World Check One API Case Screening 401 Unauthorized.

I am working on the integration World Check One API call into the system. I had tried to use Postman with provided WC1 Pilot environment to perform same API call and it able to create the case. I had followed the API sample for c# and it still gives me 401 unauthorized response.
I am here providing code which is being generated using the postman and the same being generated from my code for the same timestamp.
c#
hmac
ymqgJIb9H4ETpJiu/T1MsdyBXD+n6qL1/NUVQFBVufc=
c# datatosign
(request-target): post /v1/cases
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Sun, 12 Aug 2018 07:51:57 GMT
content-type: application/json
content-length: 122
{"entityType":"INDIVIDUAL","groupId":"0a3687d0-64a6-1d01-9945-119200000daf","providerTypes":["WATCHLIST"],"name":"Bashar"}
c# authorisation
Signature keyId="xxxxxxxxxxxxxx",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="ymqgJIb9H4ETpJiu/T1MsdyBXD+n6qL1/NUVQFBVufc="
-------------------
POSTMAN
var settings = {
"async": true,
"crossDomain": true,
"url": "https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/groups/0a3687d0-64a6-1d01-9945-119200000daf",
"method": "GET",
"headers": {
"Date": "Sun, 12 Aug 2018 07:51:57 GMT",
"Authorization": "Signature keyId=\\\"xxxxxxxxxxx\\\",algorithm=\\\"hmac-sha256\\\",headers=\\\"(request-target) host date\\\",signature=\\\"ZwkG6dSdRE9EZS8N6iU7AbCIyuQfRhA15AOund+LaBg=\\\"",
"Cache-Control": "no-cache",
"Postman-Token": "d7a01eda-e360-4a39-9d8d-c298a2ed4d5b"
}
}
Best Answer
-
cusersu6068964downloadsapirequestsc.zip@ziad.abourizk
Can you please confirm the API call you are making so that I can assist you?
I see you are trying to save a case (API call- SEQ-2c: Save a case: Individual) when using your C# code, but see you are calling the API request -"SEQ-4a: Screen a case" in the Postman console.
As this is your first attempt, I would like to state that ideally the users start with a GET request to make sure the HMAC generation is correct and then move on to the complex POST requests.
I am attaching few sample code requests in C# (also available in the download section of the developer community) for your reference.
Attachment has one get request and one post request sample code.
Kindly note the code sample provided is to just guide the developers on how to generate successful requests and expect our clients to design their own code to suit their use case.
0
Answers
-
I see the postman code shared is for the API call "SEQ-1b: Get a specific group by ID" while the C# data to sign value, c# HMAC and c# authorisation is for the API call "SEQ-2c: Save a case: Individual", so the HMAC signature for both the API calls will always be different.
That being said, I will try provide reason why the clients get 401 response code for the API call "SEQ-2c: Save a case: Individual" (POST).
Generally the users encounter 401 for the below reasons:
Incorrect data to sign value: This seems to be perfect and in correct format as per the example shared by you.
Authorisation: This is correct too.
HMAC signature: This seems to be incorrect as I used your account credentials to call the "SEQ-2c: Save a case: Individual" and see that the HMAC is different. The content length your code is calculating for the payload you are sending in your request seems to be incorrect too. Your code should be able to calculate the content length correctly to avoid the 401 unauthorized issue.
There can be two reasons why are you getting an incorrect HMAC:
1. Your code is generating an incorrect HMAC-BASE64 signature even though the data to sign value and the API secret being provided to the HMAC-BASE 64 function is correct.
2. The content length your code is calculating for the payload is incorrect which is leading to incorrect HMAC signature.
Can you please confirm if you are successfully able to make any GET request using your code? Has your HMAC worked for any of the requests till now?
Can you compare the content length being generated using your code and by postman and see if they are the same? For this make share you are using the same payload with exact spaces and characters in both postman and your code. If you see there is a difference in the content in both cases, this must be the reason for 401.
You can use the below code to calculate the content length in your code.
string postData = "{\"secondaryFields\":[],\"entityType\":\"INDIVIDUAL\",\"customFields\":[],\"groupId\":\"XXXXXXXXXXXXX\",\"providerTypes\":[\"WATCHLIST\"],\"name\":\"乔治布什\"}";
//Console.WriteLine(postData.Length);
string msg = postData;
//Console.WriteLine(msg);
UTF8Encoding encoding = new UTF8Encoding();
byte[] byte1 = encoding.GetBytes(postData);
WebReq.ContentLength = byte1.Length;Please use byte1.Length in the data to sign variable for the value of content length.
