I was looking into testing our access by generating a simple request to the Pilot environment, using a POST request to the “/cases” relative path (rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases) and was getting a response back with the unauthorized 401 error.
So just wanted to confirm that the authorization header is required for this environment, and if so I have the following questions:
- Should the HMAC value (which is computed by the API client and provided in the signature attribute of the authorization header of the request) match that of the example provided in the security.html file, when the same security key is used in the computation (1234 in that case)?
- If so, I wasn’t able to compute the exact HMAC base64-encoded signature, neither online nor through standard Java libraries (e.g. javax.crypto.Mac, javax.crypto.spec.SecretKeySpec, org.apache.commons.codec.binary.Hex, java.util.Base64)
- Does the spacing for the sample signing text for the HMAC computation matter (specifically indentation within the JSON part of the text)?