@kingsley,

Thank you for the response.

It appears the content length which is being calculated for the payload is incorrect.

{ "groupId":"5nzbfq98nr3g1ekclj7euibjk", "entityType": "INDIVIDUAL", "providerTypes": [ "WATCHLIST" ], "name": "putin", "secondaryFields":[], "customFields":[] } 

If the payload is passed in the above format, the content length should be - Content-Length: 161

{

"groupId":"{ {group-id}}",

"entityType": "INDIVIDUAL",

"providerTypes": [

"WATCHLIST"

],

"name": "putin",

"secondaryFields":[],

"customFields":[]

}

If the body is passed in the above format, then the content length should be - Content-Length: 176

You may use this link in order to reformat the request payload while using postman.

Also, if you are using non English characters in the request body, the payload needs to be UTF-8 encoded.

Please provide us the latest request and response header along with the request body, if the error exists after calculating the correct content-length.

@kingsley,

Can you please share the request and response headers along with the request body to investigate on the cause of Error 401?

You can access the headers via the console logs of the Postman. Use the shortcut ALT+CTRL+C on Windows native app.

Date: Tue, 26 May 2020 04:59:57 GMTContent-Type: application/jsonAuthorization: Signature keyId="XXXXXXXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="pP7vf94UneBDryaY/2mL7yy3GQRvlNBKWPIIe9WYMOA="Content-Length: 179User-Agent: PostmanRuntime/7.25.0Accept: */*Cache-Control: no-cachePostman-Token: b723614c-f3a0-4693-b936-6831c9c98028Host: rms-world-check-one-api-pilot.thomsonreuters.comAccept-Encoding: gzip, deflate, brConnection: keep-alive▶Request Body

{ "groupId":"5nzbfq98nr3g1ekclj7euibjk", "entityType": "INDIVIDUAL", "providerTypes": [ "WATCHLIST" ], "name": "putin", "secondaryFields":[], "customFields":[] }▶Response HeadersStrict-Transport-Security: max-age=15552000, includeSubdomainsAuthorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length"Transfer-Encoding: chunkedDate: Tue, 26 May 2020 04:59:57 GMTServer: ""

The content length is calculated dynamically with the following pre-request script on postman. Is there anything i need to change in this script?

function generateAuthHeader(dataToSign){

var hash = CryptoJS.HmacSHA256(dataToSign,environment["api-secret"]);

return hash.toString(CryptoJS.enc.Base64);

}

function isEnvValuePopulated(envVal) {

if (_.isEmpty(pm.environment.get(envVal))) {

pm.environment.set(envVal, "--REQUIRED-VALUE-MISSING--");

return false;

} else {

return true;

}

}

isEnvValuePopulated("group-id");

var date = new Date().toGMTString();

var content = request.data;

content = content.replace("{ {group-id}}", environment["group-id"]);

var contentLength = unescape(encodeURIComponent(content)).length;

var dataToSign = "(request-target): post " + environment["gateway-url"] + "cases/screeningRequest\n" +

"host: " + environment["gateway-host"] + "\n" +

"date: " + date + "\n" +

"content-type: " + environment["content"] +"\n" +

"content-length: " + contentLength + "\n" +

content;

var hmac = generateAuthHeader(dataToSign);

var authorisation = "Signature keyId=\"" + environment["api-key"] + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"" + hmac + "\"";

postman.setEnvironmentVariable("authorisation",authorisation);

postman.setEnvironmentVariable("currentDate",date);

postman.setEnvironmentVariable("contentLength",contentLength);

@kingsley,

No change is required in the postman pre-request script. Can you please try this link to re-format the payload and use the updated one to give it a re-try?

If this does not help, could you please try re-installing postman on your system and see if that helps?

I just re-installed postman and re-formatted the payload but it still doesn't work. It seems like this issue is specific to just my computer because I've seen this request work on other computers but not mine.
I'll get back to that later. But for now I'm trying to use a python script to connect to this endpoint.

This is the message

f"(request-target): post {fetch_metadata_key('gateway_url')} cases/screenRequest\nhost: {fetch_metadata_key('gateway_host')}\n date: {date}\n content-type: application/json\n content-length: {str(content_length)}\n{str(payload)}"

This is the HMAC algorithm

import hmac, hashlib, base64

def generate_auth_header(message):

message = bytes('Message', 'utf-8')

secret = bytes(fetch_metadata_key('api_secret'), 'utf-8')

signature = base64.b64encode(hmac.new(secret, message, digestmod=hashlib.sha256).digest())

return signature

I use this function to return the date in the right format

def get_time_format_GMT():

return datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT')

Then i concatenate the authorization header like this

authorization = f"Signature keyId=\"{fetch_metadata_key('aml_api_key')}\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"{hmac}\""

The cases/screeningRequest return 401. What am i missing with my implementation or do you have a sample python implementation of this authorization mechanism?