We are assisting a customer with World-Check One API onboarding. In the Excel Sheet for Technical Validation, there is a reference to “User Activity Monitoring (Enables the customer to create their own home-grown customized case manager)”

Could you confirm:

1. The exact meaning of this feature?
2. Which API endpoints support this functionality?

I was wondering if there is a full list of categories (with description will be better)?

We use Refinitiv to screen clients, and from our CRM system, back office officers might open screening results by client and resolve case hits (mark them positive or not relevant).

Now, we need to implement a new client risk level calculation process. If the client has positive cases (full match) after the WorldCheck screening, we need to increase their risk score.

To implement it correctly, we need to understand the whole business process. Can you please tell me, if it is possible to get the positive case from WorldCheck if it wasn't resolved from our side? If positive cases might be created only after we investigate the hit, we will save this information when sending a request to Refinitive to resolve the case. If it is possible to get a positive case without our investigation, we will call the screening results whenever we need to recalculate risk level.

Thank you!

As per section 4.1 of RFC-7235, when an HTTP server returns a 401 response, it must also return a WWW-Authenticate header :

A server generating a 401 (Unauthorized) response MUST send a 
WWW-Authenticate header field containing at least one challenge.

However, when the refinitiv server returns 401, it returns the following header :

Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length"

This is indeed an "Authorization" header, not a WWW-Authenticate, and it cannot be used to extract the signature challenge in a clean generic way.

As long as this header is returned (in place of "WWW-Authenticate"), the only way of generating a valid Authorization header on the client side is to use preemptive authorization.

This might be fine for code crafted especially to access the refinitiv server, but it won't work for generic code (gateways and/or proxies, etc...). For instance, we use a gateway that handles all authorization computing for different providers, and it cannot process refinitiv queries because of this issue.

Are you aware of this issue, and do you plan to fix this at some point ?

Thanks in advance.

One of our clients is testing API and is having issues and getting 401 errors, please see below:

we are using Powershell to “Invoke-WebRequest @params“. The params for one of the API calls that we are getting 401 Unauthorized errors on are below (this has been converted into json to display so it can be read easier). Please note that we have tried other calls which have all resulted in 401 as well. This code was working last week and has not been changed since.

{

    "Proxy":  http://proxy:8080,

    "Method":  "GET",

    "ProxyUseDefaultCredentials":  true,

    "Headers":  {

                    "Authorization":  "Signature keyId="***REMOVED***",algorithm="hmac-sha256",headers="(request-target): get /v2/reference/countries`nhost: api-worldcheck.refinitiv.com`ndate: Thu, 28 Nov 2024 14:07:12 GMT",signature="***REMOVED***"",

                    "Date":  "Thu, 28 Nov 2024 14:07:12 GMT"

                },

    "URI":  https://api-worldcheck.refinitiv.com/v2/reference/countries

}

If helpful, the headers within “Authorization” are:

(request-target): get /v2/reference/countries

host: api-worldcheck.refinitiv.com

date: Thu, 28 Nov 2024 14:07:12 GMT

let me know if you can support here,

I need to be able to download the PDF document of the match details report (different to the case level report). Is there an API available to support this?

Hi Team, I am getting CORS Error in Browser but its working fine in Postman. All the Headers are getting properly generated(Date, HMAC and Authorization) via my JavaScript Code. None of the Addons to by-pass the CORS are working for me. Can you please share the exact Headers which I need to attach in my requests in order to handle the CORS Error. Below are the exact error messages and attached are the screenshots.

In Chrome :

Access to fetch at 'https://api-worldcheck.refinitiv.com/v2/groups'; from origin 'XXX-XXX' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

In Firefox :

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api-worldcheck.refinitiv.com/v2/groups. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Output & Error_Firefox & Postman.png
Headers_Firefox & Postman.png

we are currently setting up the test access for the Word Check One API and in Postman every query (POST and GET) works fine.

We get problems when we try to set up POST requests via our own system (low code platform Appian). Get Requests work fine.

I have already cross-checked the different functions with the Postman results. We get exactly the same hash value and content-length as in Postman and also the date should fit (since the GET queries work with our date function as well).

Unfortunately Appian does not provide a meaningful error message.

Our Request Body looks like:

The result of this a!toJson Function is:

{"secondaryFields":[],"entityType":"INDIVIDUAL","customFields":[],"groupId":"5nzbfkc92gu61ekqd9g3h8mxk","providerTypes":["WATCHLIST"],"name":"Clinton"}

Exactly this result I already used as request body in Postman, it worked.

