Content Length Header already present

fjhumka
fjhumka
in World-Check One

Hi,

The url i'm using is: https://api-worldcheck.refinitiv.com/v2/cases/screeningRequest

And my header are:

Content-Type: application/json

Authorization: XXXXXX

Content-Length: 255

And the payload is:

{

"groupId": "5jb6nlmky7ma1fznxdeemjygm",

"entityType": "INDIVIDUAL",

"caseId": "",

"providerTypes": [

"WATCHLIST"

],

"name": "{
{issue.summary}}",

"nameTransposition": false,

"secondaryFields": [],

"customFields": []


}

However I am prompted with "Content Length Header already present" and if I remove this header, I am then prompted with error 401:

Date: Wed, 22 Sep 2021 02:39:17 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Strict-Transport-Security: max-age=15552000, includeSubdomains

Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length"


Any ideas?

Tagged:

Best Answer

  • Vivek Kumar Singh
    Vivek Kumar Singh
    Answer ✓

    Hi @fjhumka

    Please find the sample request:

    curl --location --request POST 'https://api-worldcheck.refinitiv.com/v2/cases/screeningRequest' \

    --header 'Date: Thu, 23 Sep 2021 07:27:59 GMT' \

    --header 'Content-Type: application/json' \

    --header 'Authorization: Signature keyId="YOUR API KEY",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="a3LucKET/dt9cTFc/WE6FVCIvEecxiPq1FsbceM8UgI="' \

    --header 'Content-Length: 101' \

    --data-raw '{

    "groupId": "5jb707er6nj51fj1qcpj7nz4z",

    "entityType": "INDIVIDUAL",

    "caseId": "",

    "providerTypes": [

    "WATCHLIST"

    ],

    "name": "John Smith",

    "nameTransposition": false,

    "secondaryFields": [],

    "customFields": []

    }'

    Also find the pre-scripts which will help you to generate the signature:


    function generateAuthHeader(dataToSign) {

    var hash = CryptoJS.HmacSHA256(dataToSign, environment["api-secret"]);

    return hash.toString(CryptoJS.enc.Base64);

    }


    function isEnvValuePopulated(envVal) {

    if (_.isEmpty(pm.environment.get(envVal))) {

    pm.environment.set(envVal, "--REQUIRED-VALUE-MISSING--");

    return false;

    } else {

    return true;

    }

    }


    isEnvValuePopulated("group-id");


    var date = new Date().toGMTString();

    var content = request.data;

    content = content.replace("{
    {group-id}}", environment["group-id"]);


    var contentLength = unescape(encodeURIComponent(content)).length;


    var dataToSign = "(request-target): post " + environment["gateway-url"] + "cases/screeningRequest\n" +

    "host: " + environment["gateway-host"] + "\n" +

    "date: " + date + "\n" +

    "content-type: " + environment["content"] + "\n" +

    "content-length: " + contentLength + "\n" +

    content;


    var hmac = generateAuthHeader(dataToSign);

    var authorisation = "Signature keyId=\"" + environment["api-key"] + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date content-type content-length\",signature=\"" + hmac + "\"";


    postman.setEnvironmentVariable("authorisation", authorisation);

    postman.setEnvironmentVariable("currentDate", date);

    postman.setEnvironmentVariable("contentLength", contentLength);

Answers

  • Vivek Kumar Singh
    Vivek Kumar Singh

    Hi @fjhumka

    Are you using the POSTMAN to initiate the API call, if yes, the we would request you to kindly delete the postman collection and environment settings and then re-import the collections & environment. Once done, please try initiating the API call again and let us know if issue persist.

  • fjhumka
    fjhumka

    Hi @Vivek Kumar Singh ,

    Thank you for your response.

    I am actually initiating the API call through a Web Request in JIRA.

    I am not too sure about the structure of the Authorization header though:

    Signature keyId="XXXXXXXXXXXXXXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="YYYYYYYYYYYYYYYYYYYYYYYYYYY"

    Regards

  • fjhumka
    fjhumka

    Hi @Vivek Kumar Singh

    Thank you very much for your response.

    This works fine in Postman.

    However I am trying to access WorkCheck One API through JIRA Web Request and I am prompted with the 401 error.

    It seems that the "Authorization" header of JIRA is not recognizing the format. Any idea of how to configure this?

    Response 401

    Headers (5)

    Date: Fri, 24 Sep 2021 04:54:55 GMT

    Transfer-Encoding: chunked

    Connection: keep-alive

    Strict-Transport-Security: max-age=15552000, includeSubdomains

    Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length"


    Request POST https://api-worldcheck.refinitiv.com/v2/cases/screeningRequest

    Headers (2)

    Authorization: Signature keyId="XXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="YYYYY"

    Content-Type: application/json

    Payload

    {

    "groupId": "5jb6nlmky7ma1fznxdeemjygm",

    "entityType": "INDIVIDUAL",

    "caseId": "",

    "providerTypes": [

    "WATCHLIST"

    ],

    "name": "",

    "nameTransposition": false,

    "secondaryFields": [],

    "customFields": []

    }


    Regards,

  • Vivek Kumar Singh
    Vivek Kumar Singh

    Hi @fjhumka

    Can you please help us with the actual Request headers & Response Headers along with the IP address. We need these details to troubleshoot further.

    Thanks

Categories