For a deeper look into our World Check One API, look into:

Overview |  Quickstart |  Documentation |  Downloads

question

Upvotes
Accepted
24 2 3 5

SEQ-5b & SEQ-4a Returning 401

SEQ-4a

Case System ID:
0a3687d0-63f9-1b2e-991b-bb99003c12aa
Data to Sign:
(request-target): post /v1/cases/0a3687d0-63f9-1b2e-991b-bb99003c12aa/screeningRequest host: rms-world-check-one-api-pilot.thomsonreuters.com date: Fri, 06 Jul 2018 10:03:57 GMT
Auth:
Signature keyId="{ {api-key}}",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="/aaGesbftj4fzjfz//MRYRMsRvWDMTA2dUSM0dgjVWU="

SEQ-5b

Case System ID:
0a3687d0-63f9-1b2e-991b-bb99003c12aa
Data To Sign:
(request-target): get /v1/cases/0a3687d0-63f9-1b2e-991b-bb99003c12aa/results host: rms-world-check-one-api-pilot.thomsonreuters.com date: Fri, 06 Jul 2018 10:08:54 GMT
Auth:
Signature keyId="{ {api-key}}",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="23AQyY0At7IPvrtsYsrqLvWYl7bovq2vYgKdm+sXmf8="

I've been happily using SEQ-1a, SEQ-2a and SEQ-2c with no issues so I'm fairly confident in my hmac generation. Is there something else I'm missing?

world-checkworld-check-oneerror-401
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

@mspicer I see that you have mentioned your API key in the post. Can you please remove your API key or mask it? I have made this post private for now so that you can make the edit.

I am looking into your query and will get back with updates in a short while.

Hi Irfan,

I've now removed the key as requested, apologies.

@mspicer

Thank you for that. I have made the question public again!

1 Answer

Upvotes
Accepted
4.2k 8 5 6

@mspicer ,

I concur that the HMAC signature is correct.

The issue is with the authorization header you are sending. Kindly note although this is a POST request, we do not expect you to send the content-type and content-length in it.

So for when hitting the endpoint "screeningRequest", please make sure the auth headers are in the below format:

Signature keyId="{ {api-key}}",algorithm="hmac-sha256",headers="(request-target) host date",signature="{ {HMAC-SIGNATURE}}"

When hitting the endpoint results, please make sure the auth headers are as below:

Signature keyId="{ {api-key}}",algorithm="hmac-sha256",headers="(request-target) host date",signature="{ {HMAC-SIGNATURE}}"

I think this should fix the error 401 you are getting.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Derp. Thanks Irfan. Working now.