SEQ-5b & SEQ-4a Returning 401

SEQ-4a

Case System ID:
0a3687d0-63f9-1b2e-991b-bb99003c12aa
Data to Sign:
(request-target): post /v1/cases/0a3687d0-63f9-1b2e-991b-bb99003c12aa/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Fri, 06 Jul 2018 10:03:57 GMT
Auth:
Signature keyId="{{api-key}}",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="/aaGesbftj4fzjfz//MRYRMsRvWDMTA2dUSM0dgjVWU="

SEQ-5b

Case System ID:
0a3687d0-63f9-1b2e-991b-bb99003c12aa
Data To Sign:
(request-target): get /v1/cases/0a3687d0-63f9-1b2e-991b-bb99003c12aa/results
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Fri, 06 Jul 2018 10:08:54 GMT
Auth:
Signature keyId="{{api-key}}",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="23AQyY0At7IPvrtsYsrqLvWYl7bovq2vYgKdm+sXmf8="

I've been happily using SEQ-1a, SEQ-2a and SEQ-2c with no issues so I'm fairly confident in my hmac generation. Is there something else I'm missing?

Best Answer

  • Irfan.Khan
    Irfan.Khan LSEG
    Answer ✓

    @mspicer ,

    I concur that the HMAC signature is correct.

    The issue is with the authorization header you are sending. Kindly note although this is a POST request, we do not expect you to send the content-type and content-length in it.

    So for when hitting the endpoint "screeningRequest", please make sure the auth headers are in the below format:

    Signature keyId="{{api-key}}",algorithm="hmac-sha256",headers="(request-target) host date",signature="{{HMAC-SIGNATURE}}"

    When hitting the endpoint results, please make sure the auth headers are as below:

    Signature keyId="{{api-key}}",algorithm="hmac-sha256",headers="(request-target) host date",signature="{{HMAC-SIGNATURE}}"

    I think this should fix the error 401 you are getting.

Answers