Hello @cliff.ching ,

As the "SEQ-4a: Screen a case" calling the endpoint "screeningRequest" does not have a body in its request, so I think you should not include "content-type" and "content-length" in the "datatoSign" string object and in the authorization header.

I am writing a code snippet below. Can you please re code your script similar to the below snippet and let me know if it works.

string dataToSign = "(request-target): post " + gatewayurl + "groups\n" +  "host: " + gatewayhost + "\n" +  // no https only the host name 
 "date: " + date;  // GMT date as a string

     string hmac = generateAuthHeader(dataToSign, apisecret);

string authorisation = "Signature keyId=\"" + apikey + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" + hmac + "\"";

The WCI API post requests like "SEQ-2b: Save a very simple case" has a body and hence you should include "content-type" and "content-length" in both "data to sign" headers but not in "SEQ-4a: Screen a case".

For knowing what kind of data to send in which request, I strongly recommend you to install native Postman. Then download our Postman collections from the developer community "Download Section" and import it to Postman and fire APIs from it to understand how Postman sends data to the WC1 API. You can also generate the code in your preferred language in Postman which can help you to write better code to achieve your use case.

You can download Postman Collections from the link below. You have to use your dev com log in credentials to view the page.

https://developers.thomsonreuters.com/customer-and-third-party-screening/world-check-one-api/downloads

Kindly let me if your code is working after making the mentioned amendments.

Thanks,

Irfan Khan

Works! Thanks a lot!