question

Upvotes
Accepted
1 0 0 1

Status Code 401 when trying to do a GET on the /v2/groups endpoint

Hi All,


I'm trying to do a GET from SAP CPI to the following URL:

https://api-worldcheck.refinitiv.com/v2/groups


This is my Authorization Header:

Signature keyId="XXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date",signature="E2dR0K72weeOlebzLuK7iIeSg6sb1p7rsy6Q8E4PvXI="


This is the error message:

HTTP operation failed invoking https://api-worldcheck.refinitiv.com/v2/groups with statusCode: 401


This is the Response Headers:

Authorization : WWW-Authenticate: ********

Connection : keep-alive

Content-Length : 0

Content-Security-Policy : default-src 'none'; frame-ancestors 'none'

Date : Mon, 18 Dec 2023 05:30:53 GMT

Strict-Transport-Security: max-age=15552000; includeSubDomains

X-Content-Type-Options : nosniff

X-Frame-Options : DENY

X-XSS-Protection : 1; mode=block

#technology#productworld-checkerror-401
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
Accepted
1.1k 6 2 5

This query has been addressed via email communication, issue is that the user is not sending the API secret in correct format.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
1.1k 6 2 5

Hi @daniel.hokama.nahas ,

Thanks for reaching out to us!

If the request has failed with 401. This can happen for a variety of reasons, such as:

  1. An invalid API key/ API secret,
  2. An invalid HMAC signature.
  3. Request timing issue/problem with the Date header value. The API client should ensure a correctly synchronized clock is used to generate request timestamps.

Moreover, can you please share with us more information of the request headers and the response headers of the failed API requests to my email address directly anisetti.saikiranreddy@lseg.com so that we can investigate this further.


Thanks

Sai

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
1.1k 6 2 5

Hi @daniel.hokama.nahas,

Moreover, I've verified the logs on our side for the failed API request mentioned above. I can see the hmac signature sent is different than that you have pasted above, can you please verify whether the hmac is being generated correctly and the same value is being sent in the authorization header.

1702892233406.png


Thanks

Sai


1702892233406.png (41.3 KiB)
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
1 0 0 1

Hello Sai,


Just did another test right now.


Please check my Request Header:


Authorization: Signature keyId="xxxxxxxx",algorithm="hmac-sha256",headers="(request-target) host date",signature="jy8o0nOu0/7LkaR4PooxCBxK5H/fkQDkbM0FEd5f+is="

content-type: application/json

date: Mon, 18 Dec 2023 17:00:49 GMT



This is the Response Header:


Authorization : WWW-Authenticate: ********

Connection : keep-alive

Content-Length : 0

Content-Security-Policy : default-src 'none'; frame-ancestors 'none'

Date : Mon, 18 Dec 2023 17:00:49 GMT

Strict-Transport-Security: max-age=15552000; includeSubDomains

X-Content-Type-Options : nosniff

X-Frame-Options : DENY

X-XSS-Protection : 1; mode=block


Thank you.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.