Discover Refinitiv
MyRefinitiv Refinitiv Perspectives Careers
Created with Sketch.
All APIs Questions & Answers  Register |  Login
Ask a question
  • Questions
  • Tags
  • Badges
  • Unanswered
Search:
  • Home /
  • Screening /
  • World-Check One /
avatar image
Question by tim.loh · Sep 04, 2018 at 12:54 AM · header

Date Header Buffer

Hi, from the documentations, it is stated that:

Messages are further validated by timestamps, to help guard against replay attacks. Messages are only considered valid if they are processed at the point in time corresponding to their Date request header. A small buffer is used in this calculation to allow for minor clock drifts, discrepancies between client and server clocks, and data transfer round trip times. It is advised that when integrating with the World-Check One API, the machines involved in API communication are properly time synchronised via NTP to help prevent any message validity issues.

Can I know what is the exact buffer time? One of my request is hitting Unauthorized although the Authorisation header generated is correct. So I'm suspecting its the date timestamp being stale.

Thank you!

People who like this

0 Show 0
Comment
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

13 Replies

  • Sort: 
avatar image
REFINITIV
Answer by Irfan.Khan · Sep 04, 2018 at 01:00 AM

@tim.loh

The buffer time is about 40-50 seconds after which we consider the timestamp to be outdated.

Request you to pass the correct time by synchronizing your server clock or the system clock as per the NTP or the GMT clock and see if you are getting a 2XX response in return.

You can check if the HMAC signature you are sending is correct, by using Postman too.

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
Answer by tim.loh · Sep 04, 2018 at 02:25 AM
@Irfan.Khan

Thanks for the quick response!

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
Answer by tim.loh · Sep 04, 2018 at 03:00 AM

Hi @Irfan.Khan, upon investigating the timestamp and the response returned:
Request timestamp: Sat, 01 Sep 2018 18:16:00 GMT
Response returned at: 2018-09-01 18:17:40.110507

There is a 1 minute 40 seconds interval. Can I ask your team to check when did you receive our request? This happened in production environment so we would like to prevent the same issue from happening again.

Thank you.

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Answer by Irfan.Khan · Sep 04, 2018 at 03:36 AM

@tim.loh

Thank you for your response.

It is highly unlikely that the request would take 1 minute 40 second to reach the WC1 API server. Also, the response time of our API is generally in a range of 200 ms to 600 ms while some POST requests may take longer but not more than 700 ms.

One of the ways of identifying if the timestamp sent in the date header value is out of sync is to compare the request date header value and the response date header value. In this case, I see the timestamp to be out of sync by 1 minute and 40 second.

After the necessary change to synchronize the server clock/network or the system with NTP, your HTTP requests should be honored correctly.

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
Answer by tim.loh · Sep 04, 2018 at 04:05 AM

@Irfan.Khan

Only this particular request (out of many successful requests) took 1 minute 40 seconds. Our server time is already synced with NTP.

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Answer by Irfan.Khan · Sep 04, 2018 at 04:11 AM

@tim.loh

Thank you for the clarification.

Can you kindly provide me the endpoint or the API call that took the response time of 1 minute and 40 second?

Also, was this API call a part of concurrent requests sent at the same time or it was just a single request? If yes, how many requests were sent concurrently.

Please specify the response code of the API call so that I can check the server logs.

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
Answer by tim.loh · Sep 04, 2018 at 04:12 AM
@Irfan.Khan

Only this particular request (out of many successful requests) took 1 min 40 seconds. The system time is also synced to NTP. Is there any way you can get the log from your side?

Comment

People who like this

0 Show 2 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Irfan.Khan ♦♦ · Sep 04, 2018 at 04:15 AM 0
Share

@tim.loh

Kindly provide me the below information so that I check this.

