I am getting 401 error, unauthorised issue. What may be the reason?

pmahamunee

I am trying to fetch Groups in Salesforce Apex class. but I am getting Status code 401 "Status=Unauthorized" issue.

public class WorldCheckScreening_Sync_v2 { public WorldCheckScreening_Sync_v2() { string gatewayurl = '/v1/'; string gatewayhost = 'rms-world-check-one-api-pilot.thomsonreuters.com'; string apikey = 'XXXXXXXXXXXXXXXXXXXXXXXXX'; string apisecret = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; string requestendpoint = 'https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/groups'; String formattedTimestamp = Datetime.now().formatGMT('EEE, dd MMM yyyy HH:mm:ss z'); string dataToSign = '(request-target): get ' + gatewayurl + 'groups\n' + 'host: ' + gatewayhost + '\ndate: ' + formattedTimestamp; String strhmac = generateAuthHeader(dataToSign,apisecret); String authorisation = 'Signature keyId="' + apiKey + '",algorithm="hmac-sha256",headers="(request-target) host date",signature="' + strhmac + '"'; HttpRequest req = new HttpRequest(); req.setEndpoint(requestendpoint); req.setMethod('GET'); req.setHeader('Authorization',authorisation); req.setHeader('Cache-Control', 'no-cache'); Http http = new Http(); HTTPResponse res = http.send(req); system.debug(res); } public string generateAuthHeader(string dataToSign, string apisecret) { return EncodingUtil.base64Encode(Crypto.generateMac('HmacSHA256', Blob.valueOf(dataToSign), Blob.valueOf(apiSecret))); } }

Can you please help me here?

Mehran.Ahmed Khan

@be3ce971-7473-4458-acda-0194c4c65725

Thanks for providing me the request response.

The dateTime value in the request header and the dateTime in the response header is different, when the difference is greater than 30s you get a 401, in your case, it is about 3mins that is the reason why you see a 401.

Kindly ensure a correctly synchronized clock is used to generate request timestamps.

Make sure that the date header value that you're sending is in sync with the NTP or the GMT clock for the API call to succeed. The difference with the API clock time shouldn’t be >30s.

Mehran.Ahmed Khan

@be3ce971-7473-4458-acda-0194c4c65725

Hi,

401 errors occur because the request has failed an authorization check. This can happen for a variety of reasons, such as

a) An invalid or expired API key,

b)An invalid HMAC signature.

c) Request timing issue/problem with the Date header value. The API client should ensure a correctly synchronized clock is used to generate request timestamps.

d)Incorrect JSON payload formation at your end will get you a 401 response.

Can you please reproduce the issue on postman and share the request & response from the postman console logs so that I can look into this further?

Regards,

Mehran Khan

API Technical Consultant | World-Check One

pmahamunee

Hello Mehran,

Please see below Request and Response captured from "Rest Webservice Client". Unfortunately due to some reason I am not able to install Postman extension on my machine. I hope this will help you to check and help me.

Also how I can validate my API Key and API Secret? Please suggest.

REQUEST:

GET https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/groups
Accept: application/json
Authorization: Signature keyId="b8dc734b-3d64-488c-80eb-37f982d55a4f",algorithm="hmac-sha256",headers="(request-target) host date",signature="eHU0bDOS+51W8O8zj30k6q9n9Ixq8+HDNRb/zyHvzLs="
Cache-Control: no-cache
Date: Tue, 29 Jan 2019 14:32:37 GMT

RESPONSE:

401, Unauthorized
date: Tue, 29 Jan 2019 14:35:45 GMT
server: ""
authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length
transfer-encoding: chunked
x-application-context: application

Time taken (in milliseconds): 293