question

Upvotes
Accepted
18 0 1 1

How do I authenticate for requests PUT in Python?

I have problems getting requests.put working on the api in Python. The same way of authentication that works with GET and POST do not work with PUT. I want to make calls to this:

https://docs-developers.refinitiv.com/1600949101673/50009/documentation/schema-reference/wc1-api-schema-reference-documentation.html#_cases_casesystemid_ongoingscreening_put

PUT /cases/{caseSystemId}/ongoingScreening

I have the following things defined in my .env file:


REFINITIV_API_ENDPOINT = https://rms-world-check-one-api-pilot.thomsonreuters.com
REFINITIV_API_KEY      = abc111
REFINITIV_API_SECRET   = abc222
REFINITIV_PRODUCT_KEY  = abc333
REFINITIV_GROUP_ID     = abc444

How do I use this to make PUT calls in Python using the requests library? We are using Python 3.8.5. I am running Debian WSL on Windows 10. Everything I tried so far gives me the HTTP401 error. I know the keys work because GET and POST on other endpoints work with them.

pythonworld-checkscreeningscreening-apirequest
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
Accepted
548 1 1 1

@johan,

I see a time difference between request and response headers of more than 30 seconds.

Can you please check the clock and try again?

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
548 1 1 1

@johan

Can you please share the request and the response headers of the failed request? Also, can you please confirm the content of dataToSign which you are passing for the PUT request?

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
18 0 1 1
https://rms-world-check-one-api-pilot.thomsonreuters.com/v2/cases/{case_system_id}/ongoingScreening


PUT headers = {
"Date": "Tue, 16 Feb 2021 13:28:15 GMT",
"Authorization": "Signature keyId=\"CENCORED1\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"CENCORED2=\""
}

result.status_code = 401
result.headers = {'Strict-Transport-Security': 'max-age=15552000, includeSubdomains', 'Authorization': 'WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length"', 'Transfer-Encoding': 'chunked', 'Date': 'Tue, 16 Feb 2021 13:31:55 GMT', 'Server': '""'}
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
18 0 1 1

The case_system_id I use right now is a few minutes old and I got that from making a screening request on a random name we made up.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Upvotes
18 0 1 1

Fugerad it out I think. I get 204 status back when I PUT to the endpoint with users caseSystemId. The problem was with signing the header I think.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.