0 -
Thank you very much Irfan Khan, I got the result.
0 -
I am glad that I was able to help you with this
0 -
I saw the Get and Post sample and its working in my c#. But when I try to screen a case, I am getting 401 error.
I just changed the requestendpoint url to this
string requestendpoint = "https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases/screeningRequest";Is there any thing else need to change.
My Hmac
+2zFCEhd5EEbi4Q2PVGhOXGhaEB22I6GK3X5IL2Gv4s=
Getting error
: 'The remote server returned an error: (401) Unauthorized.'
0 -
Kindly note for screening request API, we do not expect content length and content type to be sent in the authorization headers and in the data to sign variable, even though it is a POST request.
Data to sign variable should give the output in the below format:
(request-target): post /v1/cases/{{case-system-id}}/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Sun, 12 Aug 2018 07:51:57 GMTPlease note {{case-system-id}} here should be replaced by the case system Id that was received in the JSON response when the API call "Save a case".
Authorization should be in the below format:
Signature keyId="XXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date",signature="DiInIutjPgjQ2eeKs7GPKQzrmxl57n15ah5ghEu1oik="
Also, the URL should be:
Here again the {{case-system-id}} should be replace by the case -system-id
So assuming {{case-system-id}} = 0a3687d0-6334-14b4-98d0-eab00000694d
The data to sign value should be:
(request-target): post /v1/cases/0a3687d0-6334-14b4-98d0-eab00000694d/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Sun, 12 Aug 2018 07:51:57 GMTThe URL should be:
Also, you can always compare the kind of data to sign variable and the authorization header you have to send for each API call using the "code" section of Postman or the pre request script of Postman.
Kindly let me know if you need further clarification on this.
0 -
Thank you @Irfan.Khan
So for each screening request, I should get the case Id first using the Save a Case API request, right ?
In my application I have to scan customers and organization. So for each one, I will create an API request for "Save A Case", then "Screen Case".
And can I reuse the case id for the next screen request? I mean I will get a case id and I use it on screening, and for the next screening I can use the same case id or I need to call the save a case again?
Also do you have any API which I can pass multiple case id and get results.
Thanks,
0 -
Thank you @Irfan.Khan
So for each screening request, I should get the case Id first using the Save a Case API request, right ?
In my application I have to scan customers and organization. So for each one, I will create an API request for "Save A Case", then "Screen Case".
And can I reuse the case id for the next screen request? I mean I will get a case id and I use it on screening, and for the next screening I can use the same case id or I need to call the save a case again?
Also do you have any API which I can pass multiple case id and get results.
Thanks,
0 -
@Irfan.Khan , still (401) Unauthorized.
(request-target): post /v1/cases/0a3687d0-6334-14b4-98d0-eab00000694d/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Mon, 13 Aug 2018 18:06:13 GMT
{"secondaryFields":[],"entityType":"INDIVIDUAL","customFields":[],"groupId":"0a3687d0-64a6-1d01-9945-119200000daf","providerTypes":["WATCHLIST"],"name":"Bashar"}HMAC
qrw1bRpP1ZWrZ4wyIxNhlDdgaz7mQeI8D5oaFQU1Tzw=headers=\"(request-target) host date\",
Thanks,
0 -
Please find the sequence of API calls in order to screen a case successfully and view the matches of the case below.
1. SEQ-1a: Get my top-level groups: This API call provides you the list of group Id available in your account.
2. SEQ-1c: Get the case template for a group: This API call provides the custom fields and secondary fields which can be used in step 3 to save a case.
3. SEQ-2c: Save a case: Individual: This API call saves the case with the payload/body sent in the request and returns a JSON response with the case -system-id. This call creates an entry but does not screen the case. The case-system-id is a unique identifier for each case generated by the system so that you can use it perform operations on it at a later stage.
4. SEQ-4a: Screen a case: Use the case-system-id obtained in step 3 to screen a case by calling this API.
5. SEQ-8: Retrieve the audit log for a case: Use the case-system-id to find out if the case has been screened or not by calling this API. To know more about audit API. Please refer to the link below:
https://community.developers.refinitiv.com/questions/26633/statuscode-1.html
5. SEQ-5b: Get screening results: If the case has been screened, use this API to get the list of all the matches populated due to screening the case. You have the case-system-id to pull the results of the associated case. It should be the same case-system-id that was returned when the case was saved in step 3.
