For a deeper look into our World Check One API, look into:

Overview |  Quickstart |  Documentation |  Downloads

question

Upvotes
Accepted
11 3 3 9

SEQ-4a Post Screen a case get Error 401 Unauthorized

Hi, Try to implement Screen a case like sample SEQ-4a. Post request get Error 401 Unauthorized. I find the sample authorisation header string does not contains content-type and content-length as described as in the Quick Start. My question is if this is the matter for the case. Please help. Thanks. John

world-checkworld-check-oneerror-401post
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Hi, i have found the problem and got this issue resolved. Basically it is the the HTTP component bug does not stream string parameters in order. Also there is another reasons cause the body string not compatible with the REST server. Thanks a lot for the help. John

Upvote
Accepted
3.1k 18 7 7

Hi John,

There are a number of reasons you may receive a 401 status. Note some of the PUT/POST requests do no have a body, hence do not require content length... I suggest, if possible, share the code you wrote that is not working...also note that one of your groups is setup as a Zero Footprint group and so screening a case will not be permitted in that group, use one of the other groups you've setup.

Brian

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Thanks Brian for the reply. I use the postman default group-id.

Upvotes
11 3 3 9

Hi Brian,

I use the postman default group id in the pilot environment.

Please check the source code as below, for the function of “Save a simple case”

// -----------------------

procedure TForm2.btSaveasimplecaseClick(Sender: TObject);

var

response : string;

RequestBody : TstringStream;

tt : TBytes;

dataToSign, strdatetime : string;

thedate : tdatetime;

const

strbody='{ "entityType": "INDIVIDUAL", "groupId":"418f28a7-b9c9-4ae4-8530-819c61b1ca6c","providerTypes": ["WATCHLIST"], "name": "John Doe"}';

strbaseurl='https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases';

begin

thedate:=now-(13/24); // get server time , the offset of the time different is 13 hours

strdatetime:= formatdatetime('ddd, dd mmm yyyy hh:mm:ss "GMT"',thedate);

edtdate.Text:=strdatetime; // display purpose – date string

dataToSign:= '(request-target): post /v1/cases'+#10 +'host: rms-world-check-one-api-pilot.thomsonreuters.com' +#10+'date: '+strdatetime+#10+'content-type: application/json'+#10+'content-length: '+

inttostr(length(strbody))+#10+strbody;

msignstring.Lines.Text:=datatosign; // Sign string -- display purpose

tt:=System.Hash.THashSHA2.GetHMACasBytes(dataToSign,APIsecret,SHA256);

edtsignatures.text:=EncodeBase64(tt,length(tt)); // signature string - display purpose

edtauth.Text:='Signature keyId="a4364e62-e58b-4b64-9c71-faead5417557",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="'+edtsignatures.text+'"'; // authorization string

edit1.Text:=inttostr(length(strbody)); // content -length

RequestBody := TStringStream.Create(strbody, TEncoding.UTF8);

RequestBody.Position := 0;

try

IdHTTP1.Request.CustomHeaders.Clear;

IdHTTP1.Request.Method:=Id_HTTPMethodPost;

IdHTTP1.Request.ContentType := 'application/json';

IdHTTP1.Request.CustomHeaders.AddValue('cache-control', 'no-cache');

IdHTTP1.Request.CustomHeaders.AddValue('authorization',edtauth.Text);

IdHTTP1.Request.CustomHeaders.AddValue('date', strdatetime);

IdHTTP1.Request.CustomHeaders.AddValue('content-type', 'application/json');

IdHTTP1.Request.CustomHeaders.AddValue('content-length', inttostr(length(strbody)));

try

IdHTTP1.Post(strbaseurl, RequestBody);

except

on e:EIdHTTPProtocolException do

begin

showmessage(e.ErrorMessage+' .. '+ e.Message );

end;

on e:exception do

showmessage(e.Message);

end;

memo1.Lines.text:=IdHTTP1.ResponseText;

finally

RequestBody.Free;

end;

end;

// --------------------- end of code ---------------

Sign string:

(request-target): post /v1/cases

host: rms-world-check-one-api-pilot.thomsonreuters.com

date: Mon, 09 Jan 2017 23:38:56 GMT

content-type: application/json

content-length: 130

{ "entityType": "INDIVIDUAL", "groupId":"418f28a7-b9c9-4ae4-8530-819c61b1ca6c","providerTypes": ["WATCHLIST"], "name": "John Doe"}


Signature:

QldTAT5loM20vBrFMBZg1ErrnYnrVtPcx+ZpxQKjkqo=

Authorization:

Signature keyId="a4364e62-e58b-4b64-9c71-faead5417557",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="QldTAT5loM20vBrFMBZg1ErrnYnrVtPcx+ZpxQKjkqo="

Date:

Sun, 08 Jan 2017 21:52:47 GMT

Content Length:

130

Response:

HTTP/1.1 400 Bad Request

Any ideal? Thanks

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
3.1k 18 7 7
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.