@manjusha.batchu

401 errors is because the request has failed an authorisation check. This can happen for a variety of reasons, such as an invalid or expired API key, an invalid HMAC signature or a request timing issue/problem with the Date header value. The API client should ensure a correctly synchronised clock is used to generate request timestamps.

Request you to kindly provide us the request and the response headers for the failed request so that I can investigate this. Kindly mask or remove the API key before posting the requested info.

Also, can you kindly check if the HMAC generated is correct.

Kindly note the value of the dataToSign variable should be in the below format:

(request-target): get /v1/cases/0a3687d0-65b4-1321-999a-06c800262e8a/results
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Fri, 12 Oct 2018 11:50:34 GMT

Here, 0a3687d0-65b4-1321-999a-06c800262e8a is the case system Id.

Also, the auth headers should be in the below format.

Authorization': "Signature keyId="XXX{
                {API-KEY}}XXXXXX",algorithm="hmac-sha256",headers="(request-target) host date",signature="aOmw1AJNPd1Px0nHsT/wcLoVvHL9eXhWeIP9bpz33RU="

Hi @Irfan.Khan

I am using the datatosign as

var dataToSign = "(request-target): post " + GlobalProperties.GateWayUrl + "cases/" + CaseSystemId + "/screeningRequest\n" +"host: " + GlobalProperties.GatewayHost + "\n" +"date: " + dateValue.ToString("R"); accordingly in postman application
whereas the quthorosation header is

var authorisation = "Signature keyId=\"" + GlobalProperties.APIKey + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" + hmac + "\"";

kindly help me in this.as I am following the headers in postman application.

@manjusha.batchu

Can you send me the response header and request header of the failed request so that I can have a look at it?

Also, can you check the time stamp on both the response header and the request header to know if they are in sync.

@Irfan.Khan
here I ama providing the code I have used in my application which was failing.

Request and Response Headers for screening a case

var dataToSign = "(request-target): post " + GlobalProperties.GateWayUrl + "cases/" + CaseSystemId + "/screeningRequest\n" +
"host: " + GlobalProperties.GatewayHost + "\n" +
"date: " + dateValue.ToString("R");
DateTime dateValue = DateTime.UtcNow;
string authorisation = "";
string hmac = generateAuthHeader(datatoSign, GlobalProperties.APISecret);
HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create(reqEndPoint);
WebRequest.DefaultWebProxy.Credentials = CredentialCache.DefaultNetworkCredentials;
using (WebReq as IDisposable)
{
WebReq.Method = "POST";
WebReq.Headers.Add("Cache-Control", "no-cache");
WebReq.Date = dateValue;
authorisation = "Signature keyId=\"" + GlobalProperties.APIKey + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" + hmac + "\"";
WebReq.Headers.Add("Authorization", authorisation);
}

try
{
using (HttpWebResponse response = (HttpWebResponse)WebReq.GetResponse())
{
using (Stream answer = response.GetResponseStream())
{
StreamReader _Answer = new StreamReader(answer);
dynamic responseData = Newtonsoft.Json.JsonConvert.DeserializeObject(_Answer.ReadToEnd());
answer.Dispose(); answer.Close();
response.Dispose(); response.Close();
return responseData;

}
}
}
catch (WebException e)
{
FileHelper.Logger(FileHelper.LogType.ERROR, e.Message, "WCO_");
FileHelper.Logger(FileHelper.LogType.ERROR, e.StackTrace, "WCO_");
if (e.Status == WebExceptionStatus.Timeout)
{
// Handle timeout exception
}
else
{
}
}

@manjusha.batchu

Following up to see if the issue still persists.

Kindly provide me the actual logged response header being received and the request header being sent to the WC1 server so that I can assist you.