For a deeper look into our World Check One API, look into:

Overview |  Quickstart |  Documentation |  Downloads

question

Upvotes
Accepted
24 2 3 6

Receiving Error Code 401 when trying to post a case.

When trying to post a case using my own API key and secret I'm receiving error code 401 everytime. I'm using the sample code provided in the C# example for the generateAuthHeader function, and have been able to call GET requests without issue.

The string I'm using for my content is:

{\"secondaryFields\":[],\"entityType\":\"INDIVIDUAL\",\"customFields\":[],\"groupId\":\"" + GroupId + "\",\"providerTypes\":[\"WATCHLIST\"],\"name\":\"乔治布什\"} with GroupId being replaced with ''.

My Data To Sign is formatted as follows:

(request-target): post /v1/cases
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Tue, 03 Jul 2018 12:59:32 GMT
content-type: application/json
content-length: 167
{"secondaryFields":[],"entityType":"INDIVIDUAL","customFields":[],"groupId":"0a3687cf-63f9-125f-9904-7a1500000298","providerTypes":["WATCHLIST"],"name":"乔治布什"}

Is there something I'm missing?

For reference, below is the .Net code that I'm using to generate the hmac:

public static string generateAuthHeader(string dataToSign, string apisecret)
    {
      byte[] secretKey = Encoding.UTF8.GetBytes(apisecret);
      HMACSHA256 hmac = new HMACSHA256(secretKey);
      hmac.Initialize();
      byte[] bytes = Encoding.UTF8.GetBytes(dataToSign);
      byte[] rawHmac = hmac.ComputeHash(bytes);
      Console.WriteLine("---rawHmac---");
      string hex = BitConverter.ToString(rawHmac).Replace("-", "");
      Console.WriteLine(hex);
      return (Convert.ToBase64String(rawHmac));
    }
world-checkworld-check-oneerror-401
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
Accepted
4.2k 8 5 6

@mspicer,

I have checked the HMAC code you are using to create the encrypted signature and it appears to be correct.
The headers and the content-length you are using is correct too.
Kindly check the "date header value" you are sending in the request and see if it is in sync with the reponse date header value and the NTP. If the date header value is not in sync or accurate, that can be the reason for the 401 error.


Please provide me the response headers that is being returned after you encounter a 401 status code so that I can debug this further.


Also, please send me the authorization header you are sending (you can fade out the API secret but I would like to look at the signature).

You can check if the HMAC signature being genrated is correct or not by sending the same request using Postman. For this, you have to use the same date header value (you sent to WC1 API and received a 401 error) in the pre request script of Postman and send the request. Obviously, the request will fail but this will still generate the signature and you can view it by clicking on code. Kindly compare the HMAC generated by your code and the one generated by Postman to see if they match.

Also, you can refer to our sample code in C# in the "code examples" section of our download page. Here is the link:

https://developers.thomsonreuters.com/customer-and-third-party-screening/world-check-one-api/downloads

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
4.2k 8 5 6

@mspicer

Following up on this to know if you are still facing the issue. If yes, kindly provide me the requested information so that I can investigate further.

Also, I am adding another question for the 401 error you are receiving. Is your request working correct, if the value of the attribute "name" in the payload does not consist of any special characters, for example: names like John, Jane etc. or the 401 error occurs only when you send a request with special characters (in this case: 乔治布什)?

If your request works fine with names without special characters, then you must UTF encode your payload to avoid the error when sending names with special characters to the endpoint in question.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
24 2 3 6

Hi Irfan,

Sorry for the delayed response. I tried this again late last night so I could send you the header information but it's now working correctly all the time with 0 changes made to the code.

For now this no longer seems to be an issue but thanks for the assisstance :)

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.