Hi I'm using the sample code for WorldCheck One API (https://developers.refinitiv.com/customer-and-third-party-screening/world-check-one-api/downloads) to try replicate for use on WorldCheck One Zero Footprint. However I'm having 401 unauthorised.
The same code, if I replace the api key/secret & url to that of WorldCheck One, works.
Also I've tested my API secret/key URL & groupId using postman, it works.
The one difference I've found between WorldCheck One API & WorldCheck One Zero Footprint from the Postman predefined configuration is this in the pre-request script:
For WorldCheck One:
var dataToSign = "(request-target): post " + environment["gateway-url"] + "cases/screeningRequest\n" +
"host: " + environment["gateway-host"] + "\n" +
"date: " + date + "\n" +
"content-type: " + environment["content"] +"\n" +
"content-length: " + contentLength + "\n" +
content;
For WorldCheck One Zero Footprint:
var dataToSign = "(request-target): post " + environment["zfs-gateway-url"] + "cases/screeningRequest\n" +
"host: " + environment["zfs-gateway-host"] + "\n" +
"date: " + date + "\n" +
"content-type: " + environment["content"] +"\n" +
"content-length: " + contentLength;
The Zero footprint one doesn't seem to append "content" at the end.
This is the C# code from (https://developers.refinitiv.com/customer-and-third-party-screening/world-check-one-api/downloads) which I'm trying to adapt to use for Zero Footprint. Can anyone point me in the right direction as to where I'm going wrong?
DateTime dateValue = DateTime.UtcNow; // get the datetime NOW GMT
string date = dateValue.ToString("R"); // WC1 header requires GMT datetime stamp
//Console.WriteLine(date);
//set host and credentials to the WC1 API Pilot server WC1SampleClientAPI account
string apikey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
string apisecret = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
string gatewayurl = "/v1/";
string gatewayhost = "zfs-world-check-one-api-pilot.thomsonreuters.com"; string requestendpoint = "https://zfs-world-check-one-api-pilot.thomsonreuters.com/v1/cases/screeningRequest";
string postData = "{ \"groupId\":\"XXXXXXXXXXXXXXXXXXXXXX\", \"entityType\": \"INDIVIDUAL\", \"providerTypes\": [ \"WATCHLIST\" ], \"name\": \"Smith\", \"secondaryFields\":[] }";
//Console.WriteLine(postData.Length);
string msg = postData;
//Console.WriteLine(msg);
UTF8Encoding encoding = new UTF8Encoding();
byte[] byte1 = encoding.GetBytes(postData);
// Assemble the POST request - NOTE every character including spaces have to be EXACT
// for the API server to decode the authorization signature
string dataToSign = "(request-target): post " + gatewayurl + "cases/screeningRequest\n" +
"host: " + gatewayhost + "\n" + // no https only the host name
"date: " + date + "\n" + // GMT date as a string
"content-type: " + "application/json" + "\n" +
"content-length: " + byte1.Length + "\n" +
msg;
Console.WriteLine("---api secret---");
Console.WriteLine(apisecret);
Console.WriteLine("---dataToSign---");
Console.WriteLine(dataToSign);
Console.WriteLine("string hmac = generateAuthHeader(dataToSign, apisecret);");
// The Request and API secret are now combined and encrypted
string hmac = generateAuthHeader(dataToSign, apisecret);
// Assemble the authorization string - This needs to match the dataToSign elements
// i.e. requires host date content-type content-length
//- NOTE every character including spaces have to be EXACT else decryption will fail with 401 Unauthorized
string authorisation = "Signature keyId=\"" + apikey + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"" + hmac + "\"";
Console.WriteLine("---Hmac---");
Console.WriteLine(hmac);
//Console.WriteLine(authorisation);
// Send the Request to the API server
HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create(requestendpoint);
// Set the Headers
WebReq.Method = "POST";
WebReq.Headers.Add("Authorization", authorisation);
WebReq.Headers.Add("Cache-Control", "no-cache");
WebReq.ContentLength = msg.Length;
WebReq.Date = dateValue; // use datetime value GMT time
// Set the content type of the data being posted.
WebReq.ContentType = "application/json";
WebReq.ContentLength = byte1.Length;
Stream newStream = WebReq.GetRequestStream();
newStream.Write(byte1, 0, byte1.Length);
// Get the Response - Status OK
HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();
// Status information about the request
Console.WriteLine(WebResp.StatusCode);
Console.WriteLine(WebResp.ResponseUri);
// Get the Response data
Stream Answer = WebResp.GetResponseStream();
StreamReader _Answer = new StreamReader(Answer);
string jsontxt = _Answer.ReadToEnd();
// convert json text to a pretty printout
var obj = Newtonsoft.Json.JsonConvert.DeserializeObject(jsontxt);
var f = Newtonsoft.Json.JsonConvert.SerializeObject(obj, Newtonsoft.Json.Formatting.Indented);
Console.WriteLine(f);
Console.WriteLine("Press any key");
Console.ReadKey(); // pause for any key
}
public static string generateAuthHeader(string dataToSign, string apisecret)
{
byte[] secretKey = Encoding.UTF8.GetBytes(apisecret);
HMACSHA256 hmac = new HMACSHA256(secretKey);
hmac.Initialize();
byte[] bytes = Encoding.UTF8.GetBytes(dataToSign);
byte[] rawHmac = hmac.ComputeHash(bytes);
Console.WriteLine("---rawHmac---");
string hex = BitConverter.ToString(rawHmac).Replace("-", "");
Console.WriteLine(hex);
return (Convert.ToBase64String(rawHmac));
}