6. SEQ-5c: Get a World-Check profile: Use the attribute ''referenceId' returned in the JSON response of step 5 to pull the entire world check profile of the match to identify if the match is a false positive, hit/no hit, etc.
You can also refer to the link below for more detailed info on how to screen cases using the API.
The above steps are used to screen cases asynchronously and the above sequence has to be followed.
This was to help you give you an idea of how screening is performed using the API. Let me answer your questions in the next answer I post.
0 -
Please find the answer to your questions below:
So for each screening request, I should get the case Id first using the Save a Case API request, right ?
[Ans by Irfan]: Yes, you have save the case first to obtain a case-system-Id and then use the case-system-Id to screen the case or obtain the results after screening the case. Lets think of a case-system-id as an unique identifier that identifies each case that you save uniquely and refer them at a later point of time using the same case-system-Id.
In my application I have to scan customers and organization. So for each one, I will create an API request for "Save A Case", then "Screen Case".
[Ans by Irfan]: Yes, you have to create a new case for each entity name (individual/organization) and screen them after the case has been saved.
And can I reuse the case id for the next screen request? I mean I will get a case id and I use it on screening, and for the next screening I can use the same case id or I need to call the save a case again?
[Ans by Irfan]: Are you trying to re screen the same case again and do not want to create a new case? If yes, then you can use the case-system-Id. If you are trying to screen a new entity name, then you have to save that case which will give a new case-system-Id and then screen the case using the obtained case-system-id.
Also do you have any API which I can pass multiple case id and get results.
[Ans by Irfan]: Kindly note "Screening result" API uses the case-system-id and not the case-id to fetch the results of a case. No, we do have an API to get results for multiple case-system-ids.
0 -
(request-target): post /v1/cases/0a3687d0-6334-14b4-98d0-eab00000694d/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Mon, 13 Aug 2018 18:06:13 GMT
{"secondaryFields":[],"entityType":"INDIVIDUAL","customFields":[],"groupId":"0a3687d0-64a6-1d01-9945-119200000daf","providerTypes":["WATCHLIST"],"name":"Bashar"}HMACqrw1bRpP1ZWrZ4wyIxNhlDdgaz7mQeI8D5oaFQU1Tzw=
headers=\"(request-target) host date\",
As reported by you, I see you are sending the above parameters in your request to screen a case.
Please note this POST request does not need a payload so you should not be using the below payload/body at all. This information has already been given to us when you saved the case with the same payload.
{"secondaryFields":[],"entityType":"INDIVIDUAL","customFields":[],"groupId":"0a3687d0-64a6-1d01-9945-119200000daf","providerTypes":["WATCHLIST"],"name":"Bashar"}
So your data to sign value should be
(request-target): post /v1/cases/0a3687d0-6334-14b4-98d0-eab00000694d/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Sun, 12 Aug 2018 07:51:57 GMTThe authorization should be in the below format.
Signature keyId="XXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date",signature="DiInIutjPgjQ2eeKs7GPKQzrmxl57n15ah5ghEu1oik="
Kindly note you should be using the case-system-Id that was obtained when saving the case. The case-system-Id: 0a3687d0-6334-14b4-98d0-eab00000694d that I am using is just for an example and you should be using the case-system-Id associated to your case to get the correct result.
Case-system-Id are unique for each case and for each group and for each account, so always use the correct case-system-Id associated to your case, belonging to your group and account to screen the case.
0 -
Thank you @Irfan.Khan
I changed my code as per your steps.
dataToSign
(request-target): post/v1/cases/0a3687d0-6523-15e6-994d-df2200007c03/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Tue, 14 Aug 2018 08:32:07 GMTauthorization
Signature keyId="xxx",algorithm="hmac-sha256",headers="(request-target) host date",signature="po/m3y0aRZiI95U24isC5Wj8Z2glYh0JigJTjMdSokE="
I removed the contentLength from HttpWebRequest.
requestendpoint
Still getting 401 !
0 -
Can you try with a space after post in the data to sign value you are creating?
Your dataToSign
(request-target): post/v1/cases/0a3687d0-6523-15e6-994d-df2200007c03/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Tue, 14 Aug 2018 08:32:07 GMTThe dataToSign to be used: (there is a space after post)
(request-target): post /v1/cases/0a3687d0-6523-15e6-994d-df2200007c03/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Tue, 14 Aug 2018 08:32:07 GMTKindly let me know if that works for you.
