For a deeper look into our World Check One API, look into:

Overview |  Quickstart |  Documentation |  Downloads

question

Upvotes
Accepted
3 1 2 2

401 response only for POST requests

Hi,

We created a class in C# to place both GET and POST requests, but only GET requests are working.

For POST, we get a 401. So we are assuming that it's something to do with Authorization header.

I tried doing the same as the pre request script in Postman but in C# but I still can't manage to get an autorized post response.

Can someone help me with that?

FYI, both GET and POST requests using Postman are working fine (returning 200).


Here is my request and response:

Request completed. 

Request: {"resource":"cases/screeningRequest","parameters":[{"name":"","value":{"groupId":"5jb7whk6ycsr1fncy3iv7a0sg","entityType":"INDIVIDUAL","providerTypes":["WATCHLIST"],"name":"Test Guy","nameTransposition":false,"secondaryFields":[{"typeId":"SFCT_1","value":"FEMALE","dateTimeValue":null},{"typeId":"SFCT_2","value":null,"dateTimeValue":{"timelinePrecision":"ON","pointInTimePrecision":"DAY","utcDateTime":895557600,"timeZone":null}},{"typeId":"SFCT_3","value":"ARG","dateTimeValue":null},{"typeId":"SFCT_4","value":"ARG","dateTimeValue":null},{"typeId":"SFCT_5","value":"ARG","dateTimeValue":null}]},"type":"RequestBody"},{"name":"Authorization","value":"Signature keyId=\"86740220-fcf5-4791-9ea4-9da2d2560890\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"gTQfAInpk6l1MmecBcXdlbf+sashrZ1pNbTsl3YreqI=\"","type":"HttpHeader"},{"name":"Date","value":"Thu, 03 Jun 2021 18:40:45 GMT","type":"HttpHeader"},{"name":"Cache-Control","value":"no-cache","type":"HttpHeader"},{"name":"Content-Length","value":"529","type":"HttpHeader"}],"method":"POST","uri":"https://api-worldcheck.refinitiv.com/v2/cases/screeningRequest"}


Response: {"statusCode":401,"content":"","headers":[{"Name":"Date","Value":"Thu, 03 Jun 2021 18:41:04 GMT","Type":3,"DataFormat":2,"ContentType":null},{"Name":"Transfer-Encoding","Value":"chunked","Type":3,"DataFormat":2,"ContentType":null},{"Name":"Connection","Value":"keep-alive","Type":3,"DataFormat":2,"ContentType":null},{"Name":"Strict-Transport-Security","Value":"max-age=15552000, includeSubdomains","Type":3,"DataFormat":2,"ContentType":null},{"Name":"Authorization","Value":"WWW-Authenticate: Signature realm=\"World-Check One API\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\"","Type":3,"DataFormat":2,"ContentType":null}],"responseUri":"https://api-worldcheck.refinitiv.com/v2/cases/screeningRequest","errorMessage":null}


Here is the req body:

{
  "groupId": "5jb7whk6ycsr1fncy3iv7a0sg",
  "entityType": "INDIVIDUAL",
  "providerTypes": [
    "WATCHLIST"
  ],
  "name": "Test Guy",
  "nameTransposition": false,
  "secondaryFields": [
    {
      "typeId": "SFCT_1",
      "value": "FEMALE",
      "dateTimeValue": null
    },
    {
      "typeId": "SFCT_2",
      "value": null,
      "dateTimeValue": {
        "timelinePrecision": "ON",
        "pointInTimePrecision": "DAY",
        "utcDateTime": 895557600,
        "timeZone": null
      }
    },
    {
      "typeId": "SFCT_3",
      "value": "ARG",
      "dateTimeValue": null
    },
    {
      "typeId": "SFCT_4",
      "value": "ARG",
      "dateTimeValue": null
    },
    {
      "typeId": "SFCT_5",
      "value": "ARG",
      "dateTimeValue": null
    }
  ]
}

Here is my code:

public async Task<IndividualScreeningRes> IndividualSyncScreening(IndividualScreeningReq body)
{
    try
    {
        var resource = "cases/screeningRequest";
        var request = PostBaseRequest(resource, body);
        var response = await _restClient.ExecuteAsync(request);
        LogRequest(request, response);
        return result;
    }
    catch (Exception e)
    {
        Console.WriteLine(e);
        throw;
    }
}
private IRestRequest PostBaseRequest(string resource, Object body)
{
    var content = JsonConvert.SerializeObject(body);
    var contentLength = HttpUtility.UrlDecode(HttpUtility.UrlEncode(content), System.Text.Encoding.Default);
    var date = DateTime.UtcNow.ToString("ddd, dd MMM yyyy HH:mm:ss G\\MT", CultureInfo.InvariantCulture);
    var authorization = PostAuthorizationHeader(resource, date, content, contentLength.Length);
    var request = new RestRequest(resource, Method.POST)
        .UseNewtonsoftJson()
        .AddJsonBody(body)
        .AddHeader("Authorization", authorization)
        .AddHeader("Date", date)
        .AddHeader("Cache-Control", "no-cache")
        .AddHeader("Content-Length", contentLength.Length.ToString());

    return request;
}

private string PostAuthorizationHeader(string resource, string date, string content, int contentLength)
{
    var dataToSign = "(request-target): post " + _gatewayVersion + resource + "\n" +
                     "host: " + _gatewayHost + "\n" +
                     "date: " + date + "\n" +
                     "content-type: application/json" + "\n" +
                     "content-length: " + contentLength + "\n" +
                     content;

    var hmac = GenerateAuthHeader(dataToSign);

    var authorizationHeaderValue = "Signature keyId=\"" + _apiKey + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"" + hmac + "\"";

    return authorizationHeaderValue;
}
world-checkworld-check-oneapic#
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

Upvotes
Accepted
1.4k 5 2 2

@togetherdevs

Thanks for letting us know that API calls are working fine via POSTMAN. However, for C#, we request you kindly download the the C# API example through below link, this should help you avoid a 401 Unauthorized request return status.

https://developers.refinitiv.com/en/api-catalog/customer-and-third-party-screening/world-check-one-api/downloads


1622785330904.png (38.9 KiB)
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.