As header we used:

Date: GMT Value

Host: rms-world-check-one-api-pilot.thomsonreuters.com

Authorization: Appian Function (result below)

Content-Length: 151

Content-Type: application/json

As I mentioned before, the various functions yield exactly the same values as Postman, for example we get as a result of the Authorization function:

and in Postman we see the same signature value.

Does anyone have any idea what the problem might be or has anyone tried to connect to the WorldCheck API via Appian?

Thanks a lot for your help!!!

Here is our issue.

I have created an organization case with name 'GOOGLE' with provider as media_check

Screened the case

Now, retrieved the media results and marked all of them as reviewed

After that, I realised name should be modified to - 'AMAZON'

SO Used update API along with screening API to update the name for the same case

Now. Retrieved the media results - here no results were seen.

In the audi I could see noofnewresults is updayed but not noofresultstobereviewed value as it is still showing as zero. Shouldn't this be updated as well?

Can someone please let us know what is going on here?

here is my function which allows you to call api

 public async Task<T?> PostRequest<T>(Uri uri, string data)
        {
            using (HttpClient client = _clientFactory.CreateClient())
            {
                HttpMethod httpMethod = HttpMethod.Post;
                Encoding encoding = Encoding.UTF8;
                string contentType = "application/json";
                HttpRequestMessage httpRequest = new HttpRequestMessage(httpMethod, uri);
                Dictionary<string, string> headers = AuthHeadersBuilder.GenerateAuthHeaders(
                    apiKey,
                    apiSecret,
                    httpMethod.Method.ToLower(),
                    uri,
                    contentType,
                    data);
                foreach (KeyValuePair<string, string> header in headers)
                {
                    httpRequest.Headers.Add(header.Key, header.Value);
                }
                httpRequest.Content = new StringContent(data, encoding, contentType);
                httpRequest.Content.Headers.ContentType = MediaTypeHeaderValue.Parse(contentType);

                var response = client.SendAsync(httpRequest).Result;

                response.EnsureSuccessStatusCode();

                var jsonContent = await response.Content.ReadAsStringAsync();
                return JsonConvert.DeserializeObject<T?>(jsonContent);
            }
        }

and my body is :

{
    "groupId": "5jb6eq4nmdc41ihi4jaus2r156",
    "providerTypes": [
        "WATCHLIST"
    ],
    "nameTransposition": true,
    "caseScreeningState": {
        "WATCHLIST": "INITIAL"
    },
    "cases": [
        {
            "entityType": "ORGANISATION",
            "name": "SNCF Réseau",
            "secondaryFields": [
                {
                    "typeId": "SFCT_192",
                    "value": "FRA"
                },
                {
                    "typeId": "SFCT_6",
                    "value": "FRA"
                },
                {
                    "typeId": "SFCT_193",
                    "value": "FR-RCS"
                },
                {
                    "typeId": "SFCT_191",
                    "value": "412280737"
                }
            ]
        }
    ]
}

Do you have a solution ?

THANKS,

PRAK Billy

I would like to check what is the WC1 API answer of the following scenarii for Creating or updating a
case using a Case ID:

• Try to Create a case using a Case ID already used ?

• Update or rescreen a Case using a Case ID already used without
  providing any new information ?

• Update or rescreen a case using a Case ID already used but
  adding new filters ? For example adding Date of birth which you did not do for
  the first screening ? Do we keep the old results and flag them as False positive
  ? Override the case ? Will I see the change in the audit log ?

Thank you

Hello Everyone

I am writing to report a critical issue we are facing with one of your API endpoints - SEQ-case-mediacheck-metadata-articles, which is impacting our operational efficiency.

We utilize this endpoint to process hundreds of news articles daily in bulk, in alignment with the design and purpose of your API.
However, we are repeatedly encountering an error that significantly disrupts our workflow:

[{"error":"MEDIA_CHECK_CONTENT_RETRIEVAL_FAILED","cause":"Failed to retrieve Media-Check articles content."}]

Endpoint SEQ-case-mediacheck-metadata-articles
caseSystemId: 5jb7olliwan21ih6g6tb053cs
articleId: am2_newsroom_nNRArrt0rv|20240212T061309,264+0000|Icb309100c96d11eebca2995a2bf0a6e1


This error appears to be related to certain articles lacking content on your platform, leading to failed requests. The absence of content for these articles is causing delays in our screening processes, as we rely heavily on the API for our operations. We have observed that this issue is not isolated but recurring, affecting a substantial number of requests each day

caseId: 5jb7olliwan21ih6g6tb053cs

publicationDate: 2024-02-12

title: Rio's neighborhoods: do you know the origin of their names?

sourceName: NoticiasFinancieras - English

timestamp (our plataform): 2024-02-19 15:38:02.859

Our primary request is to seek your assistance in resolving this issue on your platform.
Could there be a way to bypass or handle the error 500 more gracefully when one or more articles lack content?

