For a deeper look into our World Check One API, look into:

Overview |  Quickstart |  Documentation |  Downloads

question

Upvotes
1 0 2 2

Date Header Buffer

Hi, from the documentations, it is stated that:

Messages are further validated by timestamps, to help guard against replay attacks. Messages are only considered valid if they are processed at the point in time corresponding to their Date request header. A small buffer is used in this calculation to allow for minor clock drifts, discrepancies between client and server clocks, and data transfer round trip times. It is advised that when integrating with the World-Check One API, the machines involved in API communication are properly time synchronised via NTP to help prevent any message validity issues.

Can I know what is the exact buffer time? One of my request is hitting Unauthorized although the Authorisation header generated is correct. So I'm suspecting its the date timestamp being stale.

Thank you!

world-checkworld-check-one
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
4.2k 8 5 6

@tim.loh

The buffer time is about 40-50 seconds after which we consider the timestamp to be outdated.

Request you to pass the correct time by synchronizing your server clock or the system clock as per the NTP or the GMT clock and see if you are getting a 2XX response in return.

You can check if the HMAC signature you are sending is correct, by using Postman too.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
1 0 2 2
@Irfan.Khan

Thanks for the quick response!

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
1 0 2 2

Hi @Irfan.Khan, upon investigating the timestamp and the response returned:
Request timestamp: Sat, 01 Sep 2018 18:16:00 GMT
Response returned at: 2018-09-01 18:17:40.110507

There is a 1 minute 40 seconds interval. Can I ask your team to check when did you receive our request? This happened in production environment so we would like to prevent the same issue from happening again.

Thank you.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
4.2k 8 5 6

@tim.loh

Thank you for your response.

It is highly unlikely that the request would take 1 minute 40 second to reach the WC1 API server. Also, the response time of our API is generally in a range of 200 ms to 600 ms while some POST requests may take longer but not more than 700 ms.

One of the ways of identifying if the timestamp sent in the date header value is out of sync is to compare the request date header value and the response date header value. In this case, I see the timestamp to be out of sync by 1 minute and 40 second.

After the necessary change to synchronize the server clock/network or the system with NTP, your HTTP requests should be honored correctly.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
1 0 2 2

@Irfan.Khan

Only this particular request (out of many successful requests) took 1 minute 40 seconds. Our server time is already synced with NTP.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
4.2k 8 5 6

@tim.loh

Thank you for the clarification.

Can you kindly provide me the endpoint or the API call that took the response time of 1 minute and 40 second?

Also, was this API call a part of concurrent requests sent at the same time or it was just a single request? If yes, how many requests were sent concurrently.

Please specify the response code of the API call so that I can check the server logs.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
1 0 2 2
@Irfan.Khan

Only this particular request (out of many successful requests) took 1 min 40 seconds. The system time is also synced to NTP. Is there any way you can get the log from your side?

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

@tim.loh

Kindly provide me the below information so that I check this.

1. The API call or the endpoint that was requested.

2. Was this API a part of concurrent request or it was just a single request sent at that second.

3. Please specify the response code that you received for the API call in question.

1. API call: https://rms-world-check-one-api.thomsonreuters.com/v1/cases/0a3687c4-654c-19ee-9964-174d0032903d/results

2. It was a single request at that second.

3. The response returned 401 Unauthorized status code

Upvotes
4.2k 8 5 6

@tim.loh

Thank you for the requested info.

We are looking into this to find out more about the 401 response you received.

Kindly allow me some time to get back on this.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
4.2k 8 5 6

@tim.loh

Thank you for your patience.

I had written to the dev team to check the logs to identify the root cause. They have responded that they would need the raw request and response for the reported API call so that they can investigate further.

Kindly provide us the raw request and response so that we can proceed further with this.

Thanks.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

@Irfan.Khan

The request headers is as follows (apikey has been removed):

[{ "Key":"Cache-Control", "Value":["no-cache"] },{ "Key":"Authorization", "Value":["Signature keyId=\"removed\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"TMdAA00uHhLSfygvLa/89tdU0a3Pw0WbupsZcHkjsQc=\""] },{ "Key":"Date", "Value":["Sat, 01 Sep 2018 18:16:00 GMT"] }]

For the response, we only log the http status code which is 401 Unauthorized.

@tim.loh

Thank you for the requested info.

It is interesting to see that you were returned only 401 unauthorized in the response header as we generally return a lot of other info in it.

I have forwarded the details to our dev team and will get back to you with updates as soon as I have them.

Thanks

Upvotes
4.2k 8 5 6

@tim.loh

Our dev team has replied that response header is important to pull the required logs.

Also, raw request provided only has the header and has the method and the request params missing. Can you please the missing information?

Appreciate your patience and cooperation in this regard.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
4.2k 8 5 6

@tim.loh

Following up to see if you were to fetch the requested information.

We would need the raw response header received and the method and the request params that were sent in the API to proceed further.

Also, can you kindly let us know if you are still experiencing the reported incident.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

@Irfan.Khan

Apologies for the late reply.

Method: GET

Request params: none

Unfortunately, we do not log the raw response header from World Check.

As for your last question, we are not experiencing the reported incident any longer, but it will be good to know why it happened previously.

Upvotes
4.2k 8 5 6

@tim.loh

Thank you for the information.

I am still awaiting a response from the dev team on this. I have escalated the case to be looked into priority and should have an answer for you soon.

Updates to follow.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

@Irfan.Khan

Hi, are there any updates on this?

Upvotes
4.2k 8 5 6

@tim.loh

Apologies for not getting back to you on this.

I am still chasing the development team to get an update on this but I have not received a response yet.

Let me write to them again and see if they have an update.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.