Hi,
I am using a demo account for World Check One APIs. I needed to consume a few APIs and display information on the Frontend (ReactJs). Can understand that due to browser's CORS policy was getting 401 response code on the Frontend but I tried consuming the API on a Node/ Express backend environment and still getting the same response code and no data. I have tested the APIs on Postman as well as Java and it is working fine but need a solution for JavaScript based Frontend and Backend.
Copying the code for reference:
// Using Axios client to consume API const url = "https://api-worldcheck.refinitiv.com/v2/cases/screeningRequest"; const body = JSON.stringify({ groupId: "********", entityType: "INDIVIDUAL", caseId: "", providerTypes: ["WATCHLIST"], caseScreeningState: { WATCHLIST: "INITIAL", }, name: "John Smith", nameTransposition: false, secondaryFields: [], customFields: [], }); const options = { headers: { "Date": new Date(), "Content-Type": "application/json", "Authorization": authorisationCode(), "Content-Length": "10000", }, redirect: "follow", body }; axios .post( url, // body, options ) .then((response) => { console.log("response", response); }) .catch((error) => { console.log("error", error); });
// method used to generate Authorisation Code, this is working fine const authorisationCode = () => { var date = new Date().toGMTString(); var dataToSign = "(request-target): get " + "/v2/" + "groups\n" + "host: " + "api-worldcheck.refinitiv.com" + "\n" + "date: " + date; var hmac = generateAuthHeader(dataToSign); var authorisation = 'Signature keyId="' + "**********" + '",algorithm="hmac-sha256",headers="(request-target) host date",signature="' + hmac + '"'; return authorisation; };
const generateAuthHeader = (dataToSign) => { var hash = CryptoJS.HmacSHA256( dataToSign, "**********" ); return hash.toString(CryptoJS.enc.Base64); };
Following is the response both on Frontend and Backend respectively:
Frontend:
Backend:
status: 401, statusText: '', headers: AxiosHeaders { date: 'Fri, 14 Apr 2023 12:01:15 GMT', 'transfer-encoding': 'chunked', connection: 'close', 'content-security-policy': "default-src 'none'; frame-ancestors 'none'", 'strict-transport-security': 'max-age=15552000; includeSubDomains', 'x-frame-options': 'DENY', 'x-xss-protection': '1; mode=block', 'x-content-type-options': 'nosniff', authorization: 'WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length"' },