For a deeper look into our World Check One API, look into:

Overview |  Quickstart |  Documentation |  Downloads

question

Upvotes
Accepted
1 0 0 1

Content Length Header already present

Hi,

The url i'm using is: https://api-worldcheck.refinitiv.com/v2/cases/screeningRequest

And my header are:

Content-Type: application/json

Authorization: XXXXXX

Content-Length: 255

And the payload is:

{

"groupId": "5jb6nlmky7ma1fznxdeemjygm",

"entityType": "INDIVIDUAL",

"caseId": "",

"providerTypes": [

"WATCHLIST"

],

"name": "{ {issue.summary}}",

"nameTransposition": false,

"secondaryFields": [],

"customFields": []


}

However I am prompted with "Content Length Header already present" and if I remove this header, I am then prompted with error 401:

Date: Wed, 22 Sep 2021 02:39:17 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Strict-Transport-Security: max-age=15552000, includeSubdomains

Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length"


Any ideas?

world-checkworld-check-onejson-payload
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvotes
Accepted
811 4 0 1

Hi @fjhumka

Please find the sample request:

curl --location --request POST 'https://api-worldcheck.refinitiv.com/v2/cases/screeningRequest' \

--header 'Date: Thu, 23 Sep 2021 07:27:59 GMT' \

--header 'Content-Type: application/json' \

--header 'Authorization: Signature keyId="YOUR API KEY",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="a3LucKET/dt9cTFc/WE6FVCIvEecxiPq1FsbceM8UgI="' \

--header 'Content-Length: 101' \

--data-raw '{

"groupId": "5jb707er6nj51fj1qcpj7nz4z",

"entityType": "INDIVIDUAL",

"caseId": "",

"providerTypes": [

"WATCHLIST"

],

"name": "John Smith",

"nameTransposition": false,

"secondaryFields": [],

"customFields": []

}'

Also find the pre-scripts which will help you to generate the signature:


function generateAuthHeader(dataToSign) {

var hash = CryptoJS.HmacSHA256(dataToSign, environment["api-secret"]);

return hash.toString(CryptoJS.enc.Base64);

}


function isEnvValuePopulated(envVal) {

if (_.isEmpty(pm.environment.get(envVal))) {

pm.environment.set(envVal, "--REQUIRED-VALUE-MISSING--");

return false;

} else {

return true;

}

}


isEnvValuePopulated("group-id");


var date = new Date().toGMTString();

var content = request.data;

content = content.replace("{ {group-id}}", environment["group-id"]);


var contentLength = unescape(encodeURIComponent(content)).length;


var dataToSign = "(request-target): post " + environment["gateway-url"] + "cases/screeningRequest\n" +

"host: " + environment["gateway-host"] + "\n" +

"date: " + date + "\n" +

"content-type: " + environment["content"] + "\n" +

"content-length: " + contentLength + "\n" +

content;


var hmac = generateAuthHeader(dataToSign);

var authorisation = "Signature keyId=\"" + environment["api-key"] + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"" + hmac + "\"";


postman.setEnvironmentVariable("authorisation", authorisation);

postman.setEnvironmentVariable("currentDate", date);

postman.setEnvironmentVariable("contentLength", contentLength);

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvotes
811 4 0 1

Hi @fjhumka

Are you using the POSTMAN to initiate the API call, if yes, the we would request you to kindly delete the postman collection and environment settings and then re-import the collections & environment. Once done, please try initiating the API call again and let us know if issue persist.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvotes
1 0 0 1

Hi @Vivek Kumar Singh ,

Thank you for your response.

I am actually initiating the API call through a Web Request in JIRA.

I am not too sure about the structure of the Authorization header though:

Signature keyId="XXXXXXXXXXXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="YYYYYYYYYYYYYYYYYYYYYYYYYYY"

Regards

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvotes
1 0 0 1

Hi @Vivek Kumar Singh

Thank you very much for your response.

This works fine in Postman.

However I am trying to access WorkCheck One API through JIRA Web Request and I am prompted with the 401 error.

It seems that the "Authorization" header of JIRA is not recognizing the format. Any idea of how to configure this?

Response 401

Headers (5)

Date: Fri, 24 Sep 2021 04:54:55 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Strict-Transport-Security: max-age=15552000, includeSubdomains

Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length"


Request POST https://api-worldcheck.refinitiv.com/v2/cases/screeningRequest

Headers (2)

Authorization: Signature keyId="XXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="YYYYY"

Content-Type: application/json

Payload

{

"groupId": "5jb6nlmky7ma1fznxdeemjygm",

"entityType": "INDIVIDUAL",

"caseId": "",

"providerTypes": [

"WATCHLIST"

],

"name": "",

"nameTransposition": false,

"secondaryFields": [],

"customFields": []

}


Regards,

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvotes
811 4 0 1

Hi @fjhumka

Can you please help us with the actual Request headers & Response Headers along with the IP address. We need these details to troubleshoot further.

Thanks

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Click below to post an Idea Post Idea