For a deeper look into our World Check One API, look into:

Overview |  Quickstart |  Documentation |  Downloads

question

Upvotes
Accepted
malatasi avatar image
1 1 1 2

Unauthorized 401 when calling /cases with POST

Hello,

I was looking into testing our access by generating a simple request to the Pilot environment, using a POST request to the “/cases” relative path (rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases) and was getting a response back with the unauthorized 401 error.

So just wanted to confirm that the authorization header is required for this environment, and if so I have the following questions:

  • Should the HMAC value (which is computed by the API client and provided in the signature attribute of the authorization header of the request) match that of the example provided in the security.html file, when the same security key is used in the computation (1234 in that case)?
    • If so, I wasn’t able to compute the exact HMAC base64-encoded signature, neither online nor through standard Java libraries (e.g. javax.crypto.Mac, javax.crypto.spec.SecretKeySpec, org.apache.commons.codec.binary.Hex, java.util.Base64)
    • Does the spacing for the sample signing text for the HMAC computation matter (specifically indentation within the JSON part of the text)?

Thanks!

Mohamad

world-checkworld-check-onejavaerror-401
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

· Write an Answer
Upvotes
Accepted
brian.bourgault avatar image
3.1k 18 7 7

Hi @malatasi,

There are number of reasons a request will fail and return 401 Unauthorized.

Our clients have found the best approach to learning the API has been to download Postman (free) and the World-Check One API Postman Collection. The API collection is available in the downloads tab on the Dev Com portal and the JSON environment file has the WC1 pilot user credentials so the API examples work right "out of the box"

You'll see the Pre-script has the Authorization header code required for every request.

And yes, a space in the signature will affect the authorization signature.

Hope this helps,

Brian

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
brian.bourgault avatar image
3.1k 18 7 7

Consider watching:

World-Check One API – Overview and Quick Start

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.