1. The API call or the endpoint that was requested.

2. Was this API a part of concurrent request or it was just a single request sent at that second.

3. Please specify the response code that you received for the API call in question.

avatar image
tim.loh Irfan.Khan ♦♦ · Sep 04, 2018 at 05:12 AM 0
Share

1. API call: https://rms-world-check-one-api.thomsonreuters.com/v1/cases/0a3687c4-654c-19ee-9964-174d0032903d/results

2. It was a single request at that second.

3. The response returned 401 Unauthorized status code

avatar image
REFINITIV
Answer by Irfan.Khan · Sep 04, 2018 at 09:18 AM

@tim.loh

Thank you for the requested info.

We are looking into this to find out more about the 401 response you received.

Kindly allow me some time to get back on this.

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Answer by Irfan.Khan · Sep 06, 2018 at 09:35 AM

@tim.loh

Thank you for your patience.

I had written to the dev team to check the logs to identify the root cause. They have responded that they would need the raw request and response for the reported API call so that they can investigate further.

Kindly provide us the raw request and response so that we can proceed further with this.

Thanks.

Comment

People who like this

0 Show 2 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
tim.loh · Sep 07, 2018 at 05:54 AM 0
Share
@Irfan.Khan

The request headers is as follows (apikey has been removed):

[{ "Key":"Cache-Control", "Value":["no-cache"] },{ "Key":"Authorization", "Value":["Signature keyId=\"removed\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"TMdAA00uHhLSfygvLa/89tdU0a3Pw0WbupsZcHkjsQc=\""] },{ "Key":"Date", "Value":["Sat, 01 Sep 2018 18:16:00 GMT"] }]

For the response, we only log the http status code which is 401 Unauthorized.

avatar image
REFINITIV
Irfan.Khan ♦♦ · Sep 07, 2018 at 05:57 AM 0
Share

@tim.loh

Thank you for the requested info.

It is interesting to see that you were returned only 401 unauthorized in the response header as we generally return a lot of other info in it.

I have forwarded the details to our dev team and will get back to you with updates as soon as I have them.

Thanks

avatar image
REFINITIV
Answer by Irfan.Khan · Sep 07, 2018 at 08:12 AM

@tim.loh

Our dev team has replied that response header is important to pull the required logs.

Also, raw request provided only has the header and has the method and the request params missing. Can you please the missing information?

Appreciate your patience and cooperation in this regard.

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Watch this question

Add to watch list
Add to your watch list to receive emailed updates for this question. Too many emails? Change your settings >
9 People are following this question.

Related Questions

how can i get more info from 401 unauthorized response? 10 Answers

  • Feedback
  • Copyright
  • Cookie Policy
  • Privacy Statement
  • Terms of Use
  • Careers
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Spaces
  • Alpha
  • App Studio
  • Block Chain
  • Bot Platform
  • Calais
  • Connected Risk APIs
  • DSS
  • Data Fusion
  • Data Model Discovery
  • Datastream
  • Eikon COM
  • Eikon Data APIs
  • Elektron
    • EMA
    • ETA
    • WebSocket API
  • Elektron Data Platform
  • Legal One
  • Messenger Bot
  • Messenger Side by Side
  • ONESOURCE
    • Indirect Tax
  • Open PermID
    • Entity Search
  • Org ID
  • PAM
    • PAM - Logging
  • ProView
  • ProView Internal
  • Product Insight
  • Project Tracking
  • Rose's Space
  • Screening
    • Qual-ID API
    • Screening Deployed
    • Screening Online
    • World-Check One
    • World-Check One Zero Footprint
  • Side by Side Integration API
  • TR Knowledge Graph
  • TREP APIs
    • CAT
    • DACS Station
    • Open DACS
    • RFA
    • UPA
  • TREP Infrastructure
  • TRIT
  • TRKD
  • TRTH
  • Thomson One Smart
  • Transactions
    • REDI API
  • Velocity Analytics
  • Wealth Management Web Services
  • Explore
  • Tags
  • Questions
  • Badges