401 Unauthorized on all API Calls (SEQ-1a: Get my top-level groups)

Tried calling the APIs using the Postman collection. Setup my API Key and secret in the variables but always getting a 401 message back.

Best Answer

  • ousmane.mbacke
    ousmane.mbacke Newcomer
    Answer ✓

    Hi @Irfan.Khan,

    I was finally able to resolve it. I downloaded the latest Postman collection from the developer site. Seems like the one I was sent was not functional. Thank you

Answers

  • @ousmane.mbacke

    Can you provide me the complete request and response from the postman logs for the failed API call?

    You can go to View-> Enable the console logs by clicking Show Console Logs.

  • @Mehran.Ahmed Khan here is the Call log:

    GET /api-gateway-service-rest/api/v1/groups
    Date: Fri, 24 May 2019 13:14:58 GMT
    Authorization: Signature keyId="20412123-0ec2-4308-a7c9-eb2f20b3bb16",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="jsqUvr4JKOAdgZklBFOvneYBrmjkKaOkuM8t9IAdfFI="
    User-Agent: PostmanRuntime/7.13.0
    Accept: */*
    Cache-Control: no-cache
    Postman-Token: 837f0807-445e-4d45-8dfe-dc8b03650009
    Host: rms-world-check-one-api-pilot.thomsonreuters.com
    accept-encoding: gzip, deflate
    Connection: keep-alive

    HTTP/1.1 401
    status: 401
    X-Application-Context: application
    Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length
    Transfer-Encoding: chunked
    Date: Fri, 24 May 2019 13:14:57 GMT
    Server: ""

  • @ousmane.mbacke

    Thanks for sharing the details, Kindly check the URL that is being formed in your request, One way to make sure of this is to check the values for the environment variables "gateway-host", "gateway-url" in your postman environment.

    I am copying a sample request & response below for your reference, let me know if you need further assistance in setting up your postman correctly,

    GET /v1/groups
    Date: Fri, 24 May 2019 13:19:56 GMT
    Authorization: Signature keyId="dbbb1639-b83a-496b-b906-0cdf8f5*****",algorithm="hmac-sha256",headers="(request-target) host date",signature="Pnz+TORZqp4teeYup7KGNQCTTfE0mF0JxLcGM46NFtY="
    Content-Type: application/json
    User-Agent: PostmanRuntime/7.13.0
    Accept: */*
    Cache-Control: no-cache
    Postman-Token: ccc187d0-db78-4d5e-bc89-e7e52aebc2af
    Host: rms-world-check-one-api-pilot.thomsonreuters.com
    accept-encoding: gzip, deflate
    Connection: keep-alive



    HTTP/1.1 200
    status: 200
    X-Application-Context: application
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: 0
    X-XSS-Protection: 1; mode=block
    X-Frame-Options: DENY
    X-Content-Type-Options: nosniff
    Date: Fri, 24 May 2019 13:19:55 GMT
    Content-Type: application/json;charset=UTF-8
    Transfer-Encoding: chunked
    Server: ""

    [{"id":"0a3687cf-6334-151a-98e1-0c0800000eba","name":"Internal - Mehran Khan","parentId":null,"hasChildren":true,"status":"ACTIVE","children":[{"id":"0a3687cf-6334-151a-98e1-0c7300000ef9","name":"Internal - Mehran Khan(API)-Screening","parentId":"0a3687cf-6334-151a-98e1-0c0800000eba","hasChildren":false,"status":"ACTIVE","children":[]},{"id":"0a3687cf-6334-151a-98ea-b24200001459","name":"Test 01","parentId":"0a3687cf-6334-151a-98e1-0c0800000eba","hasChildren":false,"status":"ACTIVE","children":[]},{"id":"0a3687cf-65b4-1aaa-99a1-82a200001ea4","name":"Octopus Labs-Demo","parentId":"0a3687cf-6334-151a-98e1-0c0800000eba","hasChildren":false,"status":"ACTIVE","children":[]},{"id":"0a3687cf-65b4-1aaa-99a1-82c100001eaa","name":"Octopus Investements-Demo","parentId":"0a3687cf-6334-151a-98e1-0c0800000eba","hasChildren":false,"status":"ACTIVE","children":[]}]}]
  • @Mehran.Ahmed Khan

    I adjusted the uri based on your comment and I still have the error:

    GET /v1/groups
    Date: Mon, 27 May 2019 17:27:19 GMT
    Authorization: Signature keyId="20412123-0ec2-4308-a7c9-eb2f20b3bb16",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="JfK+b4SNBYTIuQbZvDWjM7Md28ry45KHji//GpgXHvs="
    User-Agent: PostmanRuntime/7.13.0
    Accept: */*
    Cache-Control: no-cache
    Postman-Token: 7f150432-4ae4-457d-9144-17c0e2b882d6
    Host: rms-world-check-one-api-pilot.thomsonreuters.com
    accept-encoding: gzip, deflate
    Connection: keep-alive


    HTTP/1.1 401
    status: 401
    X-Application-Context: application
    Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length
    Transfer-Encoding: chunked
    Date: Mon, 27 May 2019 17:27:19 GMT
    Server: ""

  • @ousmane.mbacke

    Kindly let us know the best time to discuss this over the call.

    Our team is available from Mon-Fri 9AM - 6PM

  • Hi @Mehran.Ahmed Khan,

    I will be available today between 1 and 2pm EST time.

  • @ousmane.mbacke Apologies for not mentioning the time zone in which we work. We work from 9 AM to 6 PM IST. So, 1 PM EST is well beyond our work timings.

  • @ousmane.mbacke

    wc120pilot20environmentpostman-n-collection.zip

    I notice that the Authorization headers you are sending using Postman is incorrect. The Authorization header you are sending is:

    Authorization: Signature keyId="20-XXXXXXX-a7c9-eb2f20b3bb16",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="JfK+b4SNBYTIuQbZvDWjM7Md28ry45KHji//GpgXHvs="

    The text marked in bold should not be a part of the header, I am not sure why Postman is sending this information.

    The correct authorization header should be:

    Authorization: Signature keyId="dbbb1639-b83a-496b-b906-0cdf8f5*****",algorithm="hmac-sha256",headers="(request-target) host date",signature="Pnz+TORZqp4teeYup7KGNQCTTfE0mF0JxLcGM46NFtY="

    Request you to delete the existing postman collection and environment currently in your Postman app and re import the collection and environment attached in this post and re test again.

    Please follow the steps mentioned in the link below:

    https://developers.refinitiv.com/customer-and-third-party-screening/world-check-one-api/quick-start?content=9349&type=quick_start

    Kindly let me know if this works.

  • @ousmane.mbacke

    Thank you for you participation in the dev community and I am glad to know that the issue is now resolved.

    I will accept this answer on your behalf.

    Also, for next steps please go through the link below:

    https://developers.refinitiv.com/customer-and-third-party-screening/world-check-one-api/quick-start?content=54647&type=quick_start

    https://developers.refinitiv.com/customer-and-third-party-screening/world-check-one-api/quick-start?content=45260&type=quick_start

    If you have further question, feel free to raise a new question in dev com.