First things I want to say our mechanism works for "GET" calls, where we are not submitting data, however on making a POST call using the same hashing routine we have developed, and using the following signature data
(request-target): post /v1/cases
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Wed, 28 Sep 2016 14:26:28 GMT
content-type: application/json
content-length: 191
We are not able to authenticate successfully. All we have done is adapted the routine to add the current content type and content length of the request to the hash computation, so the existing working computation should work fine. We have verified that the content type header matches what is submitted (it does) and the content-length header matches what is in the signature and also matches the size of the request body (191 bytes) the API call is posting the correct JSON.
Here are the HTTP headers in question
Request:
POST /cases
cache-control: no-cache
content-type: application/json
content-length: 191
authorization: Signature keyId="{key}",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="{signature}"
date: Wed, 28 Sep 2016 14:26:28 GMT
Accept: application/json
Any ideas?
