I am working on a WorldCheck One ZFS Zero Footprint Screening pilot. I dug through all of the emails, downloaded all of the documentation and Postman documents, and started writing some code to support the custom API authentication system and get data coming back.

I am able to call all of the following APIs perfectly fine with no trouble:

https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/reference/countries
https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/groups
https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/groups/5nzbfkcaflyi1en8ajboby9dh
https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/groups/5nzbfkcaflyi1en8ajboby9dh/caseTemplate

However, when I try to call this API for the ZFS (Zero Footprint Screening), it fails with a 403 Forbidden error:

https://zfs-world-check-one-api-pilot.thomsonreuters.com/v1/cases/screeningRequest

Can somebody check why the access to the ZFS API is blocked and help me fix it?

I am calling with the following request payload:

{
    "groupId": "5nzbfkcaflyi1en8ajboby9dh",
    "entityType": "ORGANISATION",
    "providerTypes": [
        "WATCHLIST"
    ],
    "name": "Google",
    "secondaryFields": [
        {
            "typeId": "SFCT_6",
            "value": "USA"
        }
    ]
}

I put some detailed debug logs below (sensitive items REDACTED):

2020-05-12 18:46:58,840: wc1.py: DEBUG: Starting new HTTPS connection (1): zfs-world-check-one-api-pilot.thomsonreuters.com:443
send: b'GET /v1/cases/screeningRequest HTTP/1.1\r\nUser-Agent: python-requests/2.23.0\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\nContent-Type: application/json\r\nContent-Length: 263\r\nDate: Wed, 13 May 2020 01:46:58 GMT\r\nDigest: SHA-256=M1UNMMXjI1XtanZ3vJhTV+zfpmnZoPm2kw6ag73ZrB0=\r\nHost: zfs-world-check-one-api-pilot.thomsonreuters.com\r\nAuthorization: Signature keyId="REDACTED",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length digest",signature="WMt8DcntgVDMcvr826d/MmKEpfXWM20SyAFN0I3CXAY="\r\n\r\n'
send: b'{\n    "groupId": "REDACTED",\n    "entityType": "ORGANISATION",\n    "providerTypes": [\n        "WATCHLIST"\n    ],\n    "name": "Google",\n    "secondaryFields": [\n        {\n            "typeId": "SFCT_6",\n            "value": "USA"\n        }\n    ]\n}'
reply: 'HTTP/1.1 403 Forbidden\r\n'
header: Server: CloudFront
header: Date: Wed, 13 May 2020 01:46:58 GMT
header: Content-Type: text/html
header: Content-Length: 915
header: Connection: keep-alive
header: X-Cache: Error from cloudfront
header: Via: 1.1 91eda795c3265b7a81caba456f5e9dd8.cloudfront.net (CloudFront)
header: X-Amz-Cf-Pop: SFO20-C1
header: X-Amz-Cf-Id: 9nQvEDJeKpEk6U0AcwXNmVnsrR6DmwLodL1AYkk10BH-mOrpaWgOuw==
2020-05-12 18:46:58,919: wc1.py: DEBUG: https://zfs-world-check-one-api-pilot.thomsonreuters.com:443 "GET /v1/cases/screeningRequest HTTP/1.1" 403 915
2020-05-12 18:46:58,920: wc1.py: INFO: status_code: 403, response:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Bad request.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: 9nQvEDJeKpEk6U0AcwXNmVnsrR6DmwLodL1AYkk10BH-mOrpaWgOuw==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>