Discover Refinitiv
MyRefinitiv Refinitiv Perspectives Careers
Created with Sketch.
All APIs Questions & Answers  Register |  Login
Ask a question
  • Questions
  • Tags
  • Badges
  • Unanswered
Search:
  • Home /
  • Screening /
  • World-Check One /
avatar image
REFINITIV
Question by naoto.tatemichi · Aug 05, 2019 at 02:15 AM · wc1api

How to generate signature by cURL alone without Postman

I'm trying to access WC1 API via cURL command.
When I use Postman, it responds 200 properly, and using that signature cURL properly responds.
However I'm stuck on generating signature by cURL alone.
Can I get a cURL command sample to generate signature (and timestamp) using my secret access key?

Here's what I tired (using signature generated by Postman) - it works only for 1 minute.

$ curl -X GET \
  https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/groups \
 -H 'Authorization: Signature keyId="f63fc14f-981f-4bba-95e0-eb65800e8126",algorithm="hmac-sha256",headers="(request-target) host date",signature="xtijpe/hMeEP<removed>=="' \
  -H 'Date: Sun, 04 Aug 2019 07:53:21 GMT' \

People who like this

0 Show 0
Comment
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

4 Replies

  • Sort: 
avatar image
REFINITIV
Best Answer
Answer by naoto.tatemichi · Aug 08, 2019 at 05:52 AM

Thanks @Irfan.Khan
Now I made it in PHP which works fine.

$secret_file = '/var/www/api_secret.txt';


$api_key = "YOUR_API_KEY";
$secret = file_get_contents($secret_file);
$gateway_url = "/v1/";
$gateway_host = "rms-world-check-one-api-pilot.thomsonreuters.com";
$time_gmt = gmdate("D, d M Y h:i:s") . " GMT";


$dataToSign = "(request-target): get " . $gateway_url . "groups\n" . "host: " . $gateway_host . "\n" . "date: " . $time_gmt;


$hmac = base64_encode(hash_hmac('sha256', $dataToSign, $secret, true));


$authorisation = "Signature keyId=\"" . $api_key . "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" . $hmac . "\"";



echo $authorisation;
Comment

People who like this

0 Show 1 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Irfan.Khan ♦♦ · Aug 14, 2019 at 12:23 AM 0
Share

@naoto.tatemichi Request you to post the curl command that you used to send the request so that it can help our other developer community members.

avatar image
REFINITIV
Answer by Prabhjyot · Aug 05, 2019 at 06:10 AM

@naoto.tatemichi,

Thank you for your query.

Can you please share the request headers along with the response headers of the failed API call to investigate on the cause of the Error 401.

Comment

People who like this

0 Show 1 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
naoto.tatemichi · Aug 05, 2019 at 09:51 AM 0
Share

Thanks @Prabhjyot.Mandla
All those headers are following "-H" in the command.
But now I found either PHP or bash would be easier.

avatar image
REFINITIV
Answer by Irfan.Khan · Aug 05, 2019 at 08:40 AM

@naoto.tatemichi

It would be easier if you write a script file like PHP to generate date and HMAC signature and then use curl library in the script to send your HTTP request.

Comment

People who like this

0 Show 2 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
naoto.tatemichi · Aug 05, 2019 at 09:48 AM 0
Share

Hi @Irfan.Khan
Now I generated the signature by bash:

$ echo -n f63fc14f-981f-4bba-95e0-eb65800e8126 | openssl dgst -sha256 -hmac <secret_key>
(stdin)= 7d4338cfd54768<removed>

Also tried using the signature above to get 401 error. I think I may have failed to calculate signature by date and time.
May I know what's wrong?

$ curl -X GET https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/groups -H 'Accept: */*' -H 'Authorization: Signature keyId="f63fc14f-981f-4bba-95e0-eb65800e8126",algorithm="hmac-sha256",headers="(request-target) host date",signature="7d4338cfd54768<removed>"' -I

HTTP/1.1 401 Unauthorized X-Application-Context: application Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length Transfer-Encoding: chunked Date: Mon, 05 Aug 2019 13:29:56 GMT Server: ""

avatar image
REFINITIV
Irfan.Khan ♦♦ naoto.tatemichi · Aug 05, 2019 at 09:56 AM 0
Share

@naoto.tatemichi

Can you compare the HMAC that you are generating from bash and the HMAC that you generate using the Postman. Obviously the date in Postman should be the same as you have used in Bash. You can edit the pre request script in Postman, specically the "date" variable to the date you have used in bash command.

Also, when you are generating HMAC using bash, you have to make sure you are blending the API secret with the dataTOSign variable. Are you doing this step?

avatar image
REFINITIV
Answer by Irfan.Khan · Aug 05, 2019 at 10:03 AM

@naoto.tatemichi

I see you are using the below command-

<code>echo -n "value"| openssl dgst -sha1 -hmac "key"

Here "value" should be data to sign variable. This is available in the pre request script too.

In pre request of Postman, the dateToSign variable is written in JS.

var dataToSign = "(request-target): get " + environment["gateway-url"] + "groups\n" +
"host: " + environment["gateway-host"] + "\n" +
"date: " + date;

You have to write something that can produces exactly the same format.

Key should be your API secret.

Comment

People who like this

0 Show 1 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Irfan.Khan ♦♦ · Aug 07, 2019 at 05:27 AM 0
Share

@naoto.tatemichi Following up to see if you were able to resolve the problem.

If yes, kindly share with us so that it helps the community.

Watch this question

Add to watch list
Add to your watch list to receive emailed updates for this question. Too many emails? Change your settings >
10 People are following this question.

Related Questions

How to use Name transposition in World-Check One API for screening?

WC1 API questions

facing Ongoing Screening (OGS) issue for few records randomly.

  • Feedback
  • Copyright
  • Cookie Policy
  • Privacy Statement
  • Terms of Use
  • Careers
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Spaces
  • Alpha
  • App Studio
  • Block Chain
  • Bot Platform
  • Calais
  • Connected Risk APIs
  • DSS
  • Data Fusion
  • Data Model Discovery
  • Datastream
  • Eikon COM
  • Eikon Data APIs
  • Elektron
    • EMA
    • ETA
    • WebSocket API
  • Legal One
  • Messenger Bot
  • Messenger Side by Side
  • ONESOURCE
    • Indirect Tax
  • Open PermID
    • Entity Search
  • Org ID
  • PAM
    • PAM - Logging
  • ProView
  • ProView Internal
  • Product Insight
  • Project Tracking
  • Refinitiv Data Platform
    • Refinitiv Data Platform Libraries
  • Rose's Space
  • Screening
    • Qual-ID API
    • Screening Deployed
    • Screening Online
    • World-Check One
    • World-Check One Zero Footprint
  • Side by Side Integration API
  • TR Knowledge Graph
  • TREP APIs
    • CAT
    • DACS Station
    • Open DACS
    • RFA
    • UPA
  • TREP Infrastructure
  • TRIT
  • TRKD
  • TRTH
  • Thomson One Smart
  • Transactions
    • REDI API
  • Velocity Analytics
  • Wealth Management Web Services
  • World-Check Data File
  • Explore
  • Tags
  • Questions
  • Badges