For a deeper look into our World Check One API, look into:

Overview |  Quickstart |  Documentation |  Downloads

question

Upvotes
Accepted
36 0 4 6

Response 401 UNAUTHORIZED using RestTemplate

Both sample Java code and Postman for /v1/groups work every time. However when using Spring and RestTemplate i get 401. Even stranger, the code worked occationaly while running it over and over, but I'm not able to reproduce it.

Request headers:

Authorization:

Signature keyId="f97121be-3d1d-493d-8029-5296d1070727",algorithm="hmac-sha256",headers="(request-target) host date",signature="7gxdTU6RcB8FAs1s31U0BNGXtRKgtm+3zjIzYcki8NM="

Mon, 04 Feb 2019 23:37:27 GMT

Response headers:

Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length

Date: Mon, 04 Feb 2019 23:37:43 GMT.

Code used is attached.

regards

Eirik

world-checkworld-check-oneerror-401
sample-code.txt (1.1 KiB)
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvote
Accepted
36 0 4 6

Turns out that the I had to use the same date object for the hash and the header.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
4.5k 4 8 8

@eirik.yksnoy,

Thank you for the query.

Can you please share the code where you are calculating the dataToSign value for generating the HMAC signature?

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
36 0 4 6

Hi @Prabhjyot.Mandla

I here is the code attached. It is basically copied from the sample code.


signdata.txt (1.6 KiB)
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
4.5k 4 8 8

@eirik.yksnoy,

Thank you for sharing the code.

I can see that in the generateAuthHeaderHash() you are passing only dataToSign as parameter/ argument. Can you please try passing the API Secret as well along with dataToSign as parameter? The change has to be made in 2 places.

i. Where you are defining the function

ii. Where you are calling the function

Hope this helps.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
36 0 4 6

There was a problem with the url. It had the endpoint name doubled at the end.

Changing it from /v1/groups/v1/groups to /v1/groups resolved one issue.

Now however, the service seems unstable. Running the same code twice often results in one 200 and one 401. Is there a limitation on how often an endpoint can be called? I can't see a clear pattern. Attached is debug of the requests.request-response-log.txt


icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
4.5k 4 8 8

@eirik.yksnoy,

You can hit the endpoint more than once at a time. If the request is being rejected due to overload, you would recevie Error 429 and not error 401. I would request you to please review the code if you are receiving Error 401.

From the request headers example, I can see that you are using the request headers as - Date, cache-control and Authorisation, which is failing.

Can you please let me know if you are receiving Error 401 for all the API requests with the above request header format?

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.