For a deeper look into our World Check One API, look into:

Overview |  Quickstart |  Documentation |  Downloads

question

Upvotes
Accepted
3 3 2 3

401 Unauthorized response when calling HTTPGET /v1/groups

Hi

Im receiving a 401 Unauthorized response when calling rms-world-check-one-api.thomsonreuters.com/v1/groups.

Error Message : Server returned HTTP response code: 401 for URL: https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/groups

Signature Data: (request-target): get /v1/groups host: rms-world-check-one-api.thomsonreuters.com date: Thu, Aug 29 2019 11:47:41 GMT content-type: application/json content-length: 0

API Key : 4be34ac5-ca04-4a16-83fe-1f130c0f12ba

world-checkworld-check-oneerror-401
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
Accepted
3 3 2 3

And finally, ended up being the least obvious issue ... THE ENDPOINT!!!!

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
3 3 2 3

Had another read through the documentation ...

Few findings :

  1. I was using the API_KEY to GenerateHMAC, Ive updated it to now use the API_SECRET.
  2. Signature data to sign now looks like this :
    (request-target): get /v1/groups host: rms-world-check-one-api.thomsonreuters.com date: Thu, 29 Aug 2019 11:34:24 GMT
  3. I can confirm that the signed data values are correct.
  • Hex : D6FEE14572F164A8040D5677CC15775F9930DF1B8EF804F47A845D52D68C29BF
  • Base64 : 1v7hRXLxZKgEDVZ3zBV3X5kw3xuO+AT0eoRdUtaMKb8=
  • Headers :
    • Authorization - Signature keyId="4be34ac5-ca04-4a16-83fe-1f130c0f12ba",algorithm="hmac-sha256",headers="(request-target) host date",signature="1v7hRXLxZKgEDVZ3zBV3X5kw3xuO+AT0eoRdUtaMKb8="
    • Date - Thu, 29 Aug 2019 11:34:24 GMT

However, the issue still persists : Server returned HTTP response code: 401 for URL: https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/groups

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvote
2.4k 5 5 5

@suveer.singh

I am marking this question as private since your API key may get exposed if we keep this public,

401 errors occur because the request has failed an authorization check. This can happen for a variety of reasons, such as

a) An invalid or expired API key - I see that your API key is correct

b)An invalid HMAC signature.

c) Request timing issue/problem with the Date header value. The API client should ensure a correctly synchronized clock is used to generate request timestamps.

d)Incorrect JSON payload formation at the customer’s end that can cause them to observe 401 response.

Can you provide us the complete request and response to investigate this further? you can probably try to repplicate this issue on postman and provide me the postman console log, please make sure to turn on the postman console logs by clicking Alt+Ctrl+C and then fire the request.

Look forward to the details.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvote
2.4k 5 5 5

@suveer.singh

Saw your recent comment now with the details, let me investigate this further and get back to you shortly.

Thanks

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Hi Mehran, found the issue, see comment below. Thanks