POST v1/cases/screeningRequest

suveer.singh

Hi

Receiving a 401 Unauthorised response on POST v1/cases/screeningRequest. I've successfully completed the request from POSTMAN, copied the date from the request and pasted into code to ensure request and signature generation are the same.

Please see requests below. This has been used only as a comparison :

//code

(request-target): post /v1/cases/screeningRequest host: rms-world-check-one-api-pilot.thomsonreuters.com date: Fri, 30 Aug 2019 08:57:10 GMT content-type: application/json content-length: 190 { "groupId":"0a3687cf-6c28-1107-9b0a-4d0000000141", "entityType": "INDIVIDUAL", "providerTypes": [ "WATCHLIST" ], "name": "putin", "secondaryFields":[], "customFields":[] }

Signature keyId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="YG7EWwddhf0vw3KmVH3Bp35kks85O9k0LtkyCDlcHlU="

//postman

(request-target): post /v1/cases/screeningRequest host: rms-world-check-one-api-pilot.thomsonreuters.com date: Fri, 30 Aug 2019 08:57:10 GMT content-type: application/json content-length: 190 { "groupId":"0a3687cf-6c28-1107-9b0a-4d0000000141", "entityType": "INDIVIDUAL", "providerTypes": [ "WATCHLIST" ], "name": "putin", "secondaryFields":[], "customFields":[] }

Signature keyId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="YG7EWwddhf0vw3KmVH3Bp35kks85O9k0LtkyCDlcHlU="

Based on the code above, the only value that changes when i send my request is the date. Copying the date between postman and code and modifying it by a minute yield the same result

suveer.singh

Finally found the issue, based on the request object having specific spaces in the content, turns out you cannot just serialize the content object into a json string and pass that through into the body. You literally have to build a string and pass that through. This is a rather unique solution

suveer.singh

Just an additional point. I have the following 3 API calls working :

1. /v1/groups
2. /v1/groups/{groupId}/caseTemplate
3. /v1/reference/countries

Irfan.Khan

@suveer.singh

Can you please provide me the below information so that I can investigate. Please send this is an attachment so that the format, indentation and spaces do not vary.

1. The output of the DataToSign Variable.

2. Authorization headers.

3. Date header value:

4. The complete URL that you are sending your request to.

Also, can you please provide the request headers and the response headers?

Irfan.Khan

It seems that your GET requests are being sent correctly. The issue is with the POST requests.

Irfan.Khan

@suveer.singh

As you have stated that you are able to send your GET requests correctly, can you please confirm if you are sending content-length and its value and content-type and its value as HTTP headers along with the other HTTP headers.

The format would be as follow:

Content-Length: "453" #the value would depend on the length of the content/payload

Content-Type: "application/json"

suveer.singh

@Irfan.Khan : Please find attached as requested

suveer.singh

@Irfan.Khan, any feedback on the above request?

suveer.singh

@Irfan.Khan, any feedback on the above request?

suveer.singh

attachment has been removed

_IT_Innovacion

Please! Can you share the solution?

I have the same error and I made the same test that you and the same comparison.

Thanks!

Irfan.Khan

@_IT_Innovacion Can you please raise a separate question on dev com Q&A so that I can assist you?