I am able to access the API from Postman successfully.
When attempting to make the same call from ServiceNow I get a 401 error.
Code
Code to generate header in ServiceNow:
getSimpleScreeningRequestAuthHeader : function(dateSent,payload){ var contentLength = unescape(encodeURIComponent(payload)).length, environment = { "gateway-url": gs.getProperty('x_525112_refinitiv.refinitiv.gateway_url'), "gateway-host": gs.getProperty('x_525112_refinitiv.refinitiv.gateway_host'), "content": "application/json", "api-key": gs.getProperty('x_525112_refinitiv.refinitiv.api_key') }, dataToHash = "(request-target): post " + environment["gateway-url"] + "cases/screeningRequest\n" + "host: " + environment["gateway-host"] + "\n" + "date: " + dateSent + "\n" + "content-type: " + environment["content"] + "\n" + "content-length: " + contentLength + "\n" + payload, hmac = this._generateHash(dataToHash), authHeader = "Signature keyId=\"" + environment["api-key"] + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"" + hmac + "\""; var debug = { "environmet": environment, "dataToHash": dataToHash, "hmac": hmac }; gs.info('test this - script include debug: ' +JSON.stringify(debug)); return authHeader; }, _generateHash : function(dataToHash){ var hmacUtil = new x_525112_cryptojs.CryptoJS_Wrapper(), secret = gs.getProperty('x_525112_refinitiv.refinitiv.api_secret'), hash = hmacUtil.HmacSHA256(dataToHash, secret); return hmacUtil.convertToBase64(hash); //return gs.base64Encode(hash) }
**payload is the body of the REST message
Code to make the call
var dateToday = new Date().toGMTString(), restBody = { "groupId": "****", (group id removed for security, have verified it matches Postman) "entityType": "UNSPECIFIED", "caseId": "", "providerTypes": [ "WATCHLIST" ], "caseScreeningState": { "WATCHLIST": "INITIAL" }, "name": "John Smith", "nameTransposition": false, "secondaryFields": [], "customFields": [] }, authHeaderString = new x_525112_refinitiv.refinitivWCUtils().getSimpleScreeningRequestAuthHeader(dateToday,JSON.stringify(restBody)); try { var endPoint = gs.getProperty('x_525112_refinitiv.refinitiv.gateway_host') + gs.getProperty('x_525112_refinitiv.refinitiv.gateway_url'), contentLength = unescape(encodeURIComponent(restBody)).length, r = new sn_ws.RESTMessageV2('x_525112_refinitiv.refinitiv_world_check', 'SEQ-screen-sync-simple'); r.setStringParameterNoEscape('authorizarionString', authHeaderString); r.setStringParameterNoEscape('currentDate', dateToday); r.setStringParameterNoEscape('endPoint', endPoint); r.setStringParameterNoEscape('contentLength', contentLength); r.setStringParameter('payload', restBody); var response = r.execute(); var responseBody = response.getBody(); var httpStatus = response.getStatusCode(); var debug = { "date": dateToday, "endPoint": endPoint, "httpStatus": httpStatus } gs.print(JSON.stringify(debug)); gs.print('authHeaderString is: ' + authHeaderString); } catch(ex) { var message = ex.message; gs.print('error caught, message: ' + message); }
Debug & gs.print information returned after making the REST call
var scriptIncludeDebug= { "environmet": { "gateway-url": "/v2/", "gateway-host": "api-worldcheck.refinitiv.com", "content": "application/json", "api-key": "*****" (key removed for security, have verified it matches Postman) }, "dataToHash": "(request-target): post /v2/cases/screeningRequest\nhost: api-worldcheck.refinitiv.com\ndate: Fri, 18 Mar 2022 14:57:35 GMT\ncontent-type: application/json\ncontent-length: 238\n{\"groupId\":\"******\",\"entityType\":\"UNSPECIFIED\",\"caseId\":\"\",\"providorTypes\":[\"WACHTLIST\"],\"caseScreeningState\":{\"WATCHLIST\":\"INITIAL\"},\"name\":\"John Smith\",\"nameTransposition\":false,\"secondaryFields\":[],\"customFields\":[]}", (group id removed for security, have verified it matches Postman) "hmac": "6kVaZfQIuChZ2dldnrHrrYv9McZOPjSMRdAXvZhAlzw=" }, bgScriptDebug = { "date": "Fri, 18 Mar 2022 14:57:35 GMT", "endPoint": "api-worldcheck.refinitiv.com/v2/", "httpStatus": 401 } (keyID removed for security, have verified it matches Postman and in both Signatures) var SNC = ' Signature keyId="******",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="6kVaZfQIuChZ2dldnrHrrYv9McZOPjSMRdAXvZhAlzw=" ' var PMN = ' Signature keyId="******",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="M8CoTayADFfsJFU8kL1MO5FGv/kmLPedsh/E+rRHbc8=" '
I have verified the server date/time is within 30 seconds of https://time.is
Any help you can offer would be greatly appreciated.