For a deeper look into our World Check One API, look into:

Overview |  Quickstart |  Documentation |  Downloads

question

Upvotes
Accepted
1 0 3 3

cases/ScreeningRequest on WorldCheck one API return 401 on postman

Hi Team,

I used the world check one API on postman for weeks and it worked but late last week it stopped working and started returning 401 errors when I make requests that require payloads. I've provided screenshots of my attempts.
Looking forward to a speedy resolution.

My request body looks like this:

{

"groupId":"{ {group-id}}",

"entityType": "INDIVIDUAL",

"providerTypes": [

"WATCHLIST"

],

"name": "putin",

"secondaryFields":[],

"customFields":[]

}


world-checkworld-check-onescreening
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
Accepted
4.5k 4 7 8

@kingsley,

Thank you for the response.

It appears the content length which is being calculated for the payload is incorrect.

{ "groupId":"5nzbfq98nr3g1ekclj7euibjk", "entityType": "INDIVIDUAL", "providerTypes": [ "WATCHLIST" ], "name": "putin", "secondaryFields":[], "customFields":[] } 

If the payload is passed in the above format, the content length should be - Content-Length: 161

{

"groupId":"{ {group-id}}",

"entityType": "INDIVIDUAL",

"providerTypes": [

"WATCHLIST"

],

"name": "putin",

"secondaryFields":[],

"customFields":[]

}

If the body is passed in the above format, then the content length should be - Content-Length: 176

You may use this link in order to reformat the request payload while using postman.

Also, if you are using non English characters in the request body, the payload needs to be UTF-8 encoded.

Please provide us the latest request and response header along with the request body, if the error exists after calculating the correct content-length.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
4.5k 4 7 8

@kingsley,

Can you please share the request and response headers along with the request body to investigate on the cause of Error 401?

You can access the headers via the console logs of the Postman. Use the shortcut ALT+CTRL+C on Windows native app.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
1 0 3 3

Date: Tue, 26 May 2020 04:59:57 GMTContent-Type: application/jsonAuthorization: Signature keyId="XXXXXXXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="pP7vf94UneBDryaY/2mL7yy3GQRvlNBKWPIIe9WYMOA="Content-Length: 179User-Agent: PostmanRuntime/7.25.0Accept: */*Cache-Control: no-cachePostman-Token: b723614c-f3a0-4693-b936-6831c9c98028Host: rms-world-check-one-api-pilot.thomsonreuters.comAccept-Encoding: gzip, deflate, brConnection: keep-alive▶Request Body


{ "groupId":"5nzbfq98nr3g1ekclj7euibjk", "entityType": "INDIVIDUAL", "providerTypes": [ "WATCHLIST" ], "name": "putin", "secondaryFields":[], "customFields":[] }▶Response HeadersStrict-Transport-Security: max-age=15552000, includeSubdomainsAuthorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length"Transfer-Encoding: chunkedDate: Tue, 26 May 2020 04:59:57 GMTServer: ""

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

I have masked the API key from the above response.

thank you

Upvotes
1 0 3 3

The content length is calculated dynamically with the following pre-request script on postman. Is there anything i need to change in this script?

function generateAuthHeader(dataToSign){

var hash = CryptoJS.HmacSHA256(dataToSign,environment["api-secret"]);

return hash.toString(CryptoJS.enc.Base64);

}

function isEnvValuePopulated(envVal) {

if (_.isEmpty(pm.environment.get(envVal))) {

pm.environment.set(envVal, "--REQUIRED-VALUE-MISSING--");

return false;

} else {

return true;

}

}

isEnvValuePopulated("group-id");

var date = new Date().toGMTString();

var content = request.data;

content = content.replace("{ {group-id}}", environment["group-id"]);

var contentLength = unescape(encodeURIComponent(content)).length;

var dataToSign = "(request-target): post " + environment["gateway-url"] + "cases/screeningRequest\n" +

"host: " + environment["gateway-host"] + "\n" +

"date: " + date + "\n" +

"content-type: " + environment["content"] +"\n" +

"content-length: " + contentLength + "\n" +

content;

var hmac = generateAuthHeader(dataToSign);

var authorisation = "Signature keyId=\"" + environment["api-key"] + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"" + hmac + "\"";

postman.setEnvironmentVariable("authorisation",authorisation);

postman.setEnvironmentVariable("currentDate",date);

postman.setEnvironmentVariable("contentLength",contentLength);

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
4.5k 4 7 8

@kingsley,

No change is required in the postman pre-request script. Can you please try this link to re-format the payload and use the updated one to give it a re-try?

If this does not help, could you please try re-installing postman on your system and see if that helps?

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
1 0 3 3

I just re-installed postman and re-formatted the payload but it still doesn't work. It seems like this issue is specific to just my computer because I've seen this request work on other computers but not mine.
I'll get back to that later. But for now I'm trying to use a python script to connect to this endpoint.

This is the message

f"(request-target): post {fetch_metadata_key('gateway_url')} cases/screenRequest\nhost: {fetch_metadata_key('gateway_host')}\n date: {date}\n content-type: application/json\n content-length: {str(content_length)}\n{str(payload)}"

This is the HMAC algorithm

import hmac, hashlib, base64

def generate_auth_header(message):

message = bytes('Message', 'utf-8')

secret = bytes(fetch_metadata_key('api_secret'), 'utf-8')

signature = base64.b64encode(hmac.new(secret, message, digestmod=hashlib.sha256).digest())

return signature

I use this function to return the date in the right format

def get_time_format_GMT():

return datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')

Then i concatenate the authorization header like this

authorization = f"Signature keyId=\"{fetch_metadata_key('aml_api_key')}\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"{hmac}\""


The cases/screeningRequest return 401. What am i missing with my implementation or do you have a sample python implementation of this authorization mechanism?

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

@kingsley,

I have dropped you an email for further discussion on the same. Looking forward for your response.