Keep getting 401 in zero footprint synchronous screening api hit through postman

vijay23
vijay23 Newcomer
in World-Check One

I am following this documentation: https://developers.thomsonreuters.com/customer-and-third-party-screening/world-check-one-zero-footprint-screening-api/quick-start

Able to find the groupId from first step. But Step 2 for entity screen keeps giving me 401 error

Tagged:

Best Answer

  • Mehran.Ahmed Khan
    Mehran.Ahmed Khan LSEG
    Answer ✓

    As confirmed on the meeting , this issue has been resolved by downloading the correct postman collection of World-Check One API

Answers

  • vijay23
    vijay23 Newcomer

    My request looks like this:

    curl -X POST \
    https://zfs-world-check-one-api-pilot.thomsonreuters.com/v1/cases/screeningRequest \
      -H 'Authorization: Signature keyId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="xxxxxxx"' \
      -H 'Content-Length: 174' \
      -H 'Content-Type: application/json' \
      -H 'Date: Mon, 11 Feb 2019 06:22:35 GMT' \
      -H 'cache-control: no-cache' \
      -d '{
      "groupId":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
      "entityType": "INDIVIDUAL",
      "providerTypes": [
        "WATCHLIST"
      ],
      "name": "John Smith",
      "secondaryFields":[]
    }'
  • Mehran.Ahmed Khan
    Mehran.Ahmed Khan LSEG

    @vijay23

    Can you please provide me with the response headers as well?

    Also, Can you please mention the date when you received the API key & Secret to ZFS pilot instance?

    Regards,

    Mehran Khan

  • vijay23
    vijay23 Newcomer

    API key and secret were received on 1st Feb.

    Request from postman console:

    POST /v1/cases/screeningRequest
    Date: Mon, 11 Feb 2019 07:37:01 GMT
    Content-Type: application/json
    Authorization: Signature keyId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="xxxxxxx="
    Content-Length: 174
    cache-control: no-cache
    Postman-Token: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    User-Agent: PostmanRuntime/7.6.0
    Accept: */*
    Host: zfs-world-check-one-api-pilot.thomsonreuters.com
    accept-encoding: gzip, deflate

    { "groupId":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "entityType": "INDIVIDUAL", "providerTypes": [ "WATCHLIST" ], "name": "John Smith", "secondaryFields":[] }

    Response from postman console:

    HTTP/1.1 401
    status: 401
    Content-Type: application/json
    Content-Length: 2
    Connection: keep-alive
    Date: Mon, 11 Feb 2019 07:37:02 GMT
    x-amzn-RequestId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    x-amzn-ErrorType: AccessDeniedException
    x-amz-apigw-id: xxxxxx
    X-Cache: Error from cloudfront
    Via: 1.1 7a9b0a23f7c6fe6c2e662de66ef2e630.cloudfront.net (CloudFront)
    X-Amz-Cf-Id: xxxxxx

    []
  • Mehran.Ahmed Khan
    Mehran.Ahmed Khan LSEG
    @vijay23

    Hi ,

    After further investigation i found that the syfe is subscribed to the World-Check One API access and not World-Check One Zero Footprint, can you please replace the host to rms-world-check-one-api-pilot.thomsonreuters.com and retry the request ?

    Regards,

    Mehran Khan

  • vijay23
    vijay23 Newcomer

    @Mehran.Ahmed Khan Still getting 401. Postman console log of new request shared below:

    POST /v1/cases/screeningRequest
    Date: Tue, 12 Feb 2019 04:36:38 GMT
    Content-Type: application/json
    Authorization: Signature keyId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="xxxxxxxx"
    Content-Length: 174
    cache-control: no-cache
    User-Agent: PostmanRuntime/7.6.0
    Accept: */*
    Host: rms-world-check-one-api-pilot.thomsonreuters.com
    accept-encoding: gzip, deflate


    { "groupId":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "entityType": "INDIVIDUAL", "providerTypes": [ "WATCHLIST" ], "name": "John Smith", "secondaryFields":[] }


    HTTP/1.1 401
    status: 401
    X-Application-Context: application
    Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length
    Transfer-Encoding: chunked
    Date: Tue, 12 Feb 2019 04:36:38 GMT
    Server: ""
  • Mehran.Ahmed Khan
    Mehran.Ahmed Khan LSEG

    @vijay23

    Hi,

    I am investigating this further , let me get back to you shortly.

    Regards,

    Mehran Khan

  • Mehran.Ahmed Khan
    Mehran.Ahmed Khan LSEG

    @vijay23

    Hi,

    I tried to screen the entity mentioned above using your account and I successfully screened the entity, below are the request and response for the same, I would like to have a screen sharing session with you tomorrow, let me know the feasible time so that we can sort this issue for you at the earliest. I would like to verify the HMAC generated at your end.

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

      • Request Headers:
        • Date:"Tue, 12 Feb 2019 08:09:08 GMT"
        • Content-Type:"application/json"
        • Authorization:"Signature keyId="****************************",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="********************************************""
        • Content-Length:"169"
        • cache-control:"no-cache"
        • Postman-Token:"638e0f5d-1d03-4870-95d2-1eac8d655e42"
        • User-Agent:"PostmanRuntime/7.6.0"
        • Accept:"*/*"
        • Host:"rms-world-check-one-api-pilot.thomsonreuters.com"
        • accept-encoding:"gzip, deflate"

      • Request Body:

      • Response Headers:
        • X-Application-Context:"application"
        • Cache-Control:"no-cache, no-store, max-age=0, must-revalidate"
        • Pragma:"no-cache"
        • Expires:"0"
        • X-XSS-Protection:"1; mode=block"
        • X-Frame-Options:"DENY"
        • X-Content-Type-Options:"nosniff"
        • Date:"Tue, 12 Feb 2019 08:09:19 GMT"
        • Content-Type:"application/json;charset=UTF-8"
        • Transfer-Encoding:"chunked"
        • Server:""""

      • Response Body:
        • caseId:"d8e5982c-fe83-4c86-8939-9b89a94*****"

        • results
      XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    • vijay23
      vijay23 Newcomer

      @Mehran.Ahmed Khan Sure, I am available anytime between 11 AM IST to 3 PM IST tomorrow. Let me know what time suits you best. Let me know your email id or email me on the id associated with this account for scheduling a call.

    • Mehran.Ahmed Khan
      Mehran.Ahmed Khan LSEG

      @vijay23

      Hi,

      I have sent out the meeting invite for 1PM IST as requested.

      Regards,

      Mehran Khan

    Categories