(Classic ASP) ING Open Banking OAuth2 Client Credentials

Demonstrates how to get an access token for the ING Open Banking APIs using client credentials.

Note: This example requires Chilkat v11.0.0 or greater.

For more information, see https://developer.ing.com/openbanking/get-started/openbanking

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
success = 0

' This example requires the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.

set cert = Server.CreateObject("Chilkat.Cert")
success = cert.LoadFromFile("qa_data/certs_and_keys/ING/example_client_tls.cer")
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( cert.LastErrorText) & "</pre>"
    Response.End
End If

set bdPrivKey = Server.CreateObject("Chilkat.BinData")
success = bdPrivKey.LoadFile("qa_data/certs_and_keys/ING/example_client_tls.key")
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( "Failed to load example_client_tls.key") & "</pre>"
    Response.End
End If

' The OAuth 2.0 client_id for these certificates is e77d776b-90af-4684-bebc-521e5b2614dd. 
' Please note down this client_id since you will need it in the next steps to call the API.

set privKey = Server.CreateObject("Chilkat.PrivateKey")
success = privKey.LoadAnyFormat(bdPrivKey,"")
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( privKey.LastErrorText) & "</pre>"
    Response.End
End If

' Associate the private key with the certificate.
success = cert.SetPrivateKey(privKey)
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( cert.LastErrorText) & "</pre>"
    Response.End
End If

set http = Server.CreateObject("Chilkat.Http")

success = http.SetSslClientCert(cert)
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( http.LastErrorText) & "</pre>"
    Response.End
End If

' Calculate the Digest and add the "Digest" header.  Do the equivalent of this:
' payload="grant_type=client_credentials"
' payloadDigest=`echo -n "$payload" | openssl dgst -binary -sha256 | openssl base64`
' digest=SHA-256=$payloadDigest
set crypt = Server.CreateObject("Chilkat.Crypt2")
crypt.HashAlgorithm = "SHA256"
crypt.EncodingMode = "base64"
payload = "grant_type=client_credentials"
payloadDigest = crypt.HashStringENC(payload)

' Calculate the current date/time and add the Date header.  
' reqDate=$(LC_TIME=en_US.UTF-8 date -u "+%a, %d %b %Y %H:%M:%S GMT")  
set dt = Server.CreateObject("Chilkat.CkDateTime")
success = dt.SetFromCurrentSystemTime()
' The desire date/time format is the "RFC822" format.
http.SetRequestHeader "Date",dt.GetAsRfc822(0)

' Calculate signature for signing your request
' Duplicate the following code:

' 	httpMethod="post"
' 	reqPath="/oauth2/token"
' 	signingString="(request-target): $httpMethod $reqPath
' 	date: $reqDate
' 	digest: $digest"
' 	signature=`printf "$signingString" | openssl dgst -sha256 -sign "${certPath}example_client_signing.key" -passin "pass:changeit" | openssl base64 -A`

httpMethod = "POST"
reqPath = "/oauth2/token"

set sbStringToSign = Server.CreateObject("Chilkat.StringBuilder")
success = sbStringToSign.Append("(request-target): ")
success = sbStringToSign.Append(httpMethod)
success = sbStringToSign.ToLowercase()
success = sbStringToSign.Append(" ")
success = sbStringToSign.AppendLine(reqPath,0)

success = sbStringToSign.Append("date: ")
success = sbStringToSign.AppendLine(dt.GetAsRfc822(0),0)

success = sbStringToSign.Append("digest: SHA-256=")
success = sbStringToSign.Append(payloadDigest)

set signingPrivKey = Server.CreateObject("Chilkat.PrivateKey")
success = signingPrivKey.LoadPemFile("qa_data/certs_and_keys/ING/example_client_signing.key")
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( signingPrivKey.LastErrorText) & "</pre>"
    Response.End
End If

set rsa = Server.CreateObject("Chilkat.Rsa")
success = rsa.UsePrivateKey(signingPrivKey)
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( rsa.LastErrorText) & "</pre>"
    Response.End
End If

rsa.EncodingMode = "base64"
b64Signature = rsa.SignStringENC(sbStringToSign.GetAsString(),"SHA256")

set sbAuthHdrVal = Server.CreateObject("Chilkat.StringBuilder")
success = sbAuthHdrVal.Append("Signature keyId=""e77d776b-90af-4684-bebc-521e5b2614dd"",")
success = sbAuthHdrVal.Append("algorithm=""rsa-sha256"",")
success = sbAuthHdrVal.Append("headers=""(request-target) date digest"",")
success = sbAuthHdrVal.Append("signature=""")
success = sbAuthHdrVal.Append(b64Signature)
success = sbAuthHdrVal.Append("""")

set sbDigestHdrVal = Server.CreateObject("Chilkat.StringBuilder")
success = sbDigestHdrVal.Append("SHA-256=")
success = sbDigestHdrVal.Append(payloadDigest)

' Do the following CURL statement:

' 	curl -i -X POST "${httpHost}${reqPath}" \
' 	-H 'Accept: application/json' \
' 	-H 'Content-Type: application/x-www-form-urlencoded' \
' 	-H "Digest: ${digest}" \
' 	-H "Date: ${reqDate}" \
' 	-H "authorization: Signature keyId=\"$keyId\",algorithm=\"rsa-sha256\",headers=\"(request-target) date digest\",signature=\"$signature\"" \
' 	-d "${payload}" \
' 	--cert "${certPath}tlsCert.crt" \
' 	--key "${certPath}tlsCert.key"

set req = Server.CreateObject("Chilkat.HttpRequest")
req.AddParam "grant_type","client_credentials"
req.AddHeader "Accept","application/json"
req.AddHeader "Date",dt.GetAsRfc822(0)
req.AddHeader "Digest",sbDigestHdrVal.GetAsString()
req.AddHeader "