World Check One API Case Screening 401 Unauthorized.
Hello,
I am creating a screening app in C# using the code snippet downloaded from Code Examples. When I try to use my API Key I am getting 401 error.
Error message
The remote server returned an error: (401) Unauthorized.
Data to Sign
(
(request-target): post /v1/cases
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Thu, 09 Aug 2018 13:44:45 GMT
content-type: application/json
content-length: 122
{"entityType":"INDIVIDUAL","groupId":"0a3687d0-64a6-1d01-9945-11b100000dfc","providerTypes":["WATCHLIST"],"name":"putin"}
Authorization header
Signature keyId="XXXXXXXXXXXXXXXXXXXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="RFA1OrzVIoACPV6uLxhQildTBNhjOVxtGhxt2iiQxcw="
Appreciate for the help!
Can you please remove or mask the API key from the post?
I have made the question private for the moment. I will make it public as soon as you have removed the API key.
Updates to follow in regard to the error.
As per the below link your current issue is resolved. Can you please accept this answer, so that the same is verified?
Link -
From the above provided information, the content length being generated for the below string is 122. However, on investigating further the actal content length seems to be 121.
{"entityType":"INDIVIDUAL","groupId":"0a3687d0-64a6-1d01-9945-11b100000dfc","providerTypes":["WATCHLIST"],"name":"putin"}
Secondly, can you please check the HMAC signature which is being generated using the postman is same as the one being generated from your code for the same timestamp?
Hello @Prabhjyot.Mandla
I tried postman and c# code with same timestamp. The HMAC signature key is different.
Please see the details here.
Postman
var settings = {
"async": true,
"crossDomain": true,
"url": "https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases/screeningRequest",
"method": "POST",
"headers": {
"Date": "Sun, 12 Aug 2018 05:43:03 GMT",
"Authorization": "Signature keyId=\\\"XXXXXXXXXXXXXXXXXXXXXXXXXXX\\\",algorithm=\\\"hmac-sha256\\\",
headers=\\\"(request-target) host date content-type content-length\\\",signature=\\\"meuBzTyEuRjycW4Yh0/Gm0tm1un048HevwjfLVF607c=\\\"",
"Content-Length": "146",
"Content-Type": "application/json",
"Cache-Control": "no-cache",
"Postman-Token": "90a4d123-6f41-4b66-a0ba-6907745068e9"
},
"processData": false,
"data": "{\n \"groupId\":\"0a3687d0-64a6-1d01-9945-119200000daf\",\n \"entityType\": \"INDIVIDUAL\",\n \"providerTypes\": [\n \"WATCHLIST\"\n ],\n \"name\": \"Bashar\"\n}"
}
my C# code
(request-target): post /v1/cases
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Sun, 12 Aug 2018 05:43:03 GMT
content-type: application/json
content-length: 122
{"entityType":"INDIVIDUAL","groupId":"0a3687d0-64a6-1d01-9945-11b100000dfc","providerTypes":["WATCHLIST"],"name":"Bashar"}
Signature keyId="XXXXXXXXXXXXXXXXXXXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="w7zZZ8lWk+r+MMXV1H8xKUhVsQn9tw4/NUFpZ79v2Hs="