For a deeper look into our World Check One API, look into:

Overview |  Quickstart |  Documentation |  Downloads

question

Upvotes
Accepted
1 0 0 2

401 Unauthorized : Authorization →WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length

Using C# code we are trying to connect world check API in order to get all groups "var client1 = new RestClient("https://rms-world-check-one-api-pilot.thomsonreuters.com/api-gateway-service-rest/api/v1/groups");"

var hmac = generateAuthHeader(dataToSign);

var auth = "Signature keyId=\"a4364e62-e58b-4b64-9c71-faead5417557\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" + hmac + "\"";

var client1 = new RestClient("https://rms-world-check-one-api-pilot.thomsonreuters.com/api-gateway-service-rest/api/v1/groups");

var request = new RestRequest(Method.GET);

request.AddHeader("cache-control", "no-cache");

request.AddHeader("Connection", "keep-alive");

request.AddHeader("accept-encoding", "gzip, deflate");

request.AddHeader("Host", "rms-world-check-one-api-pilot.thomsonreuters.com"); //request.AddHeader("Postman-Token", "fe63f34e-6ef4-4553-957c-169c20b48d81,ad89d15f-1910-4550-ba4c-d9216fd5655f");

request.AddHeader("Cache-Control", "no-cache");

request.AddHeader("Accept", "*/*");

//request.AddHeader("User-Agent", "PostmanRuntime/7.15.0");

request.AddHeader("Authorization", auth);

//request.AddHeader("Authorization", "Signature keyId=\"a4364e62-e58b-4b64-9c71-faead5417557\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\" + fpcXQ8jdAg1mWaGUSph0tE/ftjasjg2phaD3T5NKO4=\"");

request.AddHeader("Date", todayUTC);

IRestResponse response1 = client1.Execute(request);

Getting error in response : "StatusCode: Unauthorized, Content-Type: , Content-Length: -1)"

To genete Auth Header we are using below function:

public string generateAuthHeader(string dataToSign)

{

var signature = string.Empty;

using (var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(apiSecret)))

{

var hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(dataToSign));

signature = Convert.ToBase64String(hash);

}

return signature;

}

Please validate if above HMAC generation code is correct or not

Also please let me know if you need any further details

world-checkworld-check-oneerror-401
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

· Write an Answer
Upvote
Accepted
4.2k 8 5 6

@srivastava.nishant

I see that you are copy and pasting the C# code that you obtained from Postman to send your API request. This will not work.

You cannot use the POSTMAN code to send HTTP requests as POSTMAN code just shows the format in which the HTTP request should be sent. So actually you have to write the actual code to generate that and not use the Postman code to connect.

We have sample C# code available in the "download" section of the developer community. Please find the link below:

https://developers.refinitiv.com/customer-and-third-party-screening/world-check-one-api/downloads

Kindly note the sample code we provide is just for testing purpose and to speed up your dev work. We expect our clients to use their code in production.

I request you to follow the belows steps for a basic GET request (to fetch the groups):

1. Find out how to generate Base 64 HMAC signature using C#. You can follow the sample code link to find this out.
2. Find out how to generate the date in the following format-Tue, 04 Jun 2019 06:24:04 GMT.
3. Use a variable to store the dataToSign value (Refer the pre request script in Postman- the code may be in JS but you can know how to write it in C#)
4. Now use api_secret and the dataToSign variable to create a base 64 HMAC signature (Refer the security document of the API documentation to know the acceptable Base 64 HMAC signature).
5. Send the request to URL -""https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/groups" along with the date header value (generated in step 2) and authorization headers.

The format of the authorization header changes for each request. But a format for a get request (to fetch the group Id) is given below:
Signature keyId="{ {api_key}}",algorithm="hmac-sha256",headers="(request-target) host date",signature="BASE 64 HMAC Signature".

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

I have tried same using Postman Get operation but same issue i am facing in Postman as well.

Also under download section i am not able to get any c# sample please have a look into attached screenshot

If possible please provide sample code here as well

downloadtr.jpg (63.7 KiB)

@srivastava.nishant

You are unable to access the documentation page as your email address has not been whitelisted in the back end. The reason for this is you are using a company email address but a gmail address.

Kindly register with the company email address.

Can you please tell me the pilot account name whose API key and secret you are using to request API calls.

@srivastava.nishant Following up to see if there is an update on this

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.