Status Code 401 when trying to do a GET on the /v2/groups endpoint

daniel.hokama.nahas
daniel.hokama.nahas
in World-Check One

Hi All,


I'm trying to do a GET from SAP CPI to the following URL:

https://api-worldcheck.refinitiv.com/v2/groups


This is my Authorization Header:

Signature keyId="XXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date",signature="E2dR0K72weeOlebzLuK7iIeSg6sb1p7rsy6Q8E4PvXI="


This is the error message:

HTTP operation failed invoking https://api-worldcheck.refinitiv.com/v2/groups with statusCode: 401


This is the Response Headers:

Authorization : WWW-Authenticate: ********

Connection : keep-alive

Content-Length : 0

Content-Security-Policy : default-src 'none'; frame-ancestors 'none'

Date : Mon, 18 Dec 2023 05:30:53 GMT

Strict-Transport-Security: max-age=15552000; includeSubDomains

X-Content-Type-Options : nosniff

X-Frame-Options : DENY

X-XSS-Protection : 1; mode=block

Tagged:

Best Answer

Answers

  • anisetti.saikiranreddy01
    anisetti.saikiranreddy01

    Hi @daniel.hokama.nahas ,

    Thanks for reaching out to us!

    If the request has failed with 401. This can happen for a variety of reasons, such as:

    1. An invalid API key/ API secret,
    2. An invalid HMAC signature.
    3. Request timing issue/problem with the Date header value. The API client should ensure a correctly synchronized clock is used to generate request timestamps.

    Moreover, can you please share with us more information of the request headers and the response headers of the failed API requests to my email address directly anisetti.saikiranreddy@lseg.com so that we can investigate this further.


    Thanks

    Sai

  • anisetti.saikiranreddy01
    anisetti.saikiranreddy01

    Hi @daniel.hokama.nahas,

    Moreover, I've verified the logs on our side for the failed API request mentioned above. I can see the hmac signature sent is different than that you have pasted above, can you please verify whether the hmac is being generated correctly and the same value is being sent in the authorization header.

    1702892233406.png


    Thanks

    Sai

  • daniel.hokama.nahas
    daniel.hokama.nahas

    Hello Sai,


    Just did another test right now.


    Please check my Request Header:


    Authorization: Signature keyId="xxxxxxxx",algorithm="hmac-sha256",headers="(request-target) host date",signature="jy8o0nOu0/7LkaR4PooxCBxK5H/fkQDkbM0FEd5f+is="

    content-type: application/json

    date: Mon, 18 Dec 2023 17:00:49 GMT



    This is the Response Header:


    Authorization : WWW-Authenticate: ********

    Connection : keep-alive

    Content-Length : 0

    Content-Security-Policy : default-src 'none'; frame-ancestors 'none'

    Date : Mon, 18 Dec 2023 17:00:49 GMT

    Strict-Transport-Security: max-age=15552000; includeSubDomains

    X-Content-Type-Options : nosniff

    X-Frame-Options : DENY

    X-XSS-Protection : 1; mode=block


    Thank you.

Categories