And finally, ended up being the least obvious issue ... THE ENDPOINT!!!!

Had another read through the documentation ...

Few findings :

1. I was using the API_KEY to GenerateHMAC, Ive updated it to now use the API_SECRET.
2. Signature data to sign now looks like this :
   (request-target): get /v1/groups host: rms-world-check-one-api.thomsonreuters.com date: Thu, 29 Aug 2019 11:34:24 GMT
3. I can confirm that the signed data values are correct.

• Hex : D6FEE14572F164A8040D5677CC15775F9930DF1B8EF804F47A845D52D68C29BF
• Base64 : 1v7hRXLxZKgEDVZ3zBV3X5kw3xuO+AT0eoRdUtaMKb8=
• Headers :
  • Authorization - Signature keyId="4be34ac5-ca04-4a16-83fe-1f130c0f12ba",algorithm="hmac-sha256",headers="(request-target) host date",signature="1v7hRXLxZKgEDVZ3zBV3X5kw3xuO+AT0eoRdUtaMKb8="
  • Date - Thu, 29 Aug 2019 11:34:24 GMT

However, the issue still persists : Server returned HTTP response code: 401 for URL: https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/groups

@suveer.singh

I am marking this question as private since your API key may get exposed if we keep this public,

401 errors occur because the request has failed an authorization check. This can happen for a variety of reasons, such as

a) An invalid or expired API key - I see that your API key is correct

b)An invalid HMAC signature.

c) Request timing issue/problem with the Date header value. The API client should ensure a correctly synchronized clock is used to generate request timestamps.

d)Incorrect JSON payload formation at the customer’s end that can cause them to observe 401 response.

Can you provide us the complete request and response to investigate this further? you can probably try to repplicate this issue on postman and provide me the postman console log, please make sure to turn on the postman console logs by clicking Alt+Ctrl+C and then fire the request.

Look forward to the details.

@suveer.singh

Saw your recent comment now with the details, let me investigate this further and get back to you shortly.

Thanks