How to generate signature by cURL alone without Postman

I'm trying to access WC1 API via cURL command.
When I use Postman, it responds 200 properly, and using that signature cURL properly responds.
However I'm stuck on generating signature by cURL alone.
Can I get a cURL command sample to generate signature (and timestamp) using my secret access key?

Here's what I tired (using signature generated by Postman) - it works only for 1 minute.

$ curl -X GET \
https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/groups \
　-H 'Authorization: Signature keyId="f63fc14f-981f-4bba-95e0-eb65800e8126",algorithm="hmac-sha256",headers="(request-target) host date",signature="xtijpe/hMeEP<removed>=="' \
  -H 'Date: Sun, 04 Aug 2019 07:53:21 GMT' \

Find more posts tagged with

world-check-one

world-check

Accepted answers

naoto.tatemichi

Thanks @Irfan.Khan
Now I made it in PHP which works fine.

$secret_file = '/var/www/api_secret.txt';


$api_key = "YOUR_API_KEY";
$secret = file_get_contents($secret_file);
$gateway_url = "/v1/";
$gateway_host = "rms-world-check-one-api-pilot.thomsonreuters.com";
$time_gmt = gmdate("D, d M Y h:i:s") . " GMT";


$dataToSign = "(request-target): get " . $gateway_url . "groups\n" . "host: " . $gateway_host . "\n" . "date: " . $time_gmt;


$hmac = base64_encode(hash_hmac('sha256', $dataToSign, $secret, true));


$authorisation = "Signature keyId=\"" . $api_key . "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" . $hmac . "\"";



echo $authorisation;

All comments

Prabhjyot

@naoto.tatemichi,

Thank you for your query.

Can you please share the request headers along with the response headers of the failed API call to investigate on the cause of the Error 401.

Irfan.Khan

@naoto.tatemichi

It would be easier if you write a script file like PHP to generate date and HMAC signature and then use curl library in the script to send your HTTP request.

naoto.tatemichi

Hi @Irfan.Khan
Now I generated the signature by bash:

$ echo -n f63fc14f-981f-4bba-95e0-eb65800e8126 | openssl dgst -sha256 -hmac <secret_key>
(stdin)= 7d4338cfd54768<removed>

Also tried using the signature above to get 401 error. I think I may have failed to calculate signature by date and time.
May I know what's wrong?

$ curl -X GET https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/groups -H 'Accept: */*' -H 'Authorization: Signature keyId="f63fc14f-981f-4bba-95e0-eb65800e8126",algorithm="hmac-sha256",headers="(request-target) host date",signature="7d4338cfd54768<removed>"' -I

HTTP/1.1 401 Unauthorized X-Application-Context: application Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length Transfer-Encoding: chunked Date: Mon, 05 Aug 2019 13:29:56 GMT Server: ""

naoto.tatemichi

Thanks @Prabhjyot
All those headers are following "-H" in the command.
But now I found either PHP or bash would be easier.

Irfan.Khan

@naoto.tatemichi

I see you are using the below command-

<code>echo -n "value"| openssl dgst -sha1 -hmac "key"

Here "value" should be data to sign variable. This is available in the pre request script too.

In pre request of Postman, the dateToSign variable is written in JS.

var dataToSign = "(request-target): get " + environment["gateway-url"] + "groups\n" +
"host: " + environment["gateway-host"] + "\n" +
"date: " + date;

You have to write something that can produces exactly the same format.

Key should be your API secret.

Irfan.Khan

@naoto.tatemichi Following up to see if you were able to resolve the problem.

If yes, kindly share with us so that it helps the community.

naoto.tatemichi

Thanks @Irfan.Khan
Now I made it in PHP which works fine.

$secret_file = '/var/www/api_secret.txt';


$api_key = "YOUR_API_KEY";
$secret = file_get_contents($secret_file);
$gateway_url = "/v1/";
$gateway_host = "rms-world-check-one-api-pilot.thomsonreuters.com";
$time_gmt = gmdate("D, d M Y h:i:s") . " GMT";


$dataToSign = "(request-target): get " . $gateway_url . "groups\n" . "host: " . $gateway_host . "\n" . "date: " . $time_gmt;


$hmac = base64_encode(hash_hmac('sha256', $dataToSign, $secret, true));


$authorisation = "Signature keyId=\"" . $api_key . "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" . $hmac . "\"";



echo $authorisation;

Irfan.Khan

@naoto.tatemichi Request you to post the curl command that you used to send the request so that it can help our other developer community members.

EXPLORE OUR SITES