Hi,

We created a class in C# to place both GET and POST requests, but only GET requests are working.

For POST, we get a 401. So we are assuming that it's something to do with Authorization header.

I tried doing the same as the pre request script in Postman but in C# but I still can't manage to get an autorized post response.

Can someone help me with that?

FYI, both GET and POST requests using Postman are working fine (returning 200).

Here is my request and response:

Request completed. 

Request: {"resource":"cases/screeningRequest","parameters":[{"name":"","value":{"groupId":"5jb7whk6ycsr1fncy3iv7a0sg","entityType":"INDIVIDUAL","providerTypes":["WATCHLIST"],"name":"Test Guy","nameTransposition":false,"secondaryFields":[{"typeId":"SFCT_1","value":"FEMALE","dateTimeValue":null},{"typeId":"SFCT_2","value":null,"dateTimeValue":{"timelinePrecision":"ON","pointInTimePrecision":"DAY","utcDateTime":895557600,"timeZone":null}},{"typeId":"SFCT_3","value":"ARG","dateTimeValue":null},{"typeId":"SFCT_4","value":"ARG","dateTimeValue":null},{"typeId":"SFCT_5","value":"ARG","dateTimeValue":null}]},"type":"RequestBody"},{"name":"Authorization","value":"Signature keyId=\"86740220-fcf5-4791-9ea4-9da2d2560890\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"gTQfAInpk6l1MmecBcXdlbf+sashrZ1pNbTsl3YreqI=\"","type":"HttpHeader"},{"name":"Date","value":"Thu, 03 Jun 2021 18:40:45 GMT","type":"HttpHeader"},{"name":"Cache-Control","value":"no-cache","type":"HttpHeader"},{"name":"Content-Length","value":"529","type":"HttpHeader"}],"method":"POST","uri":"https://api-worldcheck.refinitiv.com/v2/cases/screeningRequest"}


Response: {"statusCode":401,"content":"","headers":[{"Name":"Date","Value":"Thu, 03 Jun 2021 18:41:04 GMT","Type":3,"DataFormat":2,"ContentType":null},{"Name":"Transfer-Encoding","Value":"chunked","Type":3,"DataFormat":2,"ContentType":null},{"Name":"Connection","Value":"keep-alive","Type":3,"DataFormat":2,"ContentType":null},{"Name":"Strict-Transport-Security","Value":"max-age=15552000, includeSubdomains","Type":3,"DataFormat":2,"ContentType":null},{"Name":"Authorization","Value":"WWW-Authenticate: Signature realm=\"World-Check One API\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\"","Type":3,"DataFormat":2,"ContentType":null}],"responseUri":"https://api-worldcheck.refinitiv.com/v2/cases/screeningRequest","errorMessage":null}

Here is the req body:

{
  "groupId": "5jb7whk6ycsr1fncy3iv7a0sg",
  "entityType": "INDIVIDUAL",
  "providerTypes": [
    "WATCHLIST"
  ],
  "name": "Test Guy",
  "nameTransposition": false,
  "secondaryFields": [
    {
      "typeId": "SFCT_1",
      "value": "FEMALE",
      "dateTimeValue": null
    },
    {
      "typeId": "SFCT_2",
      "value": null,
      "dateTimeValue": {
        "timelinePrecision": "ON",
        "pointInTimePrecision": "DAY",
        "utcDateTime": 895557600,
        "timeZone": null
      }
    },
    {
      "typeId": "SFCT_3",
      "value": "ARG",
      "dateTimeValue": null
    },
    {
      "typeId": "SFCT_4",
      "value": "ARG",
      "dateTimeValue": null
    },
    {
      "typeId": "SFCT_5",
      "value": "ARG",
      "dateTimeValue": null
    }
  ]
}

Here is my code:

public async Task<IndividualScreeningRes> IndividualSyncScreening(IndividualScreeningReq body)
{
    try
    {
        var resource = "cases/screeningRequest";
        var request = PostBaseRequest(resource, body);
        var response = await _restClient.ExecuteAsync(request);
        LogRequest(request, response);
        return result;
    }
    catch (Exception e)
    {
        Console.WriteLine(e);
        throw;
    }
}

private IRestRequest PostBaseRequest(string resource, Object body)
{
    var content = JsonConvert.SerializeObject(body);
    var contentLength = HttpUtility.UrlDecode(HttpUtility.UrlEncode(content), System.Text.Encoding.Default);
    var date = DateTime.UtcNow.ToString("ddd, dd MMM yyyy HH:mm:ss G\\MT", CultureInfo.InvariantCulture);
    var authorization = PostAuthorizationHeader(resource, date, content, contentLength.Length);
    var request = new RestRequest(resource, Method.POST)
        .UseNewtonsoftJson()
        .AddJsonBody(body)
        .AddHeader("Authorization", authorization)
        .AddHeader("Date", date)
        .AddHeader("Cache-Control", "no-cache")
        .AddHeader("Content-Length", contentLength.Length.ToString());

    return request;
}

private string PostAuthorizationHeader(string resource, string date, string content, int contentLength)
{
    var dataToSign = "(request-target): post " + _gatewayVersion + resource + "\n" +
                     "host: " + _gatewayHost + "\n" +
                     "date: " + date + "\n" +
                     "content-type: application/json" + "\n" +
                     "content-length: " + contentLength + "\n" +
                     content;

    var hmac = GenerateAuthHeader(dataToSign);

    var authorizationHeaderValue = "Signature keyId=\"" + _apiKey + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"" + hmac + "\"";

    return authorizationHeaderValue;
}