Discover Refinitiv
MyRefinitiv Refinitiv Perspectives Careers
Created with Sketch.
All APIs Questions & Answers  Register |  Login
Ask a question
  • Questions
  • Tags
  • Badges
  • Unanswered
Search:
  • Home /
  • Screening /
  • World-Check One /
avatar image
Question by jsalicrup · Dec 03, 2020 at 02:36 AM · javawc1integration to wc1 apifeign

Best way to implement the WC1 Request Signature in Java

Hello. We are trying to implement a generateSignature method for our Feign interceptor to WC1 Screening Requests.

The problem is, that the signature that I am receiving seems not to be correct, nor even its length seems to be the same as in Postman, though the "dataToSign" looks correct in the logs and debugger.

This is a code example:

private String generateSignature(String gmtDate, String method, String endpoint, TreeMap<String, String> additionalHeaders) {
        try {          
            StringBuilder sbDataToSign = new StringBuilder("(request-target): " + method.toLowerCase() + " " + gatewayUrl + endpoint + "\n"
                + "host: " + gatewayHost + "\n"
                + "date: " + gmtDate + "\n");
            if(additionalHeaders != null) {
                for (Map.Entry<String, String> entry : additionalHeaders.entrySet()) {
                    sbDataToSign.append(entry.getKey()).append(": ").append(entry.getValue());
                    if(entry != additionalHeaders.lastEntry())
                        sbDataToSign.append("\n");
                }
            }
            log.trace(sbDataToSign.toString());
            Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
            SecretKeySpec secret_key = new SecretKeySpec(apiSecret.getBytes("UTF-8"), "HmacSHA256");
            sha256_HMAC.init(secret_key);
            String result = Base64.getEncoder().encodeToString(
                    Hex.encodeHexString(sha256_HMAC.doFinal(sbDataToSign.toString().getBytes("UTF-8"))).getBytes());     
            log.debug("generateSignature: OK.");
            return result;
        } catch(Exception ex) {
            log.error(ex.getMessage());
            log.debug(ex.getStackTrace().toString());
            throw new RuntimeException(ex);
        }
    }


dataToSign is as follows:

(request-target): post /v2/cases/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Thu, 03 Dec 2020 02:09:42 GMT
content-type: application/json
content-length: 315
{"groupId": "XXXXXXXXXXXX", "clientCaseId": "8ebd0f0c-27c4-4f17-8294-aa59408b962e", "entityType": "INDIVIDUAL", "providerTypes": ["WATCHLIST"], "name": "XXXXX XX XX", "nameTransposition": true, "secondaryFields": [{ "typeId": "SFCT_1",  "value": "MALE" }], "customFields": []}


The request runs successfully via the Postman collection that is provided in devs portal.

I assume that either the content length is not correct when calculating it with Java in the feign interceptor, or the signature is incorrect. e.g.: Signature in postman is of size 44. Signature length in Java is +80 chars.

Any thoughts on this would be appreciated.


Thanks!!!

People who like this

0 Show 0
Comment
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

6 Replies

  • Sort: 
avatar image
REFINITIV
Best Answer
Answer by Prabhjyot · Dec 10, 2020 at 05:02 AM

@jsalicrup,

Thanks for your response.

Can you please check the time difference between the request and the response as per the headers? Your system clock must be in sync with NTP. If the time difference between request and response headers timestamp is more than 30 seconds, it will also change the validity of the hmac signature, resulting in error 401.

Comment
jsalicrup

People who like this

1 Show 1 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
jsalicrup · Dec 10, 2020 at 06:10 PM 1
Share

Since we are performing the request from a different timezone, we had to force the date generation for the headers in UTC time and with the documented format from the sample. With this, I could get a 201 response. Thanks for your review and advise.

avatar image
REFINITIV
Answer by Prabhjyot · Dec 03, 2020 at 04:40 AM

@jsalicrup,

Thank you for your query.

Can you please share the request and response headers along with the request body of the failed request, masking the API credentials from the Authorization, so we may look into the cause of the error?

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
Answer by jsalicrup · Dec 03, 2020 at 07:48 AM

I am using a Feign Client in order to execute SEQ-screen-sync-simple in WC1 Version 2.0.


In Java, this is what I get from the logs:

POST https://rms-world-check-one-api-pilot.thomsonreuters.com/v2/cases/screeningRequest HTTP/1.1 Accept: application/json Content-Type: application/json Content-Length: 280 Date: Thu, 03 Dec 2020 07:40:50 GMT Authorization: Signature keyId="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-length content-type",signature="XXXXXXXXXXXXXXXXXXXXXXXXXXX"


This is a cURL example (taken from WC1 Postman Collection). Same payload and works in Postman.

curl --location --request POST 'https://rms-world-check-one-api-pilot.thomsonreuters.com/v2/cases/screeningRequest' \ --header 'Date: Thu, 03 Dec 2020 07:38:01 GMT' \ --header 'Content-Type: application/json' \ --header 'Authorization: Signature keyId="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-length content-type",signature="XXXXXXXXXXXXXXXXXXXXXXXXXXX="' \ --header 'Content-Length: 280' \ --data-raw '{"groupId":"myGroupId","clientCaseId":"8ebd0f0c-27c4-4f17-8294-aa59408b962e","entityType":"INDIVIDUAL","providerTypes":["WATCHLIST"],"name":"John Doe","nameTransposition":true,"secondaryFields":[{"typeId":"SFCT_1","value":"MALE"}],"customFields":[]}'
Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Answer by Prabhjyot · Dec 03, 2020 at 02:05 PM

@jsalicrup,

The details which you have shared are the request headers, we would also need the response headers of the failed api call along with the request headers and the request body.

