SEQ-4a Post Screen a case get Error 401 Unauthorized

Hi, Try to implement Screen a case like sample SEQ-4a. Post request get Error 401 Unauthorized. I find the sample authorisation header string does not contains content-type and content-length as described as in the Quick Start. My question is if this is the matter for the case. Please help. Thanks. John

Best Answer

  • brian.bourgault
    Answer ✓

    Hi John,

    There are a number of reasons you may receive a 401 status. Note some of the PUT/POST requests do no have a body, hence do not require content length... I suggest, if possible, share the code you wrote that is not working...also note that one of your groups is setup as a Zero Footprint group and so screening a case will not be permitted in that group, use one of the other groups you've setup.

    Brian

Answers

  • Hi Brian,

    I use the postman default group id in the pilot environment.

    Please check the source code as
    below, for the function of “Save a simple case”

    // -----------------------

    procedure
    TForm2.btSaveasimplecaseClick(Sender: TObject);

    var

    response : string;

    RequestBody :
    TstringStream;

    tt : TBytes;

    dataToSign, strdatetime :
    string;

    thedate : tdatetime;

    const

    strbody='{
    "entityType": "INDIVIDUAL", "groupId":"418f28a7-b9c9-4ae4-8530-819c61b1ca6c","providerTypes":
    ["WATCHLIST"], "name": "John Doe"}';


    strbaseurl='https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases';

    begin

    thedate:=now-(13/24); // get server time , the offset of the time
    different is 13 hours

    strdatetime:=
    formatdatetime('ddd, dd mmm yyyy hh:mm:ss "GMT"',thedate);

    edtdate.Text:=strdatetime;
    // display purpose – date string

    dataToSign:=
    '(request-target): post /v1/cases'+#10 +'host:
    rms-world-check-one-api-pilot.thomsonreuters.com' +#10+'date:
    '+strdatetime+#10+'content-type: application/json'+#10+'content-length: '+


    inttostr(length(strbody))+#10+strbody;


    msignstring.Lines.Text:=datatosign; // Sign string -- display purpose


    tt:=System.Hash.THashSHA2.GetHMACasBytes(dataToSign,APIsecret,SHA256);

    edtsignatures.text:=EncodeBase64(tt,length(tt));
    // signature string - display purpose

    edtauth.Text:='Signature
    keyId="a4364e62-e58b-4b64-9c71-faead5417557",algorithm="hmac-sha256",headers="(request-target)
    host date content-type
    content-length",signature="'+edtsignatures.text+'"';
    // authorization string


    edit1.Text:=inttostr(length(strbody)); //
    content -length

    RequestBody :=
    TStringStream.Create(strbody, TEncoding.UTF8);

    RequestBody.Position :=
    0;

    try


    IdHTTP1.Request.CustomHeaders.Clear;


    IdHTTP1.Request.Method:=Id_HTTPMethodPost;


    IdHTTP1.Request.ContentType := 'application/json';


    IdHTTP1.Request.CustomHeaders.AddValue('cache-control', 'no-cache');


    IdHTTP1.Request.CustomHeaders.AddValue('authorization',edtauth.Text);

    IdHTTP1.Request.CustomHeaders.AddValue('date',
    strdatetime);


    IdHTTP1.Request.CustomHeaders.AddValue('content-type', 'application/json');


    IdHTTP1.Request.CustomHeaders.AddValue('content-length',
    inttostr(length(strbody)));

    try


    IdHTTP1.Post(strbaseurl, RequestBody);

    except

    on
    e:EIdHTTPProtocolException do


    begin


    showmessage(e.ErrorMessage+' .. '+ e.Message );


    end;

    on
    e:exception do


    showmessage(e.Message);

    end;


    memo1.Lines.text:=IdHTTP1.ResponseText;

    finally


    RequestBody.Free;

    end;

    end;

    // --------------------- end of code ---------------

    Sign string:

    (request-target): post /v1/cases

    host:
    rms-world-check-one-api-pilot.thomsonreuters.com

    date: Mon, 09 Jan 2017 23:38:56
    GMT

    content-type: application/json

    content-length: 130

    { "entityType":
    "INDIVIDUAL",
    "groupId":"418f28a7-b9c9-4ae4-8530-819c61b1ca6c","providerTypes":
    ["WATCHLIST"], "name": "John Doe"}


    Signature:

    QldTAT5loM20vBrFMBZg1ErrnYnrVtPcx+ZpxQKjkqo=

    Authorization:

    Signature
    keyId="a4364e62-e58b-4b64-9c71-faead5417557",algorithm="hmac-sha256",headers="(request-target)
    host date content-type
    content-length",signature="QldTAT5loM20vBrFMBZg1ErrnYnrVtPcx+ZpxQKjkqo="

    Date:

    Sun, 08 Jan 2017 21:52:47 GMT

    Content Length:

    130

    Response:

    HTTP/1.1 400 Bad Request

    Any ideal? Thanks

  • Thanks Brian for the reply. I use the postman default group-id.

  • Hi, i have found the problem and got this issue resolved. Basically it is the the HTTP component bug does not stream string parameters in order. Also there is another reasons cause the body string not compatible with the REST server. Thanks a lot for the help. John