Connecting to World Check-One, Integration using HTTP Connected system and using the hmacsha256hash function

Certified Associate Developer

I am able to connect to the External API with Postman using the API keys and API secrets and am successful.

But when I use the Integration object I get a this error.

This request requires authentication but does not specify the type of authentication expected HTTP/1.1 401 Unauthorized

We are trying to connect to World Check-One API and wondering if anyone else has ever connected to their API.

  Discussion posts and replies are publicly visible

Parents
  • Were you able to solve your issue with the authentication of WorldCheck One?

    I am facing a similar issue that the calls with Postman using the key and secret are working however when trying to call via Appian it fails.

    The HMAC-SHA256 computed value in Base64 (generated with hmacsha256bytehash function and the API secret) is not matching the same as Postman function computes for the exact same date and endpoint so there must be something I set wrong in the data to sign but I couldn't find out yet. So when calling the endpoint with Appian integration object I always get a HTTP/1.1 401 Unauthorized response.

    Any inputs / ideas / examples would be very helpful! Many thanks!

  • 0
    Certified Lead Developer
    in reply to olivierd388

    You have to make sure to use the exact same values in the headers and in the signature.

  • Thank you for your reply Stefan.

    Maybe I am missing something but from what I can see it is the case.

    This is what Postman is generating:

    Signature keyId="MyKey",algorithm="hmac-sha256",headers="(request-target) host date",signature="ankw++iPsrniyjoWbBh+5Th0hTbYfaPzdQCuq6v8DwA="

    Using Appian function and for the exact same timestamp (Thu, 04 Sep 2025 08:50:32 GMT) I get this:

    Signature keyId="MyKey",algorithm="hmac-sha256",headers="(request-target) host date",signature="KNVPqxRjfUtEuBURrnvPtsEg1kehB7A8CTRJ38Cn4VI="

    My expression looks like this:

    It must be something obvious but I can't find it.

    ----

    I progressed on that, now Postman and Appian are sending both the same signature and message. Postman get an 200 back and Appian still get an 401 Unauthorized back. Perhaps something with the timestamp?

Reply
  • Thank you for your reply Stefan.

    Maybe I am missing something but from what I can see it is the case.

    This is what Postman is generating:

    Signature keyId="MyKey",algorithm="hmac-sha256",headers="(request-target) host date",signature="ankw++iPsrniyjoWbBh+5Th0hTbYfaPzdQCuq6v8DwA="

    Using Appian function and for the exact same timestamp (Thu, 04 Sep 2025 08:50:32 GMT) I get this:

    Signature keyId="MyKey",algorithm="hmac-sha256",headers="(request-target) host date",signature="KNVPqxRjfUtEuBURrnvPtsEg1kehB7A8CTRJ38Cn4VI="

    My expression looks like this:

    It must be something obvious but I can't find it.

    ----

    I progressed on that, now Postman and Appian are sending both the same signature and message. Postman get an 200 back and Appian still get an 401 Unauthorized back. Perhaps something with the timestamp?

Children
No Data