0 -
@Irfan.Khan
Thank you for pointing that. After putting space the 401 error gone !
But I am getting empty result. I used the following Request.
HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create(requestendpoint);
// Set the Headers
WebReq.Method = "POST";
WebReq.Headers.Add("Authorization", authorisation);
WebReq.Headers.Add("Cache-Control", "no-cache");
WebReq.Date = dateValue;The jsontxt is Empty
Thank you.
0 -
The Screen a case API does not return any JSON response. It returns only the response code 201 Created. This is the reason why the jsontxt is empty.
The screen a case API not returning JSON is an expected response.
Returning a 201 response code means the request to screen the case has been submitted to the system and the case will be screened at a later time depending on the load capacity of the WC1 system.
Please refer to the API documentation for more information on the kind of responses we send for each API call.
0 -
Thanks, Can you please guide me to code the Audit List API and the Result API.
I am copying from Postman but the result API gives me 401.
dataToSign
(request-target): post /v1/cases/0a3687cf-6523-1341-994d-f04d00007956/results
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Tue, 14 Aug 2018 15:07:20 GMTAlso can you just provide me link to download the API documentation link same like the one you provided in this picture
/storage/attachments/2120-cusersu6068964picturesstatus-code.png
Thanks
0 -
In my application I have to screen a party and get the result and based on that we will activate the party. So I am following these steps.
1. Get groupId and store for all future screening request. (one time)
2. Get Case System Id for a Customer (cases) (one time and store in customer master) and for future screening request I am taking the same case system Id from the Customer master. Is this a good method or do I need to generate case system id every time?
3. Screen Case (screeningRequest)
4. Get Result (results)
is this process ok? or is there a better way ?
thanks
0 -
Are you still facing a 401 for the screening result API? Kindly confirm so that I can assist you.
You can download the API documentation 1.5 from the link below. The name of the file to be downloaded is "World-Check One API Documentation 1.5"
Once downloaded. please refer the wc1-api-schema-reference-documentation.html file to view the API schema of all the API request.
0
Categories
- All Categories
- 3 Polls
- 6 AHS
- 36 Alpha
- 166 App Studio
- 6 Block Chain
- 4 Bot Platform
- 18 Connected Risk APIs
- 47 Data Fusion
- 34 Data Model Discovery
- 690 Datastream
- 1.4K DSS
- 629 Eikon COM
- 5.2K Eikon Data APIs
- 11 Electronic Trading
- 1 Generic FIX
- 7 Local Bank Node API
- 3 Trading API
- 2.9K Elektron
- 1.4K EMA
- 255 ETA
- 559 WebSocket API
- 39 FX Venues
- 15 FX Market Data
- 1 FX Post Trade
- 1 FX Trading - Matching
- 12 FX Trading – RFQ Maker
- 5 Intelligent Tagging
- 2 Legal One
- 25 Messenger Bot
- 3 Messenger Side by Side
- 9 ONESOURCE
- 7 Indirect Tax
- 60 Open Calais
- 280 Open PermID
- 45 Entity Search
- 2 Org ID
- 1 PAM
- PAM - Logging
- 6 Product Insight
- Project Tracking
- ProView
- ProView Internal
- 23 RDMS
- 2K Refinitiv Data Platform
- 719 Refinitiv Data Platform Libraries
- 4 LSEG Due Diligence
- LSEG Due Diligence Portal API
- 4 Refinitiv Due Dilligence Centre
- Rose's Space
- 1.2K Screening
- 18 Qual-ID API
- 13 Screening Deployed
- 23 Screening Online
- 12 World-Check Customer Risk Screener
- 1K World-Check One
- 46 World-Check One Zero Footprint
- 45 Side by Side Integration API
- 2 Test Space
- 3 Thomson One Smart
- 10 TR Knowledge Graph
- 151 Transactions
- 143 REDI API
- 1.8K TREP APIs
- 4 CAT
- 27 DACS Station
- 121 Open DACS
- 1.1K RFA
- 106 UPA
- 194 TREP Infrastructure
- 229 TRKD
- 918 TRTH
- 5 Velocity Analytics
- 9 Wealth Management Web Services
- 95 Workspace SDK
- 11 Element Framework
- 5 Grid
- 19 World-Check Data File
- 1 Yield Book Analytics
- 48 中文论坛