World-Check One API - Get System Id API Call Issue
Any reason the query string pari in the url is not in the dataToSign as listed in the postman pre-requisit?
var dataToSign = "(request-target): get " + environment["gateway-url"] +
"caseReferences"+ "\n" +
"host: " + environment["gateway-host"] + "\n" +
"date: " + date;
The string "caseId=xxxxxxxx" is missing in the dataToSign list. Any idea? Thanks.
Answers
-
We see that there is a pattern to the pre-request scripts in the postman collection, APIs such as get systemId , check caseID in which we are deriving the information from case references and case identifiers don't require the query string in the URL to be listed in the dataToSign.
Let me check this with my team and get back to you with more information on this!
Regards,
Mehran Khan
API Technical Consultant
0 -
Hi @leon.liang ,
We investigated this and the only explanation I can think of is a general reason and knowing how it works, the optional and varied order of query params would have been a possible cause to not to include in the request signing,
For example, requests such as "Get System ID API", we are passing the caseId as part of query Param so there is no data signing in this scenario, whereas in API such as "Get the case template" I can see the "Case Template" being data signed when we are hitting the endpoint directly.
Hope this helps!
Regards,
Mehran Khan
API Technical Consultant
0 -
Thanks for the help Mehran, really appreciated!
To be honest, it looks more like a flaw to me if not a bug, and I see a number of questions raised by the client asking why that particular API request doesn't get processed, only later on found out the parameter part is included in the datatosign string. Also this can be a security issue when part of the message doesn't get hashed.
Hope this can be properly dealed with, and thanks!
0
Categories
- All Categories
- 6 AHS
- 37 Alpha
- 161 App Studio
- 4 Block Chain
- 4 Bot Platform
- 16 Connected Risk APIs
- 47 Data Fusion
- 30 Data Model Discovery
- 608 Datastream
- 1.3K DSS
- 577 Eikon COM
- 4.9K Eikon Data APIs
- 7 Electronic Trading
- Generic FIX
- 7 Local Bank Node API
- Trading API
- 2.7K Elektron
- 1.3K EMA
- 236 ETA
- 519 WebSocket API
- 33 FX Venues
- 10 FX Market Data
- 1 FX Post Trade
- 1 FX Trading - Matching
- 12 FX Trading – RFQ Maker
- 5 Intelligent Tagging
- 2 Legal One
- 20 Messenger Bot
- 2 Messenger Side by Side
- 9 ONESOURCE
- 7 Indirect Tax
- 59 Open Calais
- 264 Open PermID
- 39 Entity Search
- 2 Org ID
- PAM
- PAM - Logging
- 8.4K Private Comments
- 6 Product Insight
- Project Tracking
- ProView
- ProView Internal
- 20 RDMS
- 1.4K Refinitiv Data Platform
- 367 Refinitiv Data Platform Libraries
- 3 Refinitiv Due Diligence
- LSEG Due Diligence Portal API
- 3 Refinitiv Due Dilligence Centre
- Rose's Space
- 1.1K Screening
- 18 Qual-ID API
- 13 Screening Deployed
- 23 Screening Online
- 10 World-Check Customer Risk Screener
- 990 World-Check One
- 44 World-Check One Zero Footprint
- 45 Side by Side Integration API
- Test Space
- 3 Thomson One Smart
- 1.2K TR Internal
- Global Hackathon 2015
- 2 Specialists Who Code
- 10 TR Knowledge Graph
- 150 Transactions
- 142 REDI API
- 1.7K TREP APIs
- 4 CAT
- 21 DACS Station
- 117 Open DACS
- 1.1K RFA
- 103 UPA
- 172 TREP Infrastructure
- 224 TRKD
- 886 TRTH
- 5 Velocity Analytics
- 5 Wealth Management Web Services
- 59 Workspace SDK
- 9 Element Framework
- 5 Grid
- 13 World-Check Data File
- Yield Book Analytics
- 46 中文论坛