Discover Refinitiv
MyRefinitiv Refinitiv Perspectives Careers
Created with Sketch.
All APIs Questions & Answers  Register |  Login
Ask a question
  • Questions
  • Tags
  • Badges
  • Unanswered
Search:
  • Home /
  • Screening /
  • World-Check One /
avatar image
Question by ziad.abourizk · Aug 16, 2018 at 02:30 AM · world check one apiwc1 apic#.netaudit event

SEQ-8: Retrieve the audit log for a case

Can anybody please help me how I can call a Seq 8 API Call from c#.net.These are my details

gatewayurl + "cases/" + caseSystemId + "/auditEvents";

What will be the dataToSign

Thanks in Advance

People who like this

0 Show 0
Comment
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

4 Replies

  • Sort: 
avatar image
REFINITIV
Best Answer
Answer by Irfan.Khan · Aug 16, 2018 at 03:45 AM

@ziad.abourizk

I think the content length you are sending is incorrect.

Please compare the content length for the same payload in Postman and the one generated using your code.

Please do not UTF encode the payload for this API call.

Simply put the payload in a variable, lets say "msg" and directly calculate its length by using

msg_length=msg.Length; # Do not UTF 8 encode the payload and then calculate the length.

# After the length has been calculate feed it to the dataToSign variable.

Also, send the same content length in the authorization header too (msg.Length;)

Comment

People who like this

0 Show 1 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
ziad.abourizk · Aug 16, 2018 at 04:20 AM 0
Share

thank you @Irfan.Khan, content length was the issue.

avatar image
REFINITIV
Answer by Irfan.Khan · Aug 16, 2018 at 03:02 AM

@ziad.abourizk

The dataToSign variable should be as below:

(request-target): post /v1/cases/0a3687d0-61fc-1aa9-9898-79020002677f/auditEvents

host: rms-world-check-one-api-pilot.thomsonreuters.com

date: Thu, 16 Aug 2018 06:51:17 GMT

content-type: application/json

content-length: 103

{ "query" : "actionType==SCREENED_CASE;eventDate>2010-01-01T00:00:00Z;eventDate<2020-01-01T00:00:00Z" }

Here,

0a3687d0-61fc-1aa9-9898-79020002677f- is my case system Id, you have to use your own case system Id to make this API call successful.

The below is the payload being used this request and should be fed in the dataToSign variable as well. However, the kind of content you are using depends on your use case. Please refer the audit API filter section in the schema reference document to know how can you use it.

"actionType==SCREENED_CASE;eventDate>2010-01-01T00:00:00Z;eventDate<2020-01-01T00:00:00Z" }


auditfilter.png

The authorization for this API call should be:

"Signature keyId="XXXXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date",signature="9waz5wx4FBLCZWpFumfM7514rpUe17oH5B9QeLRWHU8="

Kindly let me know if you need further clarification on this.


auditfilter.png (83.0 KiB)
Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Answer by Irfan.Khan · Aug 16, 2018 at 03:18 AM

@ziad.abourizk

Just to add on to my previous email, I will try suggesting an easy way to check if the API call you are making has the correct dataToSign value and the authorization in it.

First make an API request using your code. And lets say you are getting a 401 and you think that the dataToSign value or the authorization is incorrect, you can make the below checks to verify their format.

1. Use the "pre request script" option in Postman. The pre request script very clearly provides the right format of value required for each API call.

For example: Please check the pre-request script code of Postman for the audit API below:

function generateAuthHeader(dataToSign){
    var hash = CryptoJS.HmacSHA256(dataToSign,environment["api-secret"]);
    return hash.toString(CryptoJS.enc.Base64); 
}


var date = new Date().toGMTString();
var content = request.data.replace("{
                {user-id}}", environment["user-id"]);
var contentLength = unescape(encodeURIComponent(content)).length;


var dataToSign = "(request-target): post " + environment["gateway-url"] + "cases/" + environment["case-system-id"] + "/auditEvents\n" +
        "host: " + environment["gateway-host"] + "\n" +
        "date: " + date + "\n" +
        "content-type: " + environment["content"] +"\n" + 
        "content-length: " + contentLength + "\n" + 
        content;
        
var hmac = generateAuthHeader(dataToSign);
var authorisation = "Signature keyId=\"" + environment["api-key"] + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"" + hmac + "\"";


postman.setEnvironmentVariable("authorisation",authorisation);
postman.setEnvironmentVariable("currentDate",date);
postman.setEnvironmentVariable("contentLength",contentLength);

