wcApiUrl ='https://api-worldcheck.refinitiv.com';
$this->wcApiKey = 'MY-KEY';
$this->wcApiSecret = 'MY_SECRET';
}
/**
* Generates an associative array with required authorization headers (Date, Authorization, Content-Type, Content-Length).
*
* @param string $wcApiKey User's API key.
* @param string $wcApiSecret User's API secret.
* @param string $httpMethod HTTP method of a request (e.g. "get", "options", "head", "post", "put", "patch", or "delete").
* @param string $url URL to send the request to (e.g. "https://www.example.com/resources").
* @param string|null $contentType (optional) Content type of the request payload/body (e.g. "application/json").
* @param string|null $payload (optional) The request payload/body.
* @return array (an associative array) with required headers for authorization
* (Date, Authorization, Content-Type, Content-Length).
* @throws InvalidArgumentException if there is only one $contentType or $payload value, or if $contentType is not supported.
* Currently, only the $contentType value "application/json" is supported.
*/
public static function generateAuthHeaders($wcApiKey,$wcApiSecret,$httpMethod,$url,$contentType = null,$payload = null) {
wordCheckOneAPI::validatePayload($contentType, $payload);
$date = wordCheckOneAPI::generateDateHeader();
$authorization = wordCheckOneAPI::generateAuthorizationHeader($wcApiKey, $wcApiSecret, $httpMethod, $url, $contentType, $payload, $date);
$authHeaders = [
'Date' => $date,
'Authorization' => $authorization
];
if ($payload != null) {
$authHeaders['Content-Type'] = $contentType;
$authHeaders['Content-Length'] = strval(strlen($payload));
}
return $authHeaders;
}
private static function validatePayload($contentType, $payload){
$CONTENT_TYPE_PREFIX = 'application/json';
if ($contentType != null && strpos($contentType, $CONTENT_TYPE_PREFIX) !== 0) {
throw new InvalidArgumentException("Unsupported content type $contentType");
}
if ($contentType != null && $payload == null) {
throw new InvalidArgumentException('The request payload(body) has not been provided');
}
if ($contentType == null && $payload != null) {
throw new InvalidArgumentException('The content type of request payload(body) has not been provided');
}
}
private static function generateAuthorizationHeader($wcApiKey,$wcApiSecret,$httpMethod,$url,$contentType,$payload,$date){
$SIGNATURE_HEADERS = '(request-target) host date';
$SIGNATURE_HEADERS_WITH_CONTENT = $SIGNATURE_HEADERS . ' content-type content-length';
$headers = $payload == null ? $SIGNATURE_HEADERS : $SIGNATURE_HEADERS_WITH_CONTENT;
$signature = wordCheckOneAPI::generateSignature($wcApiSecret, $httpMethod, $url, $contentType, $payload, $date);
return "Signature keyId=\"$wcApiKey\",algorithm=\"hmac-sha256\",headers=\"$headers\",signature=\"$signature\"";
}
private static function generateSignature($wcApiSecret,$httpMethod,$url,$contentType,$payload,$date){
$path = parse_url($url, PHP_URL_PATH);
$host = parse_url($url, PHP_URL_HOST);
$method = strtolower($httpMethod);
$dataToSign = "(request-target): $method $path\nhost: $host\ndate: $date";
if ($payload != null) {
$contentLength = strlen($payload);
$dataToSign .= "\ncontent-type: $contentType\ncontent-length: $contentLength\n$payload";
}
return wordCheckOneAPI::signDataWithHmacSha256($wcApiSecret, $dataToSign);
}
private static function signDataWithHmacSha256($wcApiSecret,$dataToSign){
$hashDigest = hash_init("sha256", HASH_HMAC, $wcApiSecret);
hash_update($hashDigest, $dataToSign);
return base64_encode(hash_final($hashDigest, TRUE));
}
/**
* Generates Date header value.
*
* @return string Current date and time in GMT timezone in RFC 1123 date format (e.g. "Wed, 25 May 2022 12:53:15 GMT").
*/
private static function generateDateHeader(){
return gmdate('D, d M Y H:i:s \G\M\T', time());
}
public function getTopLevelGroups(){
$payload = null;
$httpMethod = 'GET';
$globalVariables = new wordCheckOneAPI();
$url = $globalVariables->wcApiUrl.'/v2/groups';
$headers = $this->generateAuthHeaders($globalVariables->wcApiKey, $globalVariables->wcApiSecret,$httpMethod,$url);
$response = $this->curlRequest($url,$headers,$payload,$httpMethod);
//echo $url."