Thank you in advance for your attention and prompt response to this matter.
Please let us know if you require any additional information to investigate this situation

Sincerely,

André

-> https://api-worldcheck.refinitiv.com/v2/cases/screeningRequest

In other words: how to know that cases in the response of above endpoint will appear as "False" in the GUI?

I will appreciate any help regarding that.

When calling the ScreeningRequest API with a name containing accents, I'm having one time in two HTTP 400.

I'm doing the following when sending my request:

1. The content body is converted to UTF-8.
2. We calculate the length of the UTF-8 encoded content since UTF-8 payload length is different than the normal payload body.
3. We're using the normal payload/content body in the dataToSign variable.
4. Then we use the content length of the UTF-8 encoded in the dataToSign variable.
5. Next, we're sending the UTF-8 encoded content/payload in the API request.
6. At last, we send the content length of the UTF-8 encoded in the request header.

For instance with "Stéphane Bern", I'm having a result the first time, then the second time, I'm having an HTTP 400.

Here what I'm sending:

==> POST https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases/screeningRequest HTTP/1.1
- entity [Content-Type: application/json; charset=UTF-8,Content-Length: 185,Chunked: false]
- body : {"groupId":"ZZZ","entityType":"INDIVIDUAL","providerTypes":["WATCHLIST"],"name":"Stéphane Bern","secondaryFields":[{"typeId":"SFCT_1","value":"MALE"}]}
- headerGroup (request) : [Date: Thu, 23 Jan 2020 14:21:57 GMT, Authorization: Signature keyId="XXX",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="YYY", Content-Type: application/json]
- The answer : HttpResponseProxy{HTTP/1.1 400  [Transfer-Encoding: chunked, Date: Thu, 23 Jan 2020 14:12:22 GMT, X-Cnection: close, Server: ""] ResponseEntityProxy{[Chunked: true]}}

When the return is HTTP 200 :

==> POST https://rms-world-check-one-api-pilot.thomsonreuters.com/v1/cases/screeningRequest HTTP/1.1
- entity [Content-Type: application/json; charset=UTF-8,Content-Length: 185,Chunked: false]
- body : {"groupId":"ZZZ","entityType":"INDIVIDUAL","providerTypes":["WATCHLIST"],"name":"Stéphane Bern","secondaryFields":[{"typeId":"SFCT_1","value":"MALE"}]}
- headerGroup (request) : [Date: Thu, 23 Jan 2020 14:21:20 GMT, Authorization: Signature keyId="XXX",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length",signature="YYY", Content-Type: application/json]
- The answer : HttpResponseProxy{HTTP/1.1 200  [Cache-Control: no-cache, no-store, max-age=0, must-revalidate, Pragma: no-cache, Expires: 0, X-XSS-Protection: 1; mode=block, X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Date: Thu, 23 Jan 2020 14:13:57 GMT, Content-Type: application/json;charset=UTF-8, Transfer-Encoding: chunked, Server: ""] ResponseEntityProxy{[Content-Type: application/json;charset=UTF-8,Chunked: true]}}

Is there something I am missing?

When calling the SEQ-screen-sync-individual: Perform Synchronous Screening: Individual API with a name containing accents, I have a 401 UNAUTHORIZED but when I call WorldCheck directly with Postman, I have a result. Is there something special to check with the encoding? I tried to change the encoding of the POST body with

For instance, when calling for "Stéphane Bern", I have the unauthorized answer. But without the accent "é", I have a result. The result seems to be the same than the one made with Postman. Are they in all case?

Thanks.

I am integrating WC1 in my project. It is working fine on my local system. But when i am running the API on server it is giving Unauthorized 401 for start GET Group APi. Is there any reasons of it?

