Hi John,

There are a number of reasons you may receive a 401 status. Note some of the PUT/POST requests do no have a body, hence do not require content length... I suggest, if possible, share the code you wrote that is not working...also note that one of your groups is setup as a Zero Footprint group and so screening a case will not be permitted in that group, use one of the other groups you've setup.

Brian

Hi Brian,

I use the postman default group id in the pilot environment.

Please check the source code as below, for the function of “Save a simple case”

// -----------------------

procedure TForm2.btSaveasimplecaseClick(Sender: TObject);

var

response : string;

RequestBody : TstringStream;

tt : TBytes;

dataToSign, strdatetime : string;

thedate : tdatetime;

const

strbody='{ "entityType": "INDIVIDUAL", "groupId":"418f28a7-b9c9-4ae4-8530-819c61b1ca6c","providerTypes": ["WATCHLIST"], "name": "John Doe"}';

strbaseurl='https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases';

begin

thedate:=now-(13/24); // get server time , the offset of the time different is 13 hours

strdatetime:= formatdatetime('ddd, dd mmm yyyy hh:mm:ss "GMT"',thedate);

edtdate.Text:=strdatetime; // display purpose – date string

dataToSign:= '(request-target): post /v1/cases'+#10 +'host: rms-world-check-one-api-pilot.thomsonreuters.com' +#10+'date: '+strdatetime+#10+'content-type: application/json'+#10+'content-length: '+

inttostr(length(strbody))+#10+strbody;

msignstring.Lines.Text:=datatosign; // Sign string -- display purpose

tt:=System.Hash.THashSHA2.GetHMACasBytes(dataToSign,APIsecret,SHA256);

edtsignatures.text:=EncodeBase64(tt,length(tt)); // signature string - display purpose

edtauth.Text:='Signature keyId="a4364e62-e58b-4b64-9c71-faead5417557",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="'+edtsignatures.text+'"'; // authorization string

edit1.Text:=inttostr(length(strbody)); // content -length

RequestBody := TStringStream.Create(strbody, TEncoding.UTF8);

RequestBody.Position := 0;

try

IdHTTP1.Request.CustomHeaders.Clear;

IdHTTP1.Request.Method:=Id_HTTPMethodPost;

IdHTTP1.Request.ContentType := 'application/json';

IdHTTP1.Request.CustomHeaders.AddValue('cache-control', 'no-cache');

IdHTTP1.Request.CustomHeaders.AddValue('authorization',edtauth.Text);

IdHTTP1.Request.CustomHeaders.AddValue('date', strdatetime);

IdHTTP1.Request.CustomHeaders.AddValue('content-type', 'application/json');

IdHTTP1.Request.CustomHeaders.AddValue('content-length', inttostr(length(strbody)));

try

IdHTTP1.Post(strbaseurl, RequestBody);

except

on e:EIdHTTPProtocolException do

begin

showmessage(e.ErrorMessage+' .. '+ e.Message );

end;

on e:exception do

showmessage(e.Message);

end;

memo1.Lines.text:=IdHTTP1.ResponseText;

finally

RequestBody.Free;

end;

end;

// --------------------- end of code ---------------

Sign string:

(request-target): post /v1/cases

host: rms-world-check-one-api-pilot.thomsonreuters.com

date: Mon, 09 Jan 2017 23:38:56 GMT

content-type: application/json

content-length: 130

{ "entityType": "INDIVIDUAL", "groupId":"418f28a7-b9c9-4ae4-8530-819c61b1ca6c","providerTypes": ["WATCHLIST"], "name": "John Doe"}

Signature:

QldTAT5loM20vBrFMBZg1ErrnYnrVtPcx+ZpxQKjkqo=

Authorization:

Signature keyId="a4364e62-e58b-4b64-9c71-faead5417557",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="QldTAT5loM20vBrFMBZg1ErrnYnrVtPcx+ZpxQKjkqo="

Date:

Sun, 08 Jan 2017 21:52:47 GMT

Content Length:

130

Response:

HTTP/1.1 400 Bad Request

Any ideal? Thanks

Consider watching:

World-Check One API – Overview and Quick Start