World-Check One API unauthorized Get World-Check Profile

dessislav.shekerletov · June 2019

We have retrieved a profile ID for an organization entity through screeningRequest endpoint. From the results collection, we retrieve referenceId parameter of the entity and pass it to the Get World-Check Profile.

After some requests were made, we start getting unauthorized error. We have managed to get info from one entity only.

screeningRequest body:

{
"groupId":"{{group-id}}",
"entityType": "ORGANISATION",
"providerTypes": [
"WATCHLIST"
],
"name": "Apple",
"secondaryFields":[
{
"typeId":"SFCT_6",
"value":"USA"
}
]
}

We are running the requests against the pilot API at https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/

Prabhjyot · August 2019

@dessislav.shekerletov,

Apologies for the delay in response.

Can you please share the exact request and the response headers of the failed API call. The request and the response should be in the below format. Example request / response headers -

Request headers:
GET /v1/groups
Date: Mon, 19 Aug 2019 12:10:00 GMT
Authorization: Signature keyId="18383849-2ca0-4e92-8f04-031e3dea6d5d",algorithm="hmac-sha256",headers="(request-target) host date",signature="5aJCSiKge2gNTL35EzdmOFZp/sXYVCrlk1xYk64+AoI="
User-Agent: PostmanRuntime/7.15.2
Accept: */*
Cache-Control: no-cache
Postman-Token: 48ec749a-21cb-428a-8a56-e3b5ae7212dc
Host: rms-world-check-one-api-pilot.thomsonreuters.com
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response headers:
HTTP/1.1 200
status: 200
X-Application-Context: application
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Date: Mon, 19 Aug 2019 12:10:00 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Server: ""

Prabhjyot · June 2019

@dessislav.shekerletov,

Thank you for your query.

The gateway host and URL which you are using is correct.

Can you please confirm the API call for which you are getting Error 401? Is it just the 'Get World-Check Profile' or are you getting error for the screening request as well?

Please share the request headers and the response headers of the failed API call to look into the exact cause of the error.

dessislav.shekerletov · June 2019

Here is the code snippet

var settings = {
  "async": true,
  "crossDomain": true,
  "url": "https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/reference/profile/e_tr_wco_4893024",
  "method": "GET",
  "headers": {
    "Authorization": "Signature keyId=\"<<KEYIDGUID>>\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"APPSIGNATURE\"",
    "Accept": "*/*",
    "Cache-Control": "no-cache",
    "Host": "rms-world-check-one-api-pilot.thomsonreuters.com",
    "accept-encoding": "gzip, deflate",
    "Connection": "keep-alive",
    "cache-control": "no-cache"
  }
}

$.ajax(settings).done(function (response) {
  console.log(response);
});