Keep getting 401 in zero footprint synchronous screening api hit through postman

vijay23

I am following this documentation: https://developers.thomsonreuters.com/customer-and-third-party-screening/world-check-one-zero-footprint-screening-api/quick-start

Able to find the groupId from first step. But Step 2 for entity screen keeps giving me 401 error

Mehran.Ahmed Khan

As confirmed on the meeting , this issue has been resolved by downloading the correct postman collection of World-Check One API

vijay23

My request looks like this:

curl -X POST \
https://zfs-world-check-one-api-pilot.thomsonreuters.com/v1/cases/screeningRequest \
  -H 'Authorization: Signature keyId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="xxxxxxx"' \
  -H 'Content-Length: 174' \
  -H 'Content-Type: application/json' \
  -H 'Date: Mon, 11 Feb 2019 06:22:35 GMT' \
  -H 'cache-control: no-cache' \
  -d '{
  "groupId":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "entityType": "INDIVIDUAL",
  "providerTypes": [
    "WATCHLIST"
  ],
  "name": "John Smith",
  "secondaryFields":[]
}'

Mehran.Ahmed Khan

@vijay23

Can you please provide me with the response headers as well?

Also, Can you please mention the date when you received the API key & Secret to ZFS pilot instance?

Regards,

Mehran Khan

vijay23

API key and secret were received on 1st Feb.

Request from postman console:

POST /v1/cases/screeningRequest
Date: Mon, 11 Feb 2019 07:37:01 GMT
Content-Type: application/json
Authorization: Signature keyId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="xxxxxxx="
Content-Length: 174
cache-control: no-cache
Postman-Token: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
User-Agent: PostmanRuntime/7.6.0
Accept: */*
Host: zfs-world-check-one-api-pilot.thomsonreuters.com
accept-encoding: gzip, deflate

{ "groupId":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "entityType": "INDIVIDUAL", "providerTypes": [ "WATCHLIST" ], "name": "John Smith", "secondaryFields":[] }

Response from postman console:

HTTP/1.1 401
status: 401
Content-Type: application/json
Content-Length: 2
Connection: keep-alive
Date: Mon, 11 Feb 2019 07:37:02 GMT
x-amzn-RequestId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
x-amzn-ErrorType: AccessDeniedException
x-amz-apigw-id: xxxxxx
X-Cache: Error from cloudfront
Via: 1.1 7a9b0a23f7c6fe6c2e662de66ef2e630.cloudfront.net (CloudFront)
X-Amz-Cf-Id: xxxxxx

[]

Mehran.Ahmed Khan

@vijay23

Hi ,

After further investigation i found that the syfe is subscribed to the World-Check One API access and not World-Check One Zero Footprint, can you please replace the host to rms-world-check-one-api-pilot.thomsonreuters.com and retry the request ?

Regards,

Mehran Khan

vijay23

@Mehran.Ahmed Khan Still getting 401. Postman console log of new request shared below:

POST /v1/cases/screeningRequest
Date: Tue, 12 Feb 2019 04:36:38 GMT
Content-Type: application/json
Authorization: Signature keyId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="xxxxxxxx"
Content-Length: 174
cache-control: no-cache
User-Agent: PostmanRuntime/7.6.0
Accept: */*
Host: rms-world-check-one-api-pilot.thomsonreuters.com
accept-encoding: gzip, deflate


{ "groupId":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "entityType": "INDIVIDUAL", "providerTypes": [ "WATCHLIST" ], "name": "John Smith", "secondaryFields":[] }


HTTP/1.1 401
status: 401
X-Application-Context: application
Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length
Transfer-Encoding: chunked
Date: Tue, 12 Feb 2019 04:36:38 GMT
Server: ""

Mehran.Ahmed Khan

@vijay23

Hi,

I am investigating this further , let me get back to you shortly.

Regards,

Mehran Khan

Mehran.Ahmed Khan

@vijay23

Hi,

I tried to screen the entity mentioned above using your account and I successfully screened the entity, below are the request and response for the same, I would like to have a screen sharing session with you tomorrow, let me know the feasible time so that we can sort this issue for you at the earliest. I would like to verify the HMAC generated at your end.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

• • Request Headers:
    • Date:"Tue, 12 Feb 2019 08:09:08 GMT"
    • Content-Type:"application/json"
    • Authorization:"Signature keyId="****************************",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="********************************************""
    • Content-Length:"169"
    • cache-control:"no-cache"
    • Postman-Token:"638e0f5d-1d03-4870-95d2-1eac8d655e42"
    • User-Agent:"PostmanRuntime/7.6.0"
    • Accept:"*/*"
    • Host:"rms-world-check-one-api-pilot.thomsonreuters.com"
    • accept-encoding:"gzip, deflate"

• • Request Body:

• • Response Headers:
    • X-Application-Context:"application"
    • Cache-Control:"no-cache, no-store, max-age=0, must-revalidate"
    • Pragma:"no-cache"
    • Expires:"0"
    • X-XSS-Protection:"1; mode=block"
    • X-Frame-Options:"DENY"
    • X-Content-Type-Options:"nosniff"
    • Date:"Tue, 12 Feb 2019 08:09:19 GMT"
    • Content-Type:"application/json;charset=UTF-8"
    • Transfer-Encoding:"chunked"
    • Server:""""

• Response Body:
  • caseId:"d8e5982c-fe83-4c86-8939-9b89a94*****"
  • results

• XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

vijay23

@Mehran.Ahmed Khan Sure, I am available anytime between 11 AM IST to 3 PM IST tomorrow. Let me know what time suits you best. Let me know your email id or email me on the id associated with this account for scheduling a call.

Mehran.Ahmed Khan

@vijay23

Hi,

I have sent out the meeting invite for 1PM IST as requested.

Regards,

Mehran Khan