For a deeper look into our World Check One API, look into:
We were tried to configure and test worldcheck one api in https://apitester.com and we passed api-key and api-secret thorough headers. But we are continuously receiving unauthorised message. Could you please help us to configure this portal.
We are trying to request:
SEQ-pre-groups: Get my top-level groups
@joseph.pambi
Thank you for your participation in the forum. Are any of the replies below satisfactory in resolving your query? If yes please click the 'Accept' text next to the reply that best answers your question. This will guide all community members who have a similar question. Otherwise please post again offering further insight into your question.
Thanks,
-AHS
Please be informed that a reply has been verified as correct in answering the question, and has been marked as such. Thanks, AHS
Please find the JS script to generate HMAC script below:
function generateAuthHeader(dataToSign){
var hash = CryptoJS.HmacSHA256(dataToSign, "{
{client-api-secret}}");
return hash.toString(CryptoJS.enc.Base64);
}
var date = new Date().toGMTString();
var dataToSign = "(request-target): get " + "/v1/" + "groups\n" +
"host: " + "rms-world-check-one-api-pilot.thomsonreuters.com" + "\n" +
"date: " + date;
var hmac = generateAuthHeader(dataToSign);
After this you have to feed the HMAC to the below auth header which is sent in the request.
var authorisation = "Signature keyId=\"" + "{
{client-api-key}}" + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" + hmac + "\"";
Kindly note if you are using API tester, then you have to select the "JavaScript" drop down and write the above code in the format that I have written it in the link below:
https://apitester.com/shared/checks/63ebd758fc504a558151505adf5990ac
Then select "request" from the dropdown and enter the URL and select the correct method.
Use the add request header to add two headers in the request. The value for both headers should be pulled from the JS step added to the request and called using the below syntax.
For example: If the authorization header value is stored in custom variable- custom.auth, then value should be { {custom.auth}}. If the date header value is stored in custom variable - custom.date, then the value should be { {custom.date}}
1. Authorization: { {custom.auth}}
2. Date: { {custom.date}}
If you are still unable to follow the instructions, we can get into a quick call to explain this. However, I still recommend Postman to test your API calls.
Can you please provide me the "Test Config link" of the failed API from the api tester so that I can look into this.
Also, kindly send us the authorization headers send using the api tester.
Kindly note that in order for the request to succeed, the HTTP client should generate the correct HMAC, time stamp and the authorization header.
https://apitester.com and we passed api-key and api-secret. But are not sure how to generate authorisation header and what are the other headers we need to pass inorder to get result. It will be helpful if you provide solution ASAP.
test config link:
https://apitester.com/shared/checks/87c4b06a29c64fee90e05b9049ddc51d
I just checked the "Test config link" and see that you are not using any java script steps in your request.
Kindly note you have to use the java script steps to generate variables like current date, dataToSign variable and HMAC which will in turn be used to generate the authorization header. You have to send this auth header as request header along with the current date (in GMT) to the WC1 API URL to connect successfully.
I cannot ue
I have gone through the API tester documentation and do not see any way to pass HMAC variable to the request. An ideal way to use it is given in the link below:
But as you can see my test is failing on step 3, as it is unable to generate the HMAC using java script. So I am not sure whether API tester is capable of generating Base 64 HMACs.
https://apitester.com/shared/checks/63ebd758fc504a558151505adf5990ac
But the above link will give you a fair idea of how to send requests using API tester.
If you are using this for just testing, I would recommend to use the HTTP client-native Postman app to test the WC1 APIs. This is quite light weight and less time consuming.
You can import the postman collection (downloadable from the download section of the developer community) to Postman app to test your requests. We recommend this as Postman collection already has the pre request script that generates the HMAC and feeds it in the authorization header.
Please find the link to download postman collection below:
Please find the link to our quick guide section that will guide you how to use Postman for making successful requests.
Please refer the "security.html" file in the API documentation for more details. Kindly go through the documentation to understand how the requests should be sent to succeed. All requests should be HMAC BASE64 encoded and has to be in a certain format in the authorization before they are sent to the API.
