For a deeper look into our World Check One API, look into:

Overview |  Quickstart |  Documentation |  Downloads

question

Upvotes
Accepted
32 4 7 12

World Check One API Case Screening 401 Unauthorized.

I am working on the integration World Check One API call into the system. I had tried to use Postman with provided WC1 Pilot environment to perform same API call and it able to create the case. I had followed the API sample for c# and it still gives me 401 unauthorized response.

I am here providing code which is being generated using the postman and the same being generated from my code for the same timestamp.

c# hmac
ymqgJIb9H4ETpJiu/T1MsdyBXD+n6qL1/NUVQFBVufc=
c# datatosign
(request-target): post /v1/cases
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Sun, 12 Aug 2018 07:51:57 GMT
content-type: application/json
content-length: 122
{"entityType":"INDIVIDUAL","groupId":"0a3687d0-64a6-1d01-9945-119200000daf","providerTypes":["WATCHLIST"],"name":"Bashar"}

c# authorisation
Signature keyId="xxxxxxxxxxxxxx",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="ymqgJIb9H4ETpJiu/T1MsdyBXD+n6qL1/NUVQFBVufc="

-------------------
POSTMAN
var settings = {
"async": true,
"crossDomain": true,
"url": "https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/groups/0a3687d0-64a6-1d01-9945-119200000daf",
"method": "GET",
"headers": {
"Date": "Sun, 12 Aug 2018 07:51:57 GMT",
"Authorization": "Signature keyId=\\\"xxxxxxxxxxx\\\",algorithm=\\\"hmac-sha256\\\",headers=\\\"(request-target) host date\\\",signature=\\\"ZwkG6dSdRE9EZS8N6iU7AbCIyuQfRhA15AOund+LaBg=\\\"",
"Cache-Control": "no-cache",
"Postman-Token": "d7a01eda-e360-4a39-9d8d-c298a2ed4d5b"
}
}

world-checkworldcheck-one-api
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
Accepted
4.2k 8 5 6

cusersu6068964downloadsapirequestsc.zip@ziad.abourizk

Can you please confirm the API call you are making so that I can assist you?

I see you are trying to save a case (API call- SEQ-2c: Save a case: Individual) when using your C# code, but see you are calling the API request -"SEQ-4a: Screen a case" in the Postman console.

As this is your first attempt, I would like to state that ideally the users start with a GET request to make sure the HMAC generation is correct and then move on to the complex POST requests.

I am attaching few sample code requests in C# (also available in the download section of the developer community) for your reference.

Attachment has one get request and one post request sample code.

Kindly note the code sample provided is to just guide the developers on how to generate successful requests and expect our clients to design their own code to suit their use case.


icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Thank you very much Irfan Khan, I got the result.

@ziad.abourizk

I am glad that I was able to help you with this

@Irfan.Khan

I saw the Get and Post sample and its working in my c#. But when I try to screen a case, I am getting 401 error.

I just changed the requestendpoint url to this
string requestendpoint = "https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases/screeningRequest";

Is there any thing else need to change.

My Hmac

+2zFCEhd5EEbi4Q2PVGhOXGhaEB22I6GK3X5IL2Gv4s=

Getting error

: 'The remote server returned an error: (401) Unauthorized.'

Upvotes
4.2k 8 5 6

@ziad.abourizk ,

I see the postman code shared is for the API call "SEQ-1b: Get a specific group by ID" while the C# data to sign value, c# HMAC and c# authorisation is for the API call "SEQ-2c: Save a case: Individual", so the HMAC signature for both the API calls will always be different.

That being said, I will try provide reason why the clients get 401 response code for the API call "SEQ-2c: Save a case: Individual" (POST).

Generally the users encounter 401 for the below reasons:

Incorrect data to sign value: This seems to be perfect and in correct format as per the example shared by you.

Authorisation: This is correct too.

HMAC signature: This seems to be incorrect as I used your account credentials to call the "SEQ-2c: Save a case: Individual" and see that the HMAC is different. The content length your code is calculating for the payload you are sending in your request seems to be incorrect too. Your code should be able to calculate the content length correctly to avoid the 401 unauthorized issue.

