For a deeper look into our World Check One API, look into:

Overview |  Quickstart |  Documentation |  Downloads

question

Upvotes
Accepted
5 4 2 6

World Check One API Case Screening 401 Unauthorized.

Hi,

Trying to call the initial screening method in C# but failed. So far I am able to call other GET and POST request like create case, retrieve results by case ID and retrieve profile so I believe the hash function should work.

Error message

The remote server returned an error: (401) Unauthorized.

Data to Sign

(request-target): post /v1/cases/0a3687cf-611f-1b89-9879-5ac3001512ed/screeningRequest
host: rms-world-check-one-api-pilot.thomsonreuters.com
date: Fri, 02 Mar 2018 07:07:56 GMT
content-type: application/json
content-length: 0

Authorization header

Signature keyId="0b9f66af-04f0-413f-aae7-b4ea74bf97db",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="buACKiUSn0QciQtpSL0bfdFXxGIy/txpL17Y9hb9dMM="

Appreciate for the help!

world-checkworld-check-onescreening
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvotes
Accepted
4.2k 7 5 6

Hello @cliff.ching ,

As the "SEQ-4a: Screen a case" calling the endpoint "screeningRequest" does not have a body in its request, so I think you should not include "content-type" and "content-length" in the "datatoSign" string object and in the authorization header.

I am writing a code snippet below. Can you please re code your script similar to the below snippet and let me know if it works.

string dataToSign = "(request-target): post " + gatewayurl + "groups\n" +  "host: " + gatewayhost + "\n" +  // no https only the host name 
 "date: " + date;  // GMT date as a string

     string hmac = generateAuthHeader(dataToSign, apisecret);
string authorisation = "Signature keyId=\"" + apikey + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" + hmac + "\"";

The WCI API post requests like "SEQ-2b: Save a very simple case" has a body and hence you should include "content-type" and "content-length" in both "data to sign" headers but not in "SEQ-4a: Screen a case".

For knowing what kind of data to send in which request, I strongly recommend you to install native Postman. Then download our Postman collections from the developer community "Download Section" and import it to Postman and fire APIs from it to understand how Postman sends data to the WC1 API. You can also generate the code in your preferred language in Postman which can help you to write better code to achieve your use case.

You can download Postman Collections from the link below. You have to use your dev com log in credentials to view the page.

https://developers.refinitiv.com/en/api-catalog/customer-and-third-party-screening/world-check-one-api/downloads

Kindly let me if your code is working after making the mentioned amendments.

Thanks,

Irfan Khan

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Upvotes
5 4 2 6

Works! Thanks a lot!

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Click below to post an Idea Post Idea