Response 401 UNAUTHORIZED using RestTemplate

Both sample Java code and Postman for /v1/groups work every time. However when using Spring and RestTemplate i get 401. Even stranger, the code worked occationaly while running it over and over, but I'm not able to reproduce it.

Request headers:

Authorization:

Signature keyId="f97121be-3d1d-493d-8029-5296d1070727",algorithm="hmac-sha256",headers="(request-target) host date",signature="7gxdTU6RcB8FAs1s31U0BNGXtRKgtm+3zjIzYcki8NM="

Mon, 04 Feb 2019 23:37:27 GMT

Response headers:

Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length

Date: Mon, 04 Feb 2019 23:37:43 GMT.

Code used is attached.

regards

Eirik

Find more posts tagged with

world-check-one

world-check

error-401

Accepted answers

eirik.yksnoy

Turns out that the I had to use the same date object for the hash and the header.

All comments

Prabhjyot

@eirik.yksnoy,

Thank you for the query.

Can you please share the code where you are calculating the dataToSign value for generating the HMAC signature?

eirik.yksnoy

Hi @Prabhjyot

I here is the code attached. It is basically copied from the sample code.

Prabhjyot

@eirik.yksnoy,

Thank you for sharing the code.

I can see that in the generateAuthHeaderHash() you are passing only dataToSign as parameter/ argument. Can you please try passing the API Secret as well along with dataToSign as parameter? The change has to be made in 2 places.

i. Where you are defining the function

ii. Where you are calling the function

Hope this helps.

eirik.yksnoy

There was a problem with the url. It had the endpoint name doubled at the end.

Changing it from /v1/groups/v1/groups to /v1/groups resolved one issue.

Now however, the service seems unstable. Running the same code twice often results in one 200 and one 401. Is there a limitation on how often an endpoint can be called? I can't see a clear pattern. Attached is debug of the requests.request-response-log.txt

Prabhjyot

@eirik.yksnoy,

You can hit the endpoint more than once at a time. If the request is being rejected due to overload, you would recevie Error 429 and not error 401. I would request you to please review the code if you are receiving Error 401.

From the request headers example, I can see that you are using the request headers as - Date, cache-control and Authorisation, which is failing.

Can you please let me know if you are receiving Error 401 for all the API requests with the above request header format?

eirik.yksnoy

Turns out that the I had to use the same date object for the hash and the header.

EXPLORE OUR SITES