I'm looking on ongoing monitoring API, and can't understand some cases on PILOT version.

request:

POST https://api-worldcheck.refinitiv.com/v2/cases/ongoingScreeningUpdates
{
    "query": "updateDate>='1980-01-01T00:00:00Z'; (providerType=='WATCHLIST')",
    "pagination": {
        "currentPage": 1,
        "itemsPerPage": 250
    },
    "sort": [
        {
            "columnName": "updateDate",
            "order": "ASCENDING"
        }
    ]
}

Response:

{
    "query": "updateDate>='1980-01-01T00:00:00Z'; (providerType=='WATCHLIST')",
    "sort": [
        {
            "columnName": "updateDate",
            "order": "ASCENDING"
        }
    ],
    "totalResultCount": 26,
    "pagination": {
        "currentPage": 1,
        "itemsPerPage": 250,
        "totalItems": 26
    },
    "results": [
        {
            "caseSystemId": "5jb69uigfy7r1i99ggqdgkvmo",
            "updateDate": "2023-12-24T04:17:21.986Z",
            "numberOfNewResults": 0,
            "numberOfUpdatedResults": 1
        },
        {
            "caseSystemId": "5jb72ggl8ldk1i99g63lf8m2u",
            "updateDate": "2023-12-24T08:46:51.798Z",
            "numberOfNewResults": 0,
            "numberOfUpdatedResults": 1
        },
        {
            "caseSystemId": "5jb85z1vg5t31i99g3qr3ursx",
            "updateDate": "2023-12-24T14:52:08.702Z",
            "numberOfNewResults": 0,
            "numberOfUpdatedResults": 1
        },
        {
            "caseSystemId": "5jb81j8bx5zr1i7o7cq96pg2s",
            "updateDate": "2023-12-28T15:03:45.909Z",
            "numberOfNewResults": 1,
            "numberOfUpdatedResults": 0
        },
        {
            "caseSystemId": "5jb7szfj3b8f1i8cgpzneh6py",
            "updateDate": "2023-12-29T10:48:29.801Z",
            "numberOfNewResults": 1,
            "numberOfUpdatedResults": 0
        },
        {
            "caseSystemId": "5jb6cl602p9o1iafob4zxa98q",
            "updateDate": "2023-12-30T05:03:28.907Z",
            "numberOfNewResults": 1,
            "numberOfUpdatedResults": 0
        },
        {
            "caseSystemId": "5jb6h8vlzjju1i85edsrzi918",
            "updateDate": "2024-01-03T06:00:46.026Z",
            "numberOfNewResults": 0,
            "numberOfUpdatedResults": 1
        },
        {
            "caseSystemId": "5jb81j8bx5zr1i7o7cq96pg2s",
            "updateDate": "2024-01-03T15:15:53.556Z",
            "numberOfNewResults": 1,
            "numberOfUpdatedResults": 0
        },
        {
            "caseSystemId": "5jb6h8vlzjju1i85edsrzi918",
            "updateDate": "2024-01-04T06:08:49.028Z",
            "numberOfNewResults": 1,
            "numberOfUpdatedResults": 0
        },
        {
            "caseSystemId": "5jb81j8bx5zr1i7o7cq96pg2s",
            "updateDate": "2024-01-04T15:20:23.653Z",
            "numberOfNewResults": 3,
            "numberOfUpdatedResults": 0
        },
        {
            "caseSystemId": "5jb69io9rmjb1i8v40vw4o14r",
            "updateDate": "2024-01-07T04:24:41.571Z",
            "numberOfNewResults": 1,
            "numberOfUpdatedResults": 0
        },
        {
            "caseSystemId": "5jb7rk4pf6hn1i7o7a5iqf2r2",
            "updateDate": "2024-01-07T12:43:45.627Z",
            "numberOfNewResults": 1,
            "numberOfUpdatedResults": 0
        },
        {
            "caseSystemId": "5jb7szfj3b8f1i8cgpzneh6py",
            "updateDate": "2024-01-07T13:09:12.525Z",
            "numberOfNewResults": 1,
            "numberOfUpdatedResults": 0
        },
        {
            "caseSystemId": "5jb81j8bx5zr1i7o7cq96pg2s",
            "updateDate": "2024-01-07T14:31:54.422Z",
            "numberOfNewResults": 1,
            "numberOfUpdatedResults": 0
        },
        {
            "caseSystemId": "5jb81j8bx5zr1i7o7c0ls8qc8",
            "updateDate": "2024-01-07T14:32:03.974Z",
            "numberOfNewResults": 1,
            "numberOfUpdatedResults": 0
        },
        {
            "caseSystemId": "5jb7szfj3b8f1i8cgpzneh6py",
            "updateDate": "2024-01-09T13:11:48.139Z",
            "numberOfNewResults": 2,
            "numberOfUpdatedResults": 0
        },
        {
            "caseSystemId": "5jb6h8vlzjju1i85edsrzi918",
            "updateDate": "2024-01-10T05:55:54.601Z",
            "numberOfNewResults": 0,
            "numberOfUpdatedResults": 1
        },
        {
            "caseSystemId": "5jb6mk9lwv2n1i85edsrzkbkz",
            "updateDate": "2024-01-10T06:43:34.990Z",
            "numberOfNewResults": 0,
            "numberOfUpdatedResults": 1
        },
        {
            "caseSystemId": "5jb73puatur91iafr1ioe14n8",
            "updateDate": "2024-01-10T09:12:46.318Z",
            "numberOfNewResults": 1,
            "numberOfUpdatedResults": 0
        },
        {
            "caseSystemId": "5jb81j8bx5zr1i7o7cq96pg2s",
            "updateDate": "2024-01-10T12:14:03.859Z",
            "numberOfNewResults": 2,
            "numberOfUpdatedResults": 0
        },
        {
            "caseSystemId": "5jb6h8vlzjju1i85edsrzi918",
            "updateDate": "2024-01-11T05:48:28.780Z",
            "numberOfNewResults": 0,
            "numberOfUpdatedResults": 1
        },
        {
            "caseSystemId": "5jb6mk9lwv2n1i85edsrzkbkz",
            "updateDate": "2024-01-11T06:37:01.753Z",
            "numberOfNewResults": 0,
            "numberOfUpdatedResults": 1
        },
        {
            "caseSystemId": "5jb7szfj3b8f1i8cgpzneh6py",
            "updateDate": "2024-01-11T13:14:51.045Z",
            "numberOfNewResults": 1,
            "numberOfUpdatedResults": 0
        },
        {
            "caseSystemId": "5jb81j8bx5zr1i7o7cq96pg2s",
            "updateDate": "2024-01-12T17:59:45.665Z",
            "numberOfNewResults": 1,
            "numberOfUpdatedResults": 0
        },
        {
            "caseSystemId": "5jb6h8vlzjju1i85edsrzi918",
            "updateDate": "2024-01-15T01:42:47.322Z",
            "numberOfNewResults": 0,
            "numberOfUpdatedResults": 1
        },
        {
            "caseSystemId": "5jb7szfj3b8f1i8cgpzneh6py",
            "updateDate": "2024-01-16T14:46:35.287Z",
            "numberOfNewResults": 1,
            "numberOfUpdatedResults": 0
        }
    ]
}