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
Answer by jsalicrup · Dec 09, 2020 at 03:19 PM

Hi again @Prabhjyot.Mandla

Resuming this discussion, I attach the following data:

I must also mention that we've even changed our implementation by the one provided in the code samples in this developers portal for Java. We've even changed the gatewayUrl from v2 to v1. The result is the same (Http Status 401).


Request Headers are as follows:

[Date: mié, 09 dic 2020 15:06:29 GMT, Cache-Control: no-cache, Content-Type: application/json, Authorization: Signature keyId="XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="XXXXXX"]
(I've masked the signature and the Api Key for security reasons)


Request Body:

{"groupId":"XXXXXXXXX","clientCaseId":"d97e41cd-f982-469d-9d4e-e600acf7c0a6","entityType":"INDIVIDUAL","providerTypes":["WATCHLIST"],"name":"Alejandra XXXX","nameTransposition":true,"secondaryFields":[{"typeId":"SFCT_1","value":"UNSPECIFIED"},{"typeId":"SFCT_3","value":"VEN"}],"customFields":[]}

(I've masked the groupId for security reasons)


Http 401 Response Headers (taken by using the very code sample from Developers portal):

[Strict-Transport-Security: max-age=15552000, includeSubdomains, Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length", Transfer-Encoding: chunked, Date: Wed, 09 Dec 2020 15:11:54 GMT, Server: ""]


Please let me know if anything else is required.

Comment

People who like this

0 Show 1 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

avatar image
REFINITIV
Prabhjyot ♦♦ · Dec 10, 2020 at 05:05 AM 0
Share

@jsalicrup,

If the request and the response headers provided above are of the same request, then there is a difference of more than 30 seconds in the request and response timestamp. Request you to please adjust your system clock as per NTP. It should work fine, please share the latest request and response headers, if you are still facing the issue.

Please note - the time difference between the request and the response headers should not be more than 30 seconds, else it will result in error 401.

avatar image
Answer by jsalicrup · Dec 09, 2020 at 05:02 PM

@Prabhjyot.Mandla

Also, when using the sample that is provided here: https://developers.refinitiv.com/content/dam/devportal/api-families/customer-and-third-party-screening/world-check-one-api/downloads/worldcheckoneapi.zip


The result is the same that the one mentioned above (Http Status 401).

The same request in the Postman Collection from the same portal runs OK and returns a valid response with status 200. The problem seems to be connected to the signature methods in java.

Any thoughts on this?

Thanks a lot.

Comment

People who like this

0 Show 0 · Share
10 |1500 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Watch this question

Add to watch list
Add to your watch list to receive emailed updates for this question. Too many emails? Change your settings >
13 People are following this question.

Related Questions

Unauthorized 401 when calling /cases with POST

Getting 401 Unauthorized when using Feign Framework, not when using HttpRequest Library

How to properly map fields?

How to handle timing before executing the request to retrieve the results ?

WC1 API Run Result 109 pass, 64 failed

  • Feedback
  • Copyright
  • Cookie Policy
  • Privacy Statement
  • Terms of Use
  • Careers
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Spaces
  • Alpha
  • App Studio
  • Block Chain
  • Bot Platform
  • Calais
  • Connected Risk APIs
  • DSS
  • Data Fusion
  • Data Model Discovery
  • Datastream
  • Eikon COM
  • Eikon Data APIs
  • Elektron
    • EMA
    • ETA
    • WebSocket API
  • Legal One
  • Messenger Bot
  • Messenger Side by Side
  • ONESOURCE
    • Indirect Tax
  • Open PermID
    • Entity Search
  • Org ID
  • PAM
    • PAM - Logging
  • ProView
  • ProView Internal
  • Product Insight
  • Project Tracking
  • Refinitiv Data Platform
    • Refinitiv Data Platform Libraries
  • Rose's Space
  • Screening
    • Qual-ID API
    • Screening Deployed
    • Screening Online
    • World-Check One
    • World-Check One Zero Footprint
  • Side by Side Integration API
  • TR Knowledge Graph
  • TREP APIs
    • CAT
    • DACS Station
    • Open DACS
    • RFA
    • UPA
  • TREP Infrastructure
  • TRIT
  • TRKD
  • TRTH
  • Thomson One Smart
  • Transactions
    • REDI API
  • Velocity Analytics
  • Wealth Management Web Services
  • World-Check Data File
  • Explore
  • Tags
  • Questions
  • Badges