1

I am going to access the Riskscreen api to authenticate users. To test the api I have written a ruby code snippet to make sample POST call to get the number of tokens I have from the Riskscreen api.

My code is:

require 'uri'
require 'net/http'
require 'net/https'
require 'json'

@toSend = {}.to_json

uri = URI.parse("https://api.riskscreen.com/api/v1/user/tokens")
https = Net::HTTP.new(uri.host,uri.port)
https.use_ssl = true
https.verify_mode = OpenSSL::SSL::VERIFY_NONE
header = {'api-key': 'my api key','Content-Type': 'application/json', 'Accept': 'application/json'}
req = Net::HTTP::Post.new(uri.path, header)
req.body = "[ #{@toSend} ]"
res = https.request(req)


puts "------------"
puts "Response #{res.code} #{res.message}: #{res.body}"

But I am getting the following error:

Response 400 Bad Request

If I change the header line to 

header = {'api-key'=> 'my-api-key','Content-Type'=> 'application/json', 'Accept'=> 'application/json'}

then I am getting this error:

Response 401 Unauthorized

Sticking with this for a while. Please help me to sort out this.

Improve this question
6
  • Are you sure the request body is OK? Can you add a link to the API description? Commented Jan 30, 2018 at 7:11
  • Here it is: search.riskscreen.com/help/guide-api Commented Jan 30, 2018 at 7:12
  • This requires an account. Commented Jan 30, 2018 at 7:14
  • I have edited the post and have given the credentials. Please check. Commented Jan 30, 2018 at 7:16
  • 1
    I think you shouldn't share your private information to stackoverflow( username, password, api-key). It is risk. Commented Jan 30, 2018 at 7:19

2 Answers 2

Reset to default
2

Header's keys must be String instead of Symbol

header = {'api-key' => 'my api key','Content-Type' => 'application/json', 'Accept' => 'application/json'}

Another issue is net/http is capitalize header automatically, api-key -> Api-Key which cause Authorization Error on your server. One solution is to create new class to wrap api-key to prevent Ruby do that

class HeaderCaseSensitive < String
  def capitalize
    self
  end

  def split(*args)
    super.each do |str|
      HeaderCaseSensitive.new(str)
    end
  end

  def to_s
    self
  end
end

Then change header:

header = {HeaderCaseSensitive.new('api-key') => 'xxxx','Content-Type' => 'application/json', 'Accept' => 'application/json'}

To sum up, following code will work:

require 'uri'
require 'net/http'
require 'net/https'
require 'json'

class HeaderCaseSensitive < String
  def capitalize
    self
  end

  def split(*args)
    super.each do |str|
      HeaderCaseSensitive.new(str)
    end
  end

  def to_s
    self
  end
end

@toSend = {}.to_json

uri = URI.parse("https://api.riskscreen.com/api/v1/user/tokens")
https = Net::HTTP.new(uri.host,uri.port)
https.use_ssl = true
https.verify_mode = OpenSSL::SSL::VERIFY_NONE
header = {HeaderCaseSensitive.new('api-key') => 'xxx','Content-Type' => 'application/json', 'Accept' => 'application/json'}
https.set_debug_output($stdout)
req = Net::HTTP::Post.new(uri.path, header)
req.body = "[ #{@toSend} ]"


res = https.request(req)


puts "------------"
puts "Response #{res.code} #{res.message}: #{res.body}"
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

@Abhradip you should also contact RiskScreen and ask them to fix this on their side, as headers as not meant to be case-sensitive! You will also want to ask them to change your access token...
1

Can you try remove:

req.body = "[ #{@toSend} ]"

and replace by:

req.set_form_data({})
# or 
req.body = "{}"

Sorry, I'm not sure about that.

Improve this answer

3 Comments

@Abhradip 401 is different than 400, check if you authenticated properly and with correct api key.
There is no issue with api-key. It is working fine in POSTMAN
Sorry, I can't understand why it not work. I try set http.set_debug_output $stderr to see what Ruby request, api-key is included in header. I think you should contact Riskscreen support. Goodluck!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.