For a deeper look into our World Check One API, look into:

Overview |  Quickstart |  Documentation |  Downloads

question

Upvotes
Accepted
3 1 1 3

Try to post a case but return 401 unauthorized response

I am working on the integration World Check One API call into the system. I am able to perform GET request for getting the groups, but unable to perform post and create new case.

I had tried to use Postman with provided WC1 Pilot environment to perform same API call and it able to create the case. I had followed the API sample for c# and it still gives me 401 unauthorized response.

Below is my post request header:

Data to sign:

(request-target): post /v1/cases host: rms-world-check-one-api-pilot.thomsonreuters.com date: Mon, 30 Apr 2018 09:15:07 GMT content-type: application/json content-length: 181 { "caseId": "GOLFLT", "entityType": "ORGANISATION", "groupId": "177a80e6-cfb5-4553-a9fc-a54f97b62198", "name": "Golf Ltd", "providerTypes": [ "WATCHLIST" ] }

Header:

Signature keyId="{key}",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="{signature}"

Endpoint:

https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases

world-checkworld-check-one
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvote
Accepted
4.2k 7 5 6

Hello @Pong,

Please make sure that the dataTosign has the below format:

(request-target): post /v1/cases

host: rms-world-check-one-api-pilot.thomsonreuters.com

date: Mon, 30 Apr 2018 09:15:07 GMT

content-type: application/json

content-length: 181

{ "caseId": "GOLFLT", "entityType": "ORGANISATION", "groupId": "177a80e6-cfb5-4553-a9fc-a54f97b62198", "name": "Golf Ltd", "providerTypes": [ "WATCHLIST" ] }

If you are sure that the HMAC signature you are generating is correct, then it has to be the content-length you are sending is incorrect, which is causing the error.

Kindly compare the Base64 encoded HMAC signature generated by your code to that of the one generated by Postman to know if your signature is correct. You can do this by executing your code first, then pick up the date header value from your code and paste in the pre request script of Postman to generate the HMAC (obviously the request will fail as the date header value is obsolete but you should get the same HMAC signature). Compare both to know if they match.

In order to check if you are sending the correct content-length, I suggest you to go to "Code" section of Postman and check the content length being generated by it.

How do you do this? Click on "Code" right below the Send button, this will open another window, select C# from the dropdown and check for the content-length there. This will also contain the entire code that is sent to WC1 API server when the Postman sends the API request. This will help you write the code correctly.

I used the same content to save the case using Postman and I found the content-length to be 151. Please check this.

Also, I notice that the group ID you have mentioned in your query is incorrect. Please use the correct group ID using the "SEQ-1a: Get my top-level groups"

Kindly let me know if you need further assistance on this.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Hi @Irfan.Khan ,

Yes, you are correct. I found out that my dataToSign string is not following the correct format and the content length is different compared to the one generated using Postman when sends the API request. Many thanks for the help.

Upvotes
32 4 6 11

Hello @Pong , @Irfan.Khan

Can you please tell me what was the issue or error in the dataToSign string. I am also facing same issue of "Not Authorized".

Thanks

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Click below to post an Idea Post Idea