Please check the variable "dataToSign" and "authorisation" and compare it with the values generated by your code to find out the correct format. I am also attaching the screen capture of Postman that clearly shows where you can find the pre request script in Postman.

postmansnippet.png

2. Use the code section of the Postman to find the format in which the authorization header should be send.

Kindly let me know if you need further clarification on this.


postmansnippet.png (138.2 KiB)
Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
Answer by ziad.abourizk · Aug 16, 2018 at 03:34 AM

@Irfan.Khan

I am getting 401 error.

dataToSign

(request-target): post /v1/cases/0a3687d0-6523-15e6-994e-5ed400008dc8/auditEvents
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Thu, 16 Aug 2018 07:27:37 GMT
content-type: application/json
content-length: 121
{ "query" : "actionType == SCREENED_CASE; eventDate > 2010 - 01 - 01T00: 00:00Z; eventDate < 2020 - 01 - 01T00: 00:00Z" }

authorization

Signature keyId="xxxf",algorithm="hmac-sha256",headers="(request-target) host date",signature="t9iYCse0PXHcp8q0QHmlFk4HCr/Rx6uzq8OEUlXuvYM="

// Send the Request to the API server
HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create(requestendpoint);
// Set the Headers
WebReq.Method = "POST";
WebReq.Headers.Add("Authorization", authorisation);
WebReq.Headers.Add("Cache-Control", "no-cache");
WebReq.Date = dateValue; // use datetime value GMT time
WebReq.ContentType = "application/json";
WebReq.ContentLength = byte1.Length; Stream newStream = WebReq.GetRequestStream();
newStream.Write(byte1, 0, byte1.Length);

// Get the Response - Status OK
HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
// Status information about the request

Thanks,

Comment

People who like this

0 Show 2 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
ziad.abourizk · Aug 16, 2018 at 03:47 AM 0
Share

@Irfan.Khan

I changed the authorization to

Signature keyId="xxxf",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="t9iYCse0PXHcp8q0QHmlFk4HCr/Rx6uzq8OEUlXuvYM="

its not 401 its a 400.

"The remote server returned an error: (400) Bad Request."}

avatar image
REFINITIV
Irfan.Khan ♦♦ ziad.abourizk · Aug 16, 2018 at 03:49 AM 0
Share

@ziad.abourizk

Please refer to the last reply I have sent in this post.

400 Bad request is due to incorrect payload format.

Watch this question

Add to watch list
Add to your watch list to receive emailed updates for this question. Too many emails? Change your settings >
9 People are following this question.

Related Questions

New sources management

World-Check One API: Get World-Check profile that limited to a group

SEQ-5b: Get screening results. Not having Primary Name

Is it possible to delete a case via WC1 API ?

POST cases/screeningRequest returns 400 when secondary field Gender = UNKNOWN

  • Feedback
  • Copyright
  • Cookie Policy
  • Privacy Statement
  • Terms of Use
  • Careers
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Spaces
  • Alpha
  • App Studio
  • Block Chain
  • Bot Platform
  • Calais
  • Connected Risk APIs
  • DSS
  • Data Fusion
  • Data Model Discovery
  • Datastream
  • Eikon COM
  • Eikon Data APIs
  • Elektron
    • EMA
    • ETA
    • WebSocket API
  • Legal One
  • Messenger Bot
  • Messenger Side by Side
  • ONESOURCE
    • Indirect Tax
  • Open PermID
    • Entity Search
  • Org ID
  • PAM
    • PAM - Logging
  • ProView
  • ProView Internal
  • Product Insight
  • Project Tracking
  • Refinitiv Data Platform
    • Refinitiv Data Platform Libraries
  • Rose's Space
  • Screening
    • Qual-ID API
    • Screening Deployed
    • Screening Online
    • World-Check One
    • World-Check One Zero Footprint
  • Side by Side Integration API
  • TR Knowledge Graph
  • TREP APIs
    • CAT
    • DACS Station
    • Open DACS
    • RFA
    • UPA
  • TREP Infrastructure
  • TRIT
  • TRKD
  • TRTH
  • Thomson One Smart
  • Transactions
    • REDI API
  • Velocity Analytics
  • Wealth Management Web Services
  • World-Check Data File
  • Explore
  • Tags
  • Questions
  • Badges