401 Unauthorized on all API Calls (SEQ-1a: Get my top-level groups)

Tried calling the APIs using the Postman collection. Setup my API Key and secret in the variables but always getting a 401 message back.
Best Answer
-
Hi @Irfan.Khan,
I was finally able to resolve it. I downloaded the latest Postman collection from the developer site. Seems like the one I was sent was not functional. Thank you
0
Answers
-
Can you provide me the complete request and response from the postman logs for the failed API call?
You can go to View-> Enable the console logs by clicking Show Console Logs.
0 -
@Mehran.Ahmed Khan here is the Call log:
GET /api-gateway-service-rest/api/v1/groups
Date: Fri, 24 May 2019 13:14:58 GMT
Authorization: Signature keyId="20412123-0ec2-4308-a7c9-eb2f20b3bb16",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="jsqUvr4JKOAdgZklBFOvneYBrmjkKaOkuM8t9IAdfFI="
User-Agent: PostmanRuntime/7.13.0
Accept: */*
Cache-Control: no-cache
Postman-Token: 837f0807-445e-4d45-8dfe-dc8b03650009
Host: rms-world-check-one-api-pilot.thomsonreuters.com
accept-encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 401
status: 401
X-Application-Context: application
Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length
Transfer-Encoding: chunked
Date: Fri, 24 May 2019 13:14:57 GMT
Server: ""0 -
Thanks for sharing the details, Kindly check the URL that is being formed in your request, One way to make sure of this is to check the values for the environment variables "gateway-host", "gateway-url" in your postman environment.
I am copying a sample request & response below for your reference, let me know if you need further assistance in setting up your postman correctly,
GET /v1/groups
Date: Fri, 24 May 2019 13:19:56 GMT
Authorization: Signature keyId="dbbb1639-b83a-496b-b906-0cdf8f5*****",algorithm="hmac-sha256",headers="(request-target) host date",signature="Pnz+TORZqp4teeYup7KGNQCTTfE0mF0JxLcGM46NFtY="
Content-Type: application/json
User-Agent: PostmanRuntime/7.13.0
Accept: */*
Cache-Control: no-cache
Postman-Token: ccc187d0-db78-4d5e-bc89-e7e52aebc2af
Host: rms-world-check-one-api-pilot.thomsonreuters.com
accept-encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200
status: 200
X-Application-Context: application
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Date: Fri, 24 May 2019 13:19:55 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Server: ""
[{"id":"0a3687cf-6334-151a-98e1-0c0800000eba","name":"Internal - Mehran Khan","parentId":null,"hasChildren":true,"status":"ACTIVE","children":[{"id":"0a3687cf-6334-151a-98e1-0c7300000ef9","name":"Internal - Mehran Khan(API)-Screening","parentId":"0a3687cf-6334-151a-98e1-0c0800000eba","hasChildren":false,"status":"ACTIVE","children":[]},{"id":"0a3687cf-6334-151a-98ea-b24200001459","name":"Test 01","parentId":"0a3687cf-6334-151a-98e1-0c0800000eba","hasChildren":false,"status":"ACTIVE","children":[]},{"id":"0a3687cf-65b4-1aaa-99a1-82a200001ea4","name":"Octopus Labs-Demo","parentId":"0a3687cf-6334-151a-98e1-0c0800000eba","hasChildren":false,"status":"ACTIVE","children":[]},{"id":"0a3687cf-65b4-1aaa-99a1-82c100001eaa","name":"Octopus Investements-Demo","parentId":"0a3687cf-6334-151a-98e1-0c0800000eba","hasChildren":false,"status":"ACTIVE","children":[]}]}]0 -
I adjusted the uri based on your comment and I still have the error:
GET /v1/groups
Date: Mon, 27 May 2019 17:27:19 GMT
Authorization: Signature keyId="20412123-0ec2-4308-a7c9-eb2f20b3bb16",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="JfK+b4SNBYTIuQbZvDWjM7Md28ry45KHji//GpgXHvs="
User-Agent: PostmanRuntime/7.13.0
Accept: */*
Cache-Control: no-cache
Postman-Token: 7f150432-4ae4-457d-9144-17c0e2b882d6
Host: rms-world-check-one-api-pilot.thomsonreuters.com
accept-encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 401
status: 401
X-Application-Context: application
Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length
Transfer-Encoding: chunked
Date: Mon, 27 May 2019 17:27:19 GMT
Server: ""0 -
Kindly let us know the best time to discuss this over the call.
