SEQ-5b & SEQ-4a Returning 401
SEQ-4a
Case System ID:
0a3687d0-63f9-1b2e-991b-bb99003c12aa
Data to Sign:
(request-target): post /v1/cases/0a3687d0-63f9-1b2e-991b-bb99003c12aa/screeningRequest host: rms-world-check-one-api-pilot.thomsonreuters.com date: Fri, 06 Jul 2018 10:03:57 GMT
Auth:
Signature keyId="{
{api-key}}",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="/aaGesbftj4fzjfz//MRYRMsRvWDMTA2dUSM0dgjVWU="
SEQ-5b
Case System ID:
0a3687d0-63f9-1b2e-991b-bb99003c12aa
Data To Sign:
(request-target): get /v1/cases/0a3687d0-63f9-1b2e-991b-bb99003c12aa/results host: rms-world-check-one-api-pilot.thomsonreuters.com date: Fri, 06 Jul 2018 10:08:54 GMT
Auth:
Signature keyId="{
{api-key}}",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="23AQyY0At7IPvrtsYsrqLvWYl7bovq2vYgKdm+sXmf8="
I've been happily using SEQ-1a, SEQ-2a and SEQ-2c with no issues so I'm fairly confident in my hmac generation. Is there something else I'm missing?
@mspicer I see that you have mentioned your API key in the post. Can you please remove your API key or mask it? I have made this post private for now so that you can make the edit.
I am looking into your query and will get back with updates in a short while.
@mspicer ,
I concur that the HMAC signature is correct.
The issue is with the authorization header you are sending. Kindly note although this is a POST request, we do not expect you to send the content-type and content-length in it.
So for when hitting the endpoint "screeningRequest", please make sure the auth headers are in the below format:
Signature keyId="{ {api-key}}",algorithm="hmac-sha256",headers="(request-target) host date",signature="{ {HMAC-SIGNATURE}}"
When hitting the endpoint results, please make sure the auth headers are as below:
Signature keyId="{ {api-key}}",algorithm="hmac-sha256",headers="(request-target) host date",signature="{ {HMAC-SIGNATURE}}"
I think this should fix the error 401 you are getting.