Discover Refinitiv
MyRefinitiv Refinitiv Perspectives Careers
Created with Sketch.
All APIs Questions & Answers  Register |  Login
Ask a question
  • Questions
  • Tags
  • Badges
  • Unanswered
Search:
  • Home /
  • Screening /
  • World-Check One /
avatar image
Question by Max Daneshvar · Apr 23, 2018 at 05:58 AM · phpresponsecurl

php curl response is blank

I am initiating the integration to World-Check One and right off the bat I am facing an issue with getting no response when I make a GET request through php cURL. I have followed the postman collection, and used the php cURL that was generated in there. Postman gives the response while my code doesn't. I have tested the base64_encode of hmac-sha256 as well and all are being generated as expected in the private functions of the class.

The last function is what I am calling for getting the list of groups.

Here is my code:

class ThomsonReutersHelper
{
    /**
     * Generate header signature
     *
     * @param $dataToSign
     * @return string
     */
    private function generateAuthHeader($dataToSign)
    {
        if(!($secret = config('app.tr_secret'))){
            Log::warning('[TR-generateAuthHeader] Missing app secret.');
            return forbiddenError('Missing TR Secret.');
        }
        try{
            return base64_encode(hash_hmac('sha256', $dataToSign, $secret));
        }
        catch (\Exception $e){
            Log::error('[TR-generateAuthHeader] failed.',[$e->getMessage()]);
            return serverError('Failed to generate auth header.');
        }
    }

    private function dataToSign($endpoint, $date)
    {
        if(!($url = config('app.tr_url'))){
            Log::warning('[TR-dataToSign] Missing TR url.');
            return forbiddenError('Missing URL.');
        }
        if(!($host = config('app.tr_host'))){
            Log::warning('[TR-dataToSign] Missing TR host.');
            return forbiddenError('Missing Host.');
        }

        return "(request-target): get " . $url . "$endpoint\n"."host: $host\n"."date: $date";
    }

    private function getHeaderData($endpoint)
    {
        if(!($key = config('app.tr_key'))){
            Log::warning('[TR-getHeaderData] Missing TR key.');
            return forbiddenError('Missing key.');
        }
        $date = gmdate('D, d M Y H:i:s').' GMT';
        $authorization = "Signature keyId=\"" . $key . "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" . $this->generateAuthHeader($this->dataToSign($endpoint, $date)) . "\"";
        return [
            'authorization' => $authorization,
            'date' => $date
        ];
    }

    public function test(){
        $endpoint = 'groups';
        $headers = $this->getHeaderData($endpoint);
        $curl = curl_init();
        curl_setopt_array($curl, array(
            CURLOPT_URL => config('app.tr_host').config('app.tr_url').$endpoint,
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_ENCODING => "",
            CURLOPT_MAXREDIRS => 10,
            CURLOPT_TIMEOUT => 30,
            CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
            CURLOPT_CUSTOMREQUEST => "GET",
            CURLOPT_HTTPHEADER => array(
                "Authorization: ".$headers['authorization'],
                "Cache-Control: no-cache",
                "Content-Type: application/json",
                $headers['date']
            ),
        ));

        $response = curl_exec($curl);
        $errno = curl_errno($curl);
        $err = curl_error($curl);

        curl_close($curl);

        if ($errno) {
            return "cURL Error #:" . $err;
        } else {
            return $response;
        }
    }
}

People who like this

0 Show 0
Comment
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

7 Replies

  • Sort: 
avatar image
Best Answer
Answer by Max Daneshvar · Apr 24, 2018 at 06:59 AM

Ok so the problem with generating the signature was:

  • Under generateAuthHeader function, forth parameter was required to be true ($hmac = hash_hmac('sha256', $dataToSign, $secret, true);)
  • The dataToSign() function should return in this format: return "(request-target): get $url$endpoint\nhost: $host\ndate: $date";
Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Answer by Irfan.Khan · Apr 23, 2018 at 07:43 AM

Hello @Max Daneshvar ,

What is the response code you are receiving when you call the API?

Kindly compare the signature generated by your code and the one generated by Postman to see if they match. For this, execute your code and then use the same time stamp in Postman and send the API request (obviously the API would fail as the time stamp is incorrect but it would still generate the signature) to check the signature being generated by it.

