Content Length Header already present

Options

Hi,

The url i'm using is: https://api-worldcheck.refinitiv.com/v2/cases/screeningRequest

And my header are:

Content-Type: application/json

Authorization: XXXXXX

Content-Length: 255

And the payload is:

{

"groupId": "5jb6nlmky7ma1fznxdeemjygm",

"entityType": "INDIVIDUAL",

"caseId": "",

"providerTypes": [

"WATCHLIST"

],

"name": "{{issue.summary}}",

"nameTransposition": false,

"secondaryFields": [],

"customFields": []


}

However I am prompted with "Content Length Header already present" and if I remove this header, I am then prompted with error 401:

Date: Wed, 22 Sep 2021 02:39:17 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Strict-Transport-Security: max-age=15552000, includeSubdomains

Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length"


Any ideas?

Welcome!

It looks like you're new here. Sign in or register to get started.

Best Answer

  • Hi @fjhumka

    Please find the sample request:

    curl --location --request POST 'https://api-worldcheck.refinitiv.com/v2/cases/screeningRequest'; \

    --header 'Date: Thu, 23 Sep 2021 07:27:59 GMT' \

    --header 'Content-Type: application/json' \

    --header 'Authorization: Signature keyId="YOUR API KEY",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="a3LucKET/dt9cTFc/WE6FVCIvEecxiPq1FsbceM8UgI="' \

    --header 'Content-Length: 101' \

    --data-raw '{

    "groupId": "5jb707er6nj51fj1qcpj7nz4z",

    "entityType": "INDIVIDUAL",

    "caseId": "",

    "providerTypes": [

    "WATCHLIST"

    ],

    "name": "John Smith",

    "nameTransposition": false,

    "secondaryFields": [],

    "customFields": []

    }'

    Also find the pre-scripts which will help you to generate the signature:


    function generateAuthHeader(dataToSign) {

    var hash = CryptoJS.HmacSHA256(dataToSign, environment["api-secret"]);

    return hash.toString(CryptoJS.enc.Base64);

    }


    function isEnvValuePopulated(envVal) {

    if (_.isEmpty(pm.environment.get(envVal))) {

    pm.environment.set(envVal, "--REQUIRED-VALUE-MISSING--");

    return false;

    } else {

    return true;

    }

    }


    isEnvValuePopulated("group-id");


    var date = new Date().toGMTString();

    var content = request.data;

    content = content.replace("{{group-id}}", environment["group-id"]);


    var contentLength = unescape(encodeURIComponent(content)).length;


    var dataToSign = "(request-target): post " + environment["gateway-url"] + "cases/screeningRequest\n" +

    "host: " + environment["gateway-host"] + "\n" +

    "date: " + date + "\n" +

    "content-type: " + environment["content"] + "\n" +

    "content-length: " + contentLength + "\n" +

    content;


    var hmac = generateAuthHeader(dataToSign);

    var authorisation = "Signature keyId=\"" + environment["api-key"] + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"" + hmac + "\"";


    postman.setEnvironmentVariable("authorisation", authorisation);

    postman.setEnvironmentVariable("currentDate", date);

    postman.setEnvironmentVariable("contentLength", contentLength);

Answers

  • Hi @fjhumka

    Are you using the POSTMAN to initiate the API call, if yes, the we would request you to kindly delete the postman collection and environment settings and then re-import the collections & environment. Once done, please try initiating the API call again and let us know if issue persist.

  • Hi @Vivek Kumar Singh ,

    Thank you for your response.

    I am actually initiating the API call through a Web Request in JIRA.

    I am not too sure about the structure of the Authorization header though:

    Signature keyId="XXXXXXXXXXXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="YYYYYYYYYYYYYYYYYYYYYYYYYYY"

    Regards

  • Hi @Vivek Kumar Singh

    Thank you very much for your response.

    This works fine in Postman.

    However I am trying to access WorkCheck One API through JIRA Web Request and I am prompted with the 401 error.

    It seems that the "Authorization" header of JIRA is not recognizing the format. Any idea of how to configure this?

    Response 401

    Headers (5)

    Date: Fri, 24 Sep 2021 04:54:55 GMT

    Transfer-Encoding: chunked

    Connection: keep-alive

    Strict-Transport-Security: max-age=15552000, includeSubdomains

    Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length"


    Request POST https://api-worldcheck.refinitiv.com/v2/cases/screeningRequest

    Headers (2)

    Authorization: Signature keyId="XXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="YYYYY"

    Content-Type: application/json

    Payload

    {

    "groupId": "5jb6nlmky7ma1fznxdeemjygm",

    "entityType": "INDIVIDUAL",

    "caseId": "",

    "providerTypes": [

    "WATCHLIST"

    ],

    "name": "",

    "nameTransposition": false,

    "secondaryFields": [],

    "customFields": []

    }


    Regards,

  • Hi @fjhumka

    Can you please help us with the actual Request headers & Response Headers along with the IP address. We need these details to troubleshoot further.

    Thanks

Welcome!

It looks like you're new here. Sign in or register to get started.

Welcome!

It looks like you're new here. Sign in or register to get started.