"; var_dump($response); echo ""; return $response; } public function screenOrganization(){ //GET TOP LEVEL GROUPS $topLevelGroups = $this->getTopLevelGroups(); if($topLevelGroups->status==200){ $globalVariables = new wordCheckOneAPI(); $groups = json_decode($topLevelGroups->response); $groupId = $groups[0]->id; //GET CASE TEMPLATES $httpMethod = 'GET'; $url = $globalVariables->wcApiUrl.'/v2/groups/'.$groupId.'/caseTemplate'; $headers = $this->generateAuthHeaders($globalVariables->wcApiKey, $globalVariables->wcApiSecret,$httpMethod,$url); $templatesResp = $this->curlRequest($url,$headers,$payload,$httpMethod); $templatesResp = json_decode($templatesResp->response); //echo $url."
"; var_dump($templatesResp); echo ""; exit; //SEQ CREATE - ORGANIZATION $httpMethod = 'POST'; $contentType = 'application/json'; $url = $globalVariables->wcApiUrl.'/v2/cases/screeningRequest'; $payload = array(); $payload['groupId'] = $groups[0]->id; $payload['entityType'] = "ORGANISATION"; //INDIVIDUAL //VESSEL //UNSPECIFIED $payload['providerTypes'] = array(); $payload['providerTypes'] = $templatesResp->mandatoryProviderTypes; $payload['caseScreeningState'] = array(); //Use default state from account settings $payload['caseScreeningState']['WATCHLIST'] = "INITIAL"; $payload['name'] = "Apple"; //$jsonData["account_name"]; $payload['secondaryFields'] = array(); foreach($templatesResp->secondaryFieldsByProvider->watchlist->secondaryFieldsByEntity->organisation as $orgFields){ $fieldValueType = array(); if($orgFields->fieldValueType=="COUNTRY"){ $fieldValueType["typeId"] = $orgFields->typeId; $fieldValueType["value"] = "Kenya"; } } $payload['customFields'] = array(); $payload = json_encode($payload); $headers = $this->generateAuthHeaders($globalVariables->wcApiKey, $globalVariables->wcApiSecret,$httpMethod,$url,$contentType,$payload); $sanctionResp = $this->curlRequest($url,$headers,$payload,"POST"); echo $url."
"; echo "
Headers:";var_dump($headers); echo "
Payload:";var_dump(json_decode($payload)); echo "
Payload:
".$payload; echo "
Response:";var_dump($sanctionResp); exit; } echo "
- END OF REQUEST"; exit; } public function curlRequest($url, $headers, $payload = null, $requestType = null){ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_ENCODING,""); curl_setopt($ch, CURLOPT_MAXREDIRS,10); curl_setopt($ch, CURLOPT_TIMEOUT,10); curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); if($requestType == "POST") curl_setopt($ch, CURLOPT_POST, $requestType); else if($requestType == "PUT") curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT"); if($payload) curl_setopt($ch, CURLOPT_POSTFIELDS, $payloadJson); $headerArray = array(); foreach($headers as $h=>$header){ $headerArray[] = $h.": ".$header; } curl_setopt($ch, CURLOPT_HTTPHEADER, $headerArray); $response = curl_exec($ch); $http_status = curl_getinfo($ch, CURLINFO_HTTP_CODE); if ($error_no = curl_errno($ch)) { if($response===false){ $response = ""; } $response = curl_error($ch); } curl_close($ch); $statusMsg = ''; if($http_status==400){ $statusMsg = 'Bad Request'; }elseif($http_status==401){ $statusMsg = 'The request has failed an authorisation check. This can happen for a variety of reasons, such as an invalid or expired API key, an invalid HMAC signature or a request timing issue/problem with the Date header value. The API client should ensure a correctly synchronised clock is used to generate request timestamps.'; }else if($http_status==404){ $statusMsg = 'Cannot return response'; }else if($http_status==415){ $statusMsg = 'For requests with payloads, an unsupported Content-Type was specified. The World-Check One API only supports a content type of application/json.'; }else if($http_status==429){ $statusMsg = 'The API client is making too many concurrent requests, and some are being throttled. Throttled requests can be retried (with an updated request Date and HTTP signature) after a short delay.'; }else if($http_status==500){ $statusMsg = 'Unexpected error'; } $responseObj = new stdClass(); $responseObj->status = $http_status; if($statusMsg) $responseObj->statusMsg = $statusMsg; $responseObj->response = $response; return $responseObj; } } $instance = new wordCheckOneAPI(); $instance->screenOrganization();