In response I found cases which I didn't find in UI. For example caseId's:

5jb69uigfy7r1i99ggqdgkvmo, 5jb72ggl8ldk1i99g63lf8m2u

And I found caseId in UI, which I didn't find in response:

5jb783or6elt1i8cgpzneh3wv

Can you help me with this cases? On production everything is ok.

I want to know if there is an endpoint to upload a csv file and screen multiple cases.

When I checked posman collection I found only this endpoint

https://api-worldcheck.refinitiv.com/v2/cases/saveAndScreen

I'm trying to do a GET from SAP CPI to the following URL:

https://api-worldcheck.refinitiv.com/v2/groups

This is my Authorization Header:

Signature keyId="XXXXXXX",algorithm="hmac-sha256",headers="(request-target) host date",signature="E2dR0K72weeOlebzLuK7iIeSg6sb1p7rsy6Q8E4PvXI="

This is the error message:

HTTP operation failed invoking https://api-worldcheck.refinitiv.com/v2/groups with statusCode: 401

This is the Response Headers:

Authorization : WWW-Authenticate: ********

Connection : keep-alive

Content-Length : 0

Content-Security-Policy : default-src 'none'; frame-ancestors 'none'

Date : Mon, 18 Dec 2023 05:30:53 GMT

Strict-Transport-Security: max-age=15552000; includeSubDomains

X-Content-Type-Options : nosniff

X-Frame-Options : DENY

X-XSS-Protection : 1; mode=block

I would like to ask if you provide sanction screening on secuity/instrument level instead of entity level. For example, some sovereign bonds issued in the same country might be sanctioned and some others not. So, it's important to be able to screen them on bond level. Is there any service provided for this reason?

Thanks

429 The API client is making too many concurrent
requests, and some are being throttled. Throttled requests can be retried (with
an updated request Date and HTTP signature) after a short delay.

What is
the throttling threshold?. And what is the time period after which we should try
again in case we exceeded that threshold?.