement the WC1 Request Signature in Java

Thanks for your response.

Can you please check the time difference between the request and the response as per the headers? Your system clock must be in sync with NTP. If the time difference between request and response headers timestamp is more than 30 seconds, it will also change the validity of the hmac signature, resulting in error 401.

All comments

Thank you for your query.

Can you please share the request and response headers along with the request body of the failed request, masking the API credentials from the Authorization, so we may look into the cause of the error?

I am using a Feign Client in order to execute SEQ-screen-sync-simple in WC1 Version 2.0.

In Java, this is what I get from the logs:

POST https://rms-world-check-one-api-pilot.thomsonreuters.com/v2/cases/screeningRequest HTTP/1.1 Accept: application/json Content-Type: application/json Content-Length: 280 Date: Thu, 03 Dec 2020 07:40:50 GMT Authorization: Signature keyId="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-length content-type",signature="XXXXXXXXXXXXXXXXXXXXXXXXXXX"

This is a cURL example (taken from WC1 Postman Collection). Same payload and works in Postman.

curl --location --request POST 'https://rms-world-check-one-api-pilot.thomsonreuters.com/v2/cases/screeningRequest'; \ --header 'Date: Thu, 03 Dec 2020 07:38:01 GMT' \ --header 'Content-Type: application/json' \ --header 'Authorization: Signature keyId="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-length content-type",signature="XXXXXXXXXXXXXXXXXXXXXXXXXXX="' \ --header 'Content-Length: 280' \ --data-raw '{"groupId":"myGroupId","clientCaseId":"8ebd0f0c-27c4-4f17-8294-aa59408b962e","entityType":"INDIVIDUAL","providerTypes":["WATCHLIST"],"name":"John Doe","nameTransposition":true,"secondaryFields":[{"typeId":"SFCT_1","value":"MALE"}],"customFields":[]}'

The details which you have shared are the request headers, we would also need the response headers of the failed api call along with the request headers and the request body.

Hi again @Prabhjyot

Resuming this discussion, I attach the following data:

I must also mention that we've even changed our implementation by the one provided in the code samples in this developers portal for Java. We've even changed the gatewayUrl from v2 to v1. The result is the same (Http Status 401).

Request Headers are as follows:

[Date: mié, 09 dic 2020 15:06:29 GMT, Cache-Control: no-cache, Content-Type: application/json, Authorization: Signature keyId="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="XXXXXX"]
(I've masked the signature and the Api Key for security reasons)

Request Body:

{"groupId":"XXXXXXXXX","clientCaseId":"d97e41cd-f982-469d-9d4e-e600acf7c0a6","entityType":"INDIVIDUAL","providerTypes":["WATCHLIST"],"name":"Alejandra XXXX","nameTransposition":true,"secondaryFields":[{"typeId":"SFCT_1","value":"UNSPECIFIED"},{"typeId":"SFCT_3","value":"VEN"}],"customFields":[]}

(I've masked the groupId for security reasons)

Http 401 Response Headers (taken by using the very code sample from Developers portal):

[Strict-Transport-Security: max-age=15552000, includeSubdomains, Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length", Transfer-Encoding: chunked, Date: Wed, 09 Dec 2020 15:11:54 GMT, Server: ""]

Please let me know if anything else is required.

@Prabhjyot

Also, when using the sample that is provided here: https://developers.refinitiv.com/content/dam/devportal/api-families/customer-and-third-party-screening/world-check-one-api/downloads/worldcheckoneapi.zip

The result is the same that the one mentioned above (Http Status 401).

The same request in the Postman Collection from the same portal runs OK and returns a valid response with status 200. The problem seems to be connected to the signature methods in java.

Any thoughts on this?

Thanks a lot.

Thanks for your response.

If the request and the response headers provided above are of the same request, then there is a difference of more than 30 seconds in the request and response timestamp. Request you to please adjust your system clock as per NTP. It should work fine, please share the latest request and response headers, if you are still facing the issue.

Please note - the time difference between the request and the response headers should not be more than 30 seconds, else it will result in error 401.