There can be two reasons why are you getting an incorrect HMAC:

1. Your code is generating an incorrect HMAC-BASE64 signature even though the data to sign value and the API secret being provided to the HMAC-BASE 64 function is correct.

2. The content length your code is calculating for the payload is incorrect which is leading to incorrect HMAC signature.

Can you please confirm if you are successfully able to make any GET request using your code? Has your HMAC worked for any of the requests till now?

Can you compare the content length being generated using your code and by postman and see if they are the same? For this make share you are using the same payload with exact spaces and characters in both postman and your code. If you see there is a difference in the content in both cases, this must be the reason for 401.

You can use the below code to calculate the content length in your code.

string postData = "{\"secondaryFields\":[],\"entityType\":\"INDIVIDUAL\",\"customFields\":[],\"groupId\":\"XXXXXXXXXXXXX\",\"providerTypes\":[\"WATCHLIST\"],\"name\":\"乔治布什\"}";
            //Console.WriteLine(postData.Length);
            string msg = postData; 
            //Console.WriteLine(msg);
            UTF8Encoding encoding = new UTF8Encoding();
            byte[] byte1 = encoding.GetBytes(postData);


WebReq.ContentLength = byte1.Length;

Please use byte1.Length in the data to sign variable for the value of content length.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Thank you @Irfan.Khan

So for each screening request, I should get the case Id first using the Save a Case API request, right ?

In my application I have to scan customers and organization. So for each one, I will create an API request for "Save A Case", then "Screen Case".

And can I reuse the case id for the next screen request? I mean I will get a case id and I use it on screening, and for the next screening I can use the same case id or I need to call the save a case again?

Also do you have any API which I can pass multiple case id and get results.

Thanks,

Upvote
4.2k 8 5 6

@ziad.abourizk

Kindly note for screening request API, we do not expect content length and content type to be sent in the authorization headers and in the data to sign variable, even though it is a POST request.

Data to sign variable should give the output in the below format:

(request-target): post /v1/cases/{ {case-system-id}}/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Sun, 12 Aug 2018 07:51:57 GMT

Please note { {case-system-id}} here should be replaced by the case system Id that was received in the JSON response when the API call "Save a case".

Authorization should be in the below format:

Signature keyId="XXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date",signature="DiInIutjPgjQ2eeKs7GPKQzrmxl57n15ah5ghEu1oik="

Also, the URL should be:

https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases/{ {case-system-id}}/screeningRequest

Here again the { {case-system-id}} should be replace by the case -system-id

So assuming { {case-system-id}} = 0a3687d0-6334-14b4-98d0-eab00000694d

The data to sign value should be:

(request-target): post /v1/cases/0a3687d0-6334-14b4-98d0-eab00000694d/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Sun, 12 Aug 2018 07:51:57 GMT

The URL should be:

"https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases/0a3687d0-6334-14b4-98d0-eab00000694d/screeningRequest

Also, you can always compare the kind of data to sign variable and the authorization header you have to send for each API call using the "code" section of Postman or the pre request script of Postman.

Kindly let me know if you need further clarification on this.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Thank you @Irfan.Khan

So for each screening request, I should get the case Id first using the Save a Case API request, right ?

In my application I have to scan customers and organization. So for each one, I will create an API request for "Save A Case", then "Screen Case".

And can I reuse the case id for the next screen request? I mean I will get a case id and I use it on screening, and for the next screening I can use the same case id or I need to call the save a case again?

Also do you have any API which I can pass multiple case id and get results.

Thanks,

@Irfan.Khan , still (401) Unauthorized.

URL
https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases/0a3687d0-6334-14b4-98d0-eab00000694d/screeningRequest


(request-target): post /v1/cases/0a3687d0-6334-14b4-98d0-eab00000694d/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Mon, 13 Aug 2018 18:06:13 GMT
{"secondaryFields":[],"entityType":"INDIVIDUAL","customFields":[],"groupId":"0a3687d0-64a6-1d01-9945-119200000daf","providerTypes":["WATCHLIST"],"name":"Bashar"}

HMAC
qrw1bRpP1ZWrZ4wyIxNhlDdgaz7mQeI8D5oaFQU1Tzw=

headers=\"(request-target) host date\",

Thanks,

Upvotes
4.2k 8 5 6

@ziad.abourizk

Please find the sequence of API calls in order to screen a case successfully and view the matches of the case below.