You can check this in Postman by clicking the code just below "Save" button on the right side of Postman. Select the dropdown as PHP->curl. This will generate the entire code along with the entire code for that particular request.

You can use this to understand when you are going wrong.

I would need the response code to debug this further.

Please send me the output generated by your code in the below format so that I can look into this.

Request End Point: https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/groups
GET(request-target): get/v1/groups
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Fri, 06 Apr 2018 06:21:40 GMT

Signature keyId="0b9f66af-044ea74bf97db",algorithm="hmac-sha256",headers="(request-target) host date",signature="JhBYaQc/fo0PK3KANaGmFPVBl+F0Mm5cyoR3z9i3ysw="

Comment

People who like this

0 Show 3 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
Max Daneshvar · Apr 24, 2018 at 01:16 AM 0
Share

Hi @Irfan.Khan,

Below is generated by my code:

Request End Point: https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/groups

GET(request-target): get/v1/groups
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Tue, 24 Apr 2018 05:00:44 GMT

(Above format is modified to follow your guide, added GET in front, and a space from get /v1/groups)

Signature keyId=\"f8bd552a-f52d-4b3c-ad9e-eaf7038e99f7\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"1flazxQiyyRlZgwIm9buzUedL2z7iekjDTf2BDwkMyU=\"

Status comes back as 200 with a blank page.

avatar image
REFINITIV
Irfan.Khan ♦♦ · Apr 24, 2018 at 04:58 AM 0
Share

Hi @Max Daneshvar ,

I apologize to paste the wrong format for the dataToSign output.

Please find the correct one below:

(request-target): get /v1/groups

host: rms-world-check-one-api-pilot.thomsonreuters.com

date: Tue, 24 Apr 2018 05:00:44 GMT

There is a space after "get" in the line "(request-target): get /v1/groups".

Getting a 200 response for this is quite unusual as this should fail with a 401 unauthorized error.

avatar image
Max Daneshvar Irfan.Khan ♦♦ · Apr 24, 2018 at 05:10 AM 0
Share

I am using php cURL and it is suppose to either return the error or give me the response. I get blank response with status 200.

Regarding the format of dataToSign, I have tried this as well, and still was I see is a different signature as compared to postman even though I am copying the exact date value (as string) into my code and sending the date statically.

it is either I am getting the format wrong somehow or base64_encode(hash_hmac('sha256', $dataToSign, $secret, true)) in php doesn't do what the java code is doing in postman.

avatar image
REFINITIV
Answer by Irfan.Khan · Apr 23, 2018 at 08:29 AM

Hello @Max Daneshvar ,

Just reviewed the code, please check the value of variable $url that you are using in the function dataTosign (). This function should return value in the below format:

GET(request-target): get/v1/groups
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Fri, 06 Apr 2018 06:21:40 GMT

Also, please check the below code of the function test(). It should pass headers to WC1 API which is acceptable by the system.

CURLOPT_HTTPHEADER => array(
"Authorization: ".$headers['authorization'],
"Cache-Control: no-cache",
"Content-Type: application/json",
$headers['date']
),

Please find the format below:

'Date': "Mon, 23 Apr 2018 11:20:00 GMT",
'Authorization': "Signature keyId=\"13dfjfhaofjoifjasdlan34663c067\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"wvmiGG5TZW7NtSjycL2eetbn/jG5FO9+BknJNnnumZQ=\"",

Comment

People who like this

0 Show 2 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
Max Daneshvar · Apr 24, 2018 at 01:18 AM 0
Share

could you please clarify what you mean by WC1 API please?

avatar image
REFINITIV
Irfan.Khan ♦♦ · Apr 24, 2018 at 05:01 AM 0
Share

@Max Daneshvar ,

Here, WC1 API stands for the system which checks the authorization headers and the date headers being sent to it as an API request by the client.

avatar image
Answer by Max Daneshvar · Apr 24, 2018 at 01:23 AM

I have noticed that postman collection has stopped working since past few hours with the test error of "Status code is 200 | AssertionError: expected false to be truthy" even after completely re-importing and re-adding the key and secret.

Aside from that, another thing that I have noticed is in my code here:

base64_encode(hash_hmac('sha256', $dataToSign, $secret, true))

(added true at the end after I noticed my code is generating a much longer string than it should and the "true" now makes it return the right length) isn't returning the same value from postman!

