Encounter Authorization error on calling V2 cases/saveandscreen API endpoint
I get an authorization error when I call v2/cases/saveandscreen of WorldCheckOne API. All the other API calls work fine.
I would really appreciate your help/advice.
Hi,
401 errors occur because the request has failed an authorization check. This can happen for a variety of reasons, such as
- An invalid or expired API key,
- An invalid HMAC signature.
- Request timing issue/problem with the Date header value. The API client should ensure a correctly synchronized clock is used to generate request timestamps.
- Incorrect JSON payload formation at your end that can cause you to observe 401 response.
Could you share the complete request and response headers of the 401 API call that you are receiving so that we can investigate it further?
Regards,
Mehran Khan
Hi Mehran,
Thanks for your reply!
Basically, I am using C# to call your APIs in pilot environment. All the other endpoints we are using work fine except (cases/saveandscreen).
I have got a small code sample in C#, would you like me to share that? If yes how can i attach the source code file?
Cheers
Hi Mehran, I am adding Request and Response Headers. Hope that helps!
dataToSign
=========================
(request-target): post /v2/cases/saveandscreen
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Mon, 14 Dec 2020 10:21:47 GMT
content-type: application/json
content-length: 467
{"groupId":"5nzbfqact4r91f3djfkjtszzh","providerTypes":["WATCHLIST"],"nameTransposition":false,"caseScreeningState":{"WATCHLIST":"ONGOING"},"cases":[{"entityType":"INDIVIDUAL","name":"Joe Bloggs","nameTransposition":false,"secondaryFields":[],"customFields":[],"caseId":"a89d0b5a-c5fd-41cd-b202-a787979742f1"},{"entityType":"INDIVIDUAL","name":"Henry","nameTransposition":false,"secondaryFields":[],"customFields":[],"caseId":"5a3bedc2-dfe2-4da7-9195-7618e85787ca"}]}
hmac
==============================
DYzN6ic1BTN6ION7+aAzGUoubXBHrI6kVZiASQIxTOQ=
authorization
===================================
Signature keyId="2152c649-892d-40f6-be73-cf5b03db6924",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="DYzN6ic1BTN6ION7+aAzGUoubXBHrI6kVZiASQIxTOQ="
byte1.Length
====================
467
dateValue.ToString()
============================
14/12/2020 10:21:47
REQUEST HEADERS
=================
var request = new RestRequest();
request.AddHeader("Authorization", authorisation);
request.AddHeader("Cache-Control", "no-cache");
request.AddHeader("Date", dateValue.ToString());
request.AddHeader("content-type", "application/json");
request.AddHeader("content-length", byte1.Length.ToString());
RESPONSE
=================
Unauthorized
I tried replicating this using your keys and was able to successfully consume the API on postman so there are no issues with your request payload.
I tried to replicate your exact same request next with the exact timestamp i.e. Mon, 14 Dec 2020 10:21:47 GMT, and I see that the HMAC generated by your code is incorrect, I suspect there is an issue with the content length calculation in your code.
For the exact same payload and a successful request, the content-length that I see is 542 but from your logs, your code is probably calculating it to 467, can you please check this part of your code?
Let me know if we need to get on a quick phone call sometime tomorrow, I will be happy to jump in and discuss this over a meeting.
Here is the request-response from my replicated API call. I have masked the API key for confidentiality purposes and highlighted the signature for your attention.
POST /v2/cases/saveAndScreen HTTP/1.1
Host: rms-world-check-one-api-pilot.thomsonreuters.com
Date: Mon, 14 Dec 2020 10:21:47 GMT
Authorization: Signature keyId="2152c649-892d-40f6-be73-cf**********",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="WyL1HMa83doGIHS3V7hzKWBudWnUyCbboWUzufBZ5Tg="
Content-Type: application/json
Content-Length: 542
{
"groupId": "5nzbfqact4r91f3djfkjtszzh",
"providerTypes": ["WATCHLIST"],
"nameTransposition": false,
"caseScreeningState": {
"WATCHLIST": "ONGOING"
},
"cases": [{
"entityType": "INDIVIDUAL",
"name": "Joe Bloggs",
"nameTransposition": false,
"secondaryFields": [],
"customFields": [],
"caseId": "a89d0b5a-c5fd-41cd-b202-a787979742f1"
}, {
"entityType": "INDIVIDUAL",
"name": "Henry",
"nameTransposition": false,
"secondaryFields": [],
"customFields": [],
"caseId": "5a3bedc2-dfe2-4da7-9195-7618e85787ca"
}]
}
Hi Mehran,
Thanks for your support. Sorry I have been away for the holidays. Here is what i tried;
I hardcoded the content length to 542 in my code and it still failed. Then I compared the HMAC Signature, which doesn't match with what you mentioned above.
HMACS:
Your:
WyL1HMa83doGIHS3V7hzKWBudWnUyCbboWUzufBZ5Tg=
Mine:
c2KTdPXemA5ZMDt5+qA91WJIY4V1nfINLvPOQ/bqYmo=
I am not sure what's going on here. Please let me know the timings to jump on a quick call.
Cheers,