1. SEQ-1a: Get my top-level groups: This API call provides you the list of group Id available in your account.

2. SEQ-1c: Get the case template for a group: This API call provides the custom fields and secondary fields which can be used in step 3 to save a case.

3. SEQ-2c: Save a case: Individual: This API call saves the case with the payload/body sent in the request and returns a JSON response with the case -system-id. This call creates an entry but does not screen the case. The case-system-id is a unique identifier for each case generated by the system so that you can use it perform operations on it at a later stage.

4. SEQ-4a: Screen a case: Use the case-system-id obtained in step 3 to screen a case by calling this API.

5. SEQ-8: Retrieve the audit log for a case: Use the case-system-id to find out if the case has been screened or not by calling this API. To know more about audit API. Please refer to the link below:

https://community.developers.refinitiv.com/questions/26633/statuscode-1.html

5. SEQ-5b: Get screening results: If the case has been screened, use this API to get the list of all the matches populated due to screening the case. You have the case-system-id to pull the results of the associated case. It should be the same case-system-id that was returned when the case was saved in step 3.

6. SEQ-5c: Get a World-Check profile: Use the attribute ''referenceId' returned in the JSON response of step 5 to pull the entire world check profile of the match to identify if the match is a false positive, hit/no hit, etc.

You can also refer to the link below for more detailed info on how to screen cases using the API.

https://developers.thomsonreuters.com/customer-and-third-party-screening/world-check-one-api/quick-start?content=45260&type=quick_start

The above steps are used to screen cases asynchronously and the above sequence has to be followed.

This was to help you give you an idea of how screening is performed using the API. Let me answer your questions in the next answer I post.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

@Irfan.Khan

In my application I have to screen a party and get the result and based on that we will activate the party. So I am following these steps.

1. Get groupId and store for all future screening request. (one time)

2. Get Case System Id for a Customer (cases) (one time and store in customer master) and for future screening request I am taking the same case system Id from the Customer master. Is this a good method or do I need to generate case system id every time?

3. Screen Case (screeningRequest)

4. Get Result (results)

is this process ok? or is there a better way ?

thanks

Upvotes
4.2k 8 5 6

@ziad.abourizk

Please find the answer to your questions below:

So for each screening request, I should get the case Id first using the Save a Case API request, right ?

[Ans by Irfan]: Yes, you have save the case first to obtain a case-system-Id and then use the case-system-Id to screen the case or obtain the results after screening the case. Lets think of a case-system-id as an unique identifier that identifies each case that you save uniquely and refer them at a later point of time using the same case-system-Id.

In my application I have to scan customers and organization. So for each one, I will create an API request for "Save A Case", then "Screen Case".

[Ans by Irfan]: Yes, you have to create a new case for each entity name (individual/organization) and screen them after the case has been saved.

And can I reuse the case id for the next screen request? I mean I will get a case id and I use it on screening, and for the next screening I can use the same case id or I need to call the save a case again?

[Ans by Irfan]: Are you trying to re screen the same case again and do not want to create a new case? If yes, then you can use the case-system-Id. If you are trying to screen a new entity name, then you have to save that case which will give a new case-system-Id and then screen the case using the obtained case-system-id.

Also do you have any API which I can pass multiple case id and get results.

[Ans by Irfan]: Kindly note "Screening result" API uses the case-system-id and not the case-id to fetch the results of a case. No, we do have an API to get results for multiple case-system-ids.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvote
4.2k 8 5 6

@ziad.abourizk,

URLhttps://rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases/0a3687d0-6334-14b4-98d0-eab00000694d/screeningRequest

(request-target): post /v1/cases/0a3687d0-6334-14b4-98d0-eab00000694d/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Mon, 13 Aug 2018 18:06:13 GMT
{"secondaryFields":[],"entityType":"INDIVIDUAL","customFields":[],"groupId":"0a3687d0-64a6-1d01-9945-119200000daf","providerTypes":["WATCHLIST"],"name":"Bashar"}

HMACqrw1bRpP1ZWrZ4wyIxNhlDdgaz7mQeI8D5oaFQU1Tzw=

headers=\"(request-target) host date\",

As reported by you, I see you are sending the above parameters in your request to screen a case.