Comment

People who like this

0 Show 3 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Irfan.Khan ♦♦ · Apr 24, 2018 at 05:08 AM 0
Share

@Max Daneshvar ,

I just tested your API pilot account with the help of Postman and I was unable to reproduce the error. I called the API endpoint groups and got a 200 ok response code with all the groups available in your account as the response body.

Please send me the screenshot of the Postman so that I can look into it. Please include the Postman Console logs.

avatar image
Max Daneshvar Irfan.Khan ♦♦ · Apr 24, 2018 at 05:25 AM 0
Share

Apparently there are some issues with postman itself where the test fails. I have faced it twice today, but the issue goes away after I reboot so this isn't really related to the APIs and rather postman itself.

avatar image
REFINITIV
Irfan.Khan ♦♦ · Apr 24, 2018 at 06:48 AM 0
Share

@Max Daneshvar ,

Yes, you are expected to set the "raw_output" parameter as TRUE, in order to get the correct HMAC.

Check this out.

https://stackoverflow.com/questions/11002603/base64-encode-different-between-java-and-php

avatar image
Answer by Max Daneshvar · Apr 24, 2018 at 03:09 AM

What I am noticing is, whatever I am doing here, I am unable to generate the same signature code.

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Answer by Irfan.Khan · Apr 24, 2018 at 06:32 AM

Hello @Max Daneshvar ,

I am not well versed with PHP curl so I will not be able to help you with the code but your function should generate the same HMAC signature as being produced in Postman for this to work.

In order to make sure that HMAC signature is correct, the value being returned by the dataTosign should be accurate.

You can have a look at our sample code (in JS, JAVA, C#) in the download section of our developer community to understand this.

Please go through the document "security.html" available in the API documentation which explains how to write API requests and what the format of dataTosign value should be.

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
Answer by ignacio.valenzuela · Nov 28, 2020 at 01:00 AM

I would be grateful if you could help me, I am using the same code of the question, with the corrections that you indicated, but I cannot make it work, in Postman I do not have problem, it was solved, but the code generated by POSTMAN or the code of the friend return me the same thing.

<body>
\t\t<div>
\t\t\t<p>
\t\t\t<img src="http://statcont.westlaw.com/images/tr_logo_40.gif" width="228" height="48" alt="Thomson Reuters" border="0">
\t\t\t<h1>We&rsquo;re sorry...</h1>
\t\t\t<h2>The page you are trying to display is not available.</h2>
\t\t\t
\t\t</div>
</body>


Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Watch this question

Add to watch list
Add to your watch list to receive emailed updates for this question. Too many emails? Change your settings >
9 People are following this question.

Related Questions

400 when Posting a case

php return 401 Unauthorized response, but postman success

WCO: Empty Arrays in API Responses

Call for the templates of API response. Empty json arrays

How to generate Signature in PHP any one help me ?

  • Feedback
  • Copyright
  • Cookie Policy
  • Privacy Statement
  • Terms of Use
  • Careers
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Spaces
  • Alpha
  • App Studio
  • Block Chain
  • Bot Platform
  • Calais
  • Connected Risk APIs
  • DSS
  • Data Fusion
  • Data Model Discovery
  • Datastream
  • Eikon COM
  • Eikon Data APIs
  • Electronic Trading
    • Generic FIX
    • Local Bank Node API
    • Trading API
  • Elektron
    • EMA
    • ETA
    • WebSocket API
  • Legal One
  • Messenger Bot
  • Messenger Side by Side
  • ONESOURCE
    • Indirect Tax
  • Open PermID
    • Entity Search
  • Org ID
  • PAM
    • PAM - Logging
  • ProView
  • ProView Internal
  • Product Insight
  • Project Tracking
  • Refinitiv Data Platform
    • Refinitiv Data Platform Libraries
  • Rose's Space
  • Screening
    • Qual-ID API
    • Screening Deployed
    • Screening Online
    • World-Check One
    • World-Check One Zero Footprint
  • Side by Side Integration API
  • TR Knowledge Graph
  • TREP APIs
    • CAT
    • DACS Station
    • Open DACS
    • RFA
    • UPA
  • TREP Infrastructure
  • TRIT
  • TRKD
  • TRTH
  • Thomson One Smart
  • Transactions
    • REDI API
  • Velocity Analytics
  • Wealth Management Web Services
  • World-Check Data File
  • Explore
  • Tags
  • Questions
  • Badges