Checksums for DELETEs

For operations that do not permit a request payload, checksums can be specified in the request header. This applies to DELETEs and a small number of business action POSTs that do not permit request payloads.

The header key for a checksum is GW-Checksum. A checksum specified in the header applies only to the root resource.

Send a checksum in a request header using Postman

About this task

You can send checksums in request headers executed from Postman.

Procedure

  1. In Postman, start a new request by clicking the + to the right of the Launchpad tab.
  2. Specify authorization as appropriate.
  3. Add the checksum to the header.
    • In the first row of tabs (the one that starts with Params), click Headers.
    • Scroll to the bottom of the existing key/value list.
    • In the blank row at the bottom of the key/value list, enter the following:
      • KEY: GW-Checksum
      • VALUE: <checksum value>
  4. Enter the request operation and URL.
  5. Click Send.

Results

The response appears below the request. Depending on the checksum value provided, the response will either include a success code or an error message.

Tutorial: DELETE a note using checksums

This tutorial assumes you have set up your environment with Postman and the correct sample data set. For more information, see Tutorial: Set up your Postman environment.

In this tutorial, you will send calls as Amy Clinton (user name aclinton). In the base configuration, Amy Clinton is an underwriting supervisor who has permission to delete notes. As Amy Clinton, you will create a note. You will then attempt to DELETE the note twice. Both DELETEs will include a checksum value. The first DELETE will fail, and the second will succeed.

Tutorial steps

  1. In Postman, create an initial request by:
    1. Clicking the + to the right of the Launchpad tab.
    2. Specifying Basic Auth authorization using user aclinton and password gw.
  2. Enter the following call, but do not click Send yet:
    1. POST http://localhost:8180/pc/rest/common/v1/activities/pc:13/notes
  3. Specify the request payload.
    1. In the first row of tabs (the one that starts with Params), click Body.
    2. In the row of radio buttons, select raw.
    3. At the end of the row of radio buttons, change the drop-down list value from Text to JSON.
    4. Paste the following into the text field underneath the radio buttons. 
      {
  "data":
    {
      "attributes": {
        "body": "API tutorial note to be deleted with a checksum"
      }
    }
}
  4. Click Send. In the response payload, identify the note's id and checksum value.
  5. Create a second request by:
    1. Clicking the + to the right of the Launchpad tab.
    2. Specifying Basic Auth authorization using user aclinton and password gw.
  6. Enter the following call, but do not click Send yet:
    1. DELETE http://localhost:8180/pc/rest/common/v1/notes/<noteID>
  7. Add the checksum to the header
    1. In the first row of tabs (the one that starts with Params), click Headers.
    2. Scroll to the bottom of the existing key/value list.
    3. In the blank row at the bottom of the key/value list, enter the following:
      • KEY: GW-Checksum
      • VALUE: 99
  8. Click Send. The checksum value in the header does not match the checksum value for the note calculated by PolicyCenter. So, the DELETE is unsuccessful and an error message appears.
  9. Change the checksum value so that it matches the one from the POST payload.
  10. Click Send a second time. Now, the checksum value in the header matches the checksum value for the note calculated by PolicyCenter. So, the DELETE is successful.