For a deeper look into our World Check One API, look into:

Overview |  Quickstart |  Documentation |  Downloads

question

Upvotes
Accepted
1 1 1 0

(401) Unauthorized Screen a case API using c#

when calling the API from postman will execute without any problem but when calling it from C# code

I get the error "'The remote server returned an error: (401) Unauthorized.'"


string gatewayurl = "/v2/";

string gatewayhost = "rms-world-check-one-api-pilot.thomsonreuters.com";

// Here is where you enter your api keys


string requestendpoint = "https://rms-world-check-one-api-pilot.thomsonreuters.com/v2/cases/"+ caseid + "/screeningRequest";



// Assemble the POST request - NOTE every character including spaces have to be EXACT

// for the API server to decode the authorization signature

string dataToSign = "(request-target): post " + gatewayurl + "cases/" + caseid + "/screeningRequest\n" +

"host: " + gatewayhost + "\n" + // no https only the host name

"date: " + date; // GMT date as a string


Console.WriteLine("---api secret---");

Console.WriteLine(apisecret);

Console.WriteLine("---dataToSign---");

Console.WriteLine(dataToSign);

Console.WriteLine("string hmac = generateAuthHeader(dataToSign, apisecret);");

// The Request and API secret are now combined and encrypted

string hmac = generateAuthHeader(dataToSign, apisecret);


// Assemble the authorization string - This needs to match the dataToSign elements

// i.e. requires host date content-type content-length

//- NOTE every character including spaces have to be EXACT else decryption will fail with 401 Unauthorized

string authorisation = "Signature keyId=\"" + apikey + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"" + hmac + "\"";




Console.WriteLine("---Hmac---");

Console.WriteLine(hmac);

//Console.WriteLine(authorisation);


// Send the Request to the API server

HttpWebRequest WebReq = (HttpWebRequest)WebRequest.Create(requestendpoint);

// Set the Headers

WebReq.Method = "POST";

WebReq.Headers.Add("Authorization", authorisation);

WebReq.Headers.Add("Cache-Control", "no-cache");

// WebReq.ContentLength = msg.Length;

WebReq.Date = dateValue; // use datetime value GMT time

// Set the content type of the data being posted.

// WebReq.ContentType = "application/json";

// WebReq.ContentLength = byte1.Length;


Stream newStream = WebReq.GetRequestStream();

// newStream.Write(byte1, 0, byte1.Length);


// Get the Response - Status OK

HttpWebResponse WebResp = (HttpWebResponse)WebReq.GetResponse();




world-checkworld-check-one
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

1 Answer

Upvotes
Accepted
4.5k 4 7 8

@hitham.dawod0,

Thanks for your query.

Please see the observations below -

1. string requestendpoint = "https://rms-world-check-one-api-pilot.thomsonreuters.com/v2/cases/";+ caseid + "/screeningRequest"; - It will be caseSystemId instead of caseId

2. string dataToSign = "(request-target): post " + gatewayurl + "cases/" + caseid + "/screeningRequest\n" +

"host: " + gatewayhost + "\n" + // no https only the host name

"date: " + date; // GMT date as a string - It will be caseSystemId instead of caseId.

If you are still getting error 401 after making the above changes, please provide us the request and the response headers of the failed api call to investigate further.

Also, are getting a successful response after firing a GET Top level groups api call? Endpoint - /v2/groups

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 5.0 MiB each and 10.0 MiB total.

Get top level groups API is working fine , but the error still on the screen case


{Authorization: Signature keyId="1228dc0b-3c61-475e-a24b-9dd5d0257dfb",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="PLA0HWQDihY7gYM9hThW/WLURDP4hOZ4Gs8vNMZNJ8c="

Cache-Control: no-cache

Date: Wed, 03 Feb 2021 10:31:36 GMT

Content-Type: application/json

Host: rms-world-check-one-api-pilot.thomsonreuters.com

Content-Length: 0

Connection: Keep-Alive


}


response Headers {Strict-Transport-Security: max-age=15552000, includeSubdomains

Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length"

Transfer-Encoding: chunked

Date: Wed, 03 Feb 2021 10:31:39 GMT

Server: ""



@hitham.dawod0,

I have dropped you an email to have a quick call tomorrow. Can you please revert back to the email with a suitable time?

Click below to post an Idea Post Idea