HSBC - Error with HTTP Message: Unauthorized

jcgarcia
jcgarcia Newcomer
in World-Check One

Hi, I send this message header for the first step to obtain the group-id

(request-target): post https://rms-world-check-one-api-pilot.thomsonreuters.com:443/v1/groups
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Fri, 28 Apr 2017 01:31:26


Authorization:

Signature keyId="509f9b54-4182-XXXX-XXX-XXXXXXX", algorithm="hmac-sha256", headers="(request-target) host date content-type content-length", signature="zgRnHs4/3zt8ycrhN+fYS/K6PAbKJVY+fw9Q9MAfs="

Hi, I am from HSBC Argentina, we are trying to access the World-Chech-One.
I received the API-KEY and Secret-API credentials on Wednesday to be able to generate the authorization header. But we can not make it work gives me the error "401 Unauthorized.

Could I review the request I send with someone from privately to see that I am sending wrong.

Thank you very much.

Tagged:

Best Answer

Answers

  • rodney.mcclean01
    rodney.mcclean01 LSEG

    Hi @jcgarcia,

    did you try standard settings in the Postman collection before changing to your own API and API secret ?

    That should work without any changes, then change the values in Postman to be your own API and API secret.

    Once that's working you can see what the valid authorization should look like.

  • jcgarcia
    jcgarcia Newcomer

    Yes, I have postman in Chrome because here at HSBC we cant download the Windows Version, we dont have permissions to do that.

    This is the configuration that I have in Postman:

    POST /v1/groups HTTP/1.1
    Host: rms-world-check-one-api-pilot.thomsonreuters.com
    Date: Fri, 16 Dec 2016 12:34:45 GMT
    Content-Type: application/json
    Content-Length: 158
    Authorization: Signature keyId="a4364e62-e58b-4b64-9c71-faead5417557",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="TBFK7xyK+Wdk7J8g/OVhxC+NfhC92YM/tvFWrXFo/EQ="
    Cache-Control: no-cache

    The body must go empty "{ }" right?

    Thanks.

  • jcgarcia
    jcgarcia Newcomer

    image

    image

    Hi, I downloaded the latest version of Postman for Windows.

    I sent a Signature that you gave me in another mail.
    Also I'm having problem because I still received 401 Authentication error.

    I attached 2 captures images from Postman and the text with the headers


    • Request
      Headers:
      • cache-control:"no-cache"
      • Postman-Token:"ee4772ce-908d-489b-a909-7469092c0120"
      • Authorization:"Signature
        keyId="504459e4-f5c4-4368-ba20-6968b335580f",algorithm="hmac-sha256",headers="(request-target)
        host date",signature="Qwdo6QHZyAXtcWvwN5igKrnSkbCNMPz4KKiOY6Q57Os=""
      • Date:"Wed, 03 May 2017 14:29:59
        GMT"
      • Host:"rms-world-check-one-api-pilot.thomsonreuters.com"
      • User-Agent:"PostmanRuntime/3.0.11-hotfix.2"
      • Accept:"*/*"
      • accept-encoding:"gzip, deflate"
      • Response
        Headers:
        • authorization:"WWW-Authenticate:
          Signature realm="World-Check One
          API",algorithm="hmac-sha256",headers="(request-target) host
          date content-type content-length"
        • date:"Wed, 03 May 2017 14:29:59
          GMT"
        • server:"Apache-Coyote/1.1"
        • transfer-encoding:"chunked"
        • x-application-context:"bootstrap"

    Could you help me please I cant pass the first call.

    Thanks.

  • Tomasz.Niestoruk
    Tomasz.Niestoruk LSEG

    Client was given an answer outside of Q&A due to the sensitivity of the information. I will check if the answer can be posted here without compromising it, if not the question will be made private or deleted.

Categories