For a deeper look into our World Check One API, look into:

Overview |  Quickstart |  Documentation |  Downloads

question

Upvotes
Accepted
jcgarcia avatar image
1 1 2 6

HSBC - Error with HTTP Message: Unauthorized

Hi, I send this message header for the first step to obtain the group-id

(request-target): post https://rms-world-check-one-api-pilot.thomsonreuters.com:443/v1/groups
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Fri, 28 Apr 2017 01:31:26

Authorization:

Signature keyId="509f9b54-4182-XXXX-XXX-XXXXXXX", algorithm="hmac-sha256", headers="(request-target) host date content-type content-length", signature="zgRnHs4/3zt8ycrhN+fYS/K6PAbKJVY+fw9Q9MAfs="

Hi, I am from HSBC Argentina, we are trying to access the World-Chech-One.
I received the API-KEY and Secret-API credentials on Wednesday to be able to generate the authorization header. But we can not make it work gives me the error "401 Unauthorized.

Could I review the request I send with someone from privately to see that I am sending wrong.

Thank you very much.

world-checkworld-check-oneauthenticationapp-key
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Tomasz.Niestoruk avatar image Tomasz.Niestoruk

Client was given an answer outside of Q&A due to the sensitivity of the information. I will check if the answer can be posted here without compromising it, if not the question will be made private or deleted.

4 Answers

Upvotes
Accepted
brian.bourgault avatar image
3.1k 16 7 7

Consider watching:

World-Check One API – Overview and Quick Start

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvotes
rodney.mcclean01 avatar image
211 1 0 0

Hi @jcgarcia,

did you try standard settings in the Postman collection before changing to your own API and API secret ?

That should work without any changes, then change the values in Postman to be your own API and API secret.

Once that's working you can see what the valid authorization should look like.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvotes
jcgarcia avatar image
1 1 2 6

Yes, I have postman in Chrome because here at HSBC we cant download the Windows Version, we dont have permissions to do that.

This is the configuration that I have in Postman:

POST /v1/groups HTTP/1.1
Host: rms-world-check-one-api-pilot.thomsonreuters.com
Date: Fri, 16 Dec 2016 12:34:45 GMT
Content-Type: application/json
Content-Length: 158
Authorization: Signature keyId="a4364e62-e58b-4b64-9c71-faead5417557",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="TBFK7xyK+Wdk7J8g/OVhxC+NfhC92YM/tvFWrXFo/EQ="
Cache-Control: no-cache

The body must go empty "{ }" right?

Thanks.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvotes
jcgarcia avatar image
1 1 2 6

Hi, I downloaded the latest version of Postman for Windows.

I sent a Signature that you gave me in another mail.
Also I'm having problem because I still received 401 Authentication error.

I attached 2 captures images from Postman and the text with the headers

    • Request Headers:
      • cache-control:"no-cache"
      • Postman-Token:"ee4772ce-908d-489b-a909-7469092c0120"
      • Authorization:"Signature keyId="504459e4-f5c4-4368-ba20-6968b335580f",algorithm="hmac-sha256",headers="(request-target) host date",signature="Qwdo6QHZyAXtcWvwN5igKrnSkbCNMPz4KKiOY6Q57Os=""
      • Date:"Wed, 03 May 2017 14:29:59 GMT"
      • Host:"rms-world-check-one-api-pilot.thomsonreuters.com"
      • User-Agent:"PostmanRuntime/3.0.11-hotfix.2"
      • Accept:"*/*"
      • accept-encoding:"gzip, deflate"
      • Response Headers:
        • authorization:"WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length"
        • date:"Wed, 03 May 2017 14:29:59 GMT"
        • server:"Apache-Coyote/1.1"
        • transfer-encoding:"chunked"
        • x-application-context:"bootstrap"

    Could you help me please I cant pass the first call.

    Thanks.


    1.png (47.4 KiB)
    2.png (50.0 KiB)
    icon clock
    10 |1500

    Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

    Click below to post an Idea Post Idea