SEQ-4a Post Screen a case get Error 401 Unauthorized

information
information
in World-Check One

Hi, Try to implement Screen a case like sample SEQ-4a. Post request get Error 401 Unauthorized. I find the sample authorisation header string does not contains content-type and content-length as described as in the Quick Start. My question is if this is the matter for the case. Please help. Thanks. John

Tagged:

Best Answer

  • brian.bourgault
    brian.bourgault
    Answer ✓

    Hi John,

    There are a number of reasons you may receive a 401 status. Note some of the PUT/POST requests do no have a body, hence do not require content length... I suggest, if possible, share the code you wrote that is not working...also note that one of your groups is setup as a Zero Footprint group and so screening a case will not be permitted in that group, use one of the other groups you've setup.

    Brian

Answers

  • information
    information

    Hi Brian,

    I use the postman default group id in the pilot environment.

    Please check the source code as below, for the function of “Save a simple case”

    // -----------------------

    procedure TForm2.btSaveasimplecaseClick(Sender: TObject);

    var

    response : string;

    RequestBody : TstringStream;

    tt : TBytes;

    dataToSign, strdatetime : string;

    thedate : tdatetime;

    const

    strbody='{ "entityType": "INDIVIDUAL", "groupId":"418f28a7-b9c9-4ae4-8530-819c61b1ca6c","providerTypes": ["WATCHLIST"], "name": "John Doe"}';

    strbaseurl='https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases';

    begin

    thedate:=now-(13/24); // get server time , the offset of the time different is 13 hours

    strdatetime:= formatdatetime('ddd, dd mmm yyyy hh:mm:ss "GMT"',thedate);

    edtdate.Text:=strdatetime; // display purpose – date string

    dataToSign:= '(request-target): post /v1/cases'+#10 +'host: rms-world-check-one-api-pilot.thomsonreuters.com' +#10+'date: '+strdatetime+#10+'content-type: application/json'+#10+'content-length: '+

    inttostr(length(strbody))+#10+strbody;

    msignstring.Lines.Text:=datatosign; // Sign string -- display purpose

    tt:=System.Hash.THashSHA2.GetHMACasBytes(dataToSign,APIsecret,SHA256);

    edtsignatures.text:=EncodeBase64(tt,length(tt)); // signature string - display purpose

    edtauth.Text:='Signature keyId="a4364e62-e58b-4b64-9c71-faead5417557",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="'+edtsignatures.text+'"'; // authorization string

    edit1.Text:=inttostr(length(strbody)); // content -length

    RequestBody := TStringStream.Create(strbody, TEncoding.UTF8);

    RequestBody.Position := 0;

    try

    IdHTTP1.Request.CustomHeaders.Clear;

    IdHTTP1.Request.Method:=Id_HTTPMethodPost;

    IdHTTP1.Request.ContentType := 'application/json';

    IdHTTP1.Request.CustomHeaders.AddValue('cache-control', 'no-cache');

    IdHTTP1.Request.CustomHeaders.AddValue('authorization',edtauth.Text);

    IdHTTP1.Request.CustomHeaders.AddValue('date', strdatetime);

    IdHTTP1.Request.CustomHeaders.AddValue('content-type', 'application/json');

    IdHTTP1.Request.CustomHeaders.AddValue('content-length', inttostr(length(strbody)));

    try

    IdHTTP1.Post(strbaseurl, RequestBody);

    except

    on e:EIdHTTPProtocolException do

    begin

    showmessage(e.ErrorMessage+' .. '+ e.Message );

    end;

    on e:exception do

    showmessage(e.Message);

    end;

    memo1.Lines.text:=IdHTTP1.ResponseText;

    finally

    RequestBody.Free;

    end;

    end;

    // --------------------- end of code ---------------

    Sign string:

    (request-target): post /v1/cases

    host: rms-world-check-one-api-pilot.thomsonreuters.com

    date: Mon, 09 Jan 2017 23:38:56 GMT

    content-type: application/json

    content-length: 130

    { "entityType": "INDIVIDUAL", "groupId":"418f28a7-b9c9-4ae4-8530-819c61b1ca6c","providerTypes": ["WATCHLIST"], "name": "John Doe"}


    Signature:

    QldTAT5loM20vBrFMBZg1ErrnYnrVtPcx+ZpxQKjkqo=

    Authorization:

    Signature keyId="a4364e62-e58b-4b64-9c71-faead5417557",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="QldTAT5loM20vBrFMBZg1ErrnYnrVtPcx+ZpxQKjkqo="

    Date:

    Sun, 08 Jan 2017 21:52:47 GMT

    Content Length:

    130

    Response:

    HTTP/1.1 400 Bad Request

    Any ideal? Thanks

  • information
    information

    Thanks Brian for the reply. I use the postman default group-id.

  • information
    information

    Hi, i have found the problem and got this issue resolved. Basically it is the the HTTP component bug does not stream string parameters in order. Also there is another reasons cause the body string not compatible with the REST server. Thanks a lot for the help. John

  • brian.bourgault
    brian.bourgault

    Consider watching:

    World-Check One API – Overview and Quick Start

Categories