Our team is available from Mon-Fri 9AM - 6PM
0 -
I will be available today between 1 and 2pm EST time.
0 -
@ousmane.mbacke Apologies for not mentioning the time zone in which we work. We work from 9 AM to 6 PM IST. So, 1 PM EST is well beyond our work timings.
0 -
wc120pilot20environmentpostman-n-collection.zip
I notice that the Authorization headers you are sending using Postman is incorrect. The Authorization header you are sending is:
Authorization: Signature keyId="20-XXXXXXX-a7c9-eb2f20b3bb16",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="JfK+b4SNBYTIuQbZvDWjM7Md28ry45KHji//GpgXHvs="
The text marked in bold should not be a part of the header, I am not sure why Postman is sending this information.
The correct authorization header should be:
Authorization: Signature keyId="dbbb1639-b83a-496b-b906-0cdf8f5*****",algorithm="hmac-sha256",headers="(request-target) host date",signature="Pnz+TORZqp4teeYup7KGNQCTTfE0mF0JxLcGM46NFtY="
Request you to delete the existing postman collection and environment currently in your Postman app and re import the collection and environment attached in this post and re test again.
Please follow the steps mentioned in the link below:
Kindly let me know if this works.
0 -
Thank you for you participation in the dev community and I am glad to know that the issue is now resolved.
I will accept this answer on your behalf.
Also, for next steps please go through the link below:
If you have further question, feel free to raise a new question in dev com.
0
Categories
- All Categories
- 3 Polls
- 6 AHS
- 36 Alpha
- 166 App Studio
- 6 Block Chain
- 4 Bot Platform
- 18 Connected Risk APIs
- 47 Data Fusion
- 34 Data Model Discovery
- 690 Datastream
- 1.4K DSS
- 629 Eikon COM
- 5.2K Eikon Data APIs
- 11 Electronic Trading
- 1 Generic FIX
- 7 Local Bank Node API
- 3 Trading API
- 2.9K Elektron
- 1.4K EMA
- 255 ETA
- 559 WebSocket API
- 39 FX Venues
- 15 FX Market Data
- 1 FX Post Trade
- 1 FX Trading - Matching
- 12 FX Trading – RFQ Maker
- 5 Intelligent Tagging
- 2 Legal One
- 25 Messenger Bot
- 3 Messenger Side by Side
- 9 ONESOURCE
- 7 Indirect Tax
- 60 Open Calais
- 280 Open PermID
- 45 Entity Search
- 2 Org ID
- 1 PAM
- PAM - Logging
- 6 Product Insight
- Project Tracking
- ProView
- ProView Internal
- 23 RDMS
- 2K Refinitiv Data Platform
- 720 Refinitiv Data Platform Libraries
- 4 LSEG Due Diligence
- LSEG Due Diligence Portal API
- 4 Refinitiv Due Dilligence Centre
- Rose's Space
- 1.2K Screening
- 18 Qual-ID API
- 13 Screening Deployed
- 23 Screening Online
- 12 World-Check Customer Risk Screener
- 1K World-Check One
- 46 World-Check One Zero Footprint
- 45 Side by Side Integration API
- 2 Test Space
- 3 Thomson One Smart
- 10 TR Knowledge Graph
- 151 Transactions
- 143 REDI API
- 1.8K TREP APIs
- 4 CAT
- 27 DACS Station
- 121 Open DACS
- 1.1K RFA
- 106 UPA
- 194 TREP Infrastructure
- 229 TRKD
- 918 TRTH
- 5 Velocity Analytics
- 9 Wealth Management Web Services
- 95 Workspace SDK
- 11 Element Framework
- 5 Grid
- 19 World-Check Data File
- 1 Yield Book Analytics
- 48 中文论坛