Please note this POST request does not need a payload so you should not be using the below payload/body at all. This information has already been given to us when you saved the case with the same payload.

{"secondaryFields":[],"entityType":"INDIVIDUAL","customFields":[],"groupId":"0a3687d0-64a6-1d01-9945-119200000daf","providerTypes":["WATCHLIST"],"name":"Bashar"}

So your data to sign value should be

(request-target): post /v1/cases/0a3687d0-6334-14b4-98d0-eab00000694d/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Sun, 12 Aug 2018 07:51:57 GMT

The authorization should be in the below format.

Signature keyId="XXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date",signature="DiInIutjPgjQ2eeKs7GPKQzrmxl57n15ah5ghEu1oik="

Kindly note you should be using the case-system-Id that was obtained when saving the case. The case-system-Id: 0a3687d0-6334-14b4-98d0-eab00000694d that I am using is just for an example and you should be using the case-system-Id associated to your case to get the correct result.

Case-system-Id are unique for each case and for each group and for each account, so always use the correct case-system-Id associated to your case, belonging to your group and account to screen the case.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Thank you @Irfan.Khan

I changed my code as per your steps.

dataToSign

(request-target): post/v1/cases/0a3687d0-6523-15e6-994d-df2200007c03/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Tue, 14 Aug 2018 08:32:07 GMT

authorization

Signature keyId="xxx",algorithm="hmac-sha256",headers="(request-target) host date",signature="po/m3y0aRZiI95U24isC5Wj8Z2glYh0JigJTjMdSokE="

I removed the contentLength from HttpWebRequest.

requestendpoint

https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases/0a3687d0-6523-15e6-994d-df2200007c03/screeningRequest

Still getting 401 !

@ziad.abourizk

Can you try with a space after post in the data to sign value you are creating?

Your dataToSign

(request-target): post/v1/cases/0a3687d0-6523-15e6-994d-df2200007c03/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Tue, 14 Aug 2018 08:32:07 GMT

The dataToSign to be used: (there is a space after post)

(request-target): post /v1/cases/0a3687d0-6523-15e6-994d-df2200007c03/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Tue, 14 Aug 2018 08:32:07 GMT

Kindly let me know if that works for you.

@Irfan.Khan

Thank you for pointing that. After putting space the 401 error gone !

But I am getting empty result. I used the following Request.

HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create(requestendpoint);
// Set the Headers
WebReq.Method = "POST";
WebReq.Headers.Add("Authorization", authorisation);
WebReq.Headers.Add("Cache-Control", "no-cache");
WebReq.Date = dateValue;

The jsontxt is Empty

Thank you.

@ziad.abourizk

The Screen a case API does not return any JSON response. It returns only the response code 201 Created. This is the reason why the jsontxt is empty.

The screen a case API not returning JSON is an expected response.

Returning a 201 response code means the request to screen the case has been submitted to the system and the case will be screened at a later time depending on the load capacity of the WC1 system.

Please refer to the API documentation for more information on the kind of responses we send for each API call.

@Irfan.Khan

Thanks, Can you please guide me to code the Audit List API and the Result API.

I am copying from Postman but the result API gives me 401.

dataToSign

(request-target): post /v1/cases/0a3687cf-6523-1341-994d-f04d00007956/results
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Tue, 14 Aug 2018 15:07:20 GMT

Also can you just provide me link to download the API documentation link same like the one you provided in this picture

https://community.developers.refinitiv.com/storage/attachments/2120-cusersu6068964picturesstatus-code.png

Thanks

@ziad.abourizk

Are you still facing a 401 for the screening result API? Kindly confirm so that I can assist you.

You can download the API documentation 1.5 from the link below. The name of the file to be downloaded is "World-Check One API Documentation 1.5"

https://developers.thomsonreuters.com/customer-and-third-party-screening/world-check-one-api/downloads

Once downloaded. please refer the wc1-api-schema-reference-documentation.html file to view the API schema of all the API request.

https://developers.thomsonreuters.com/customer-and-third-party-screening/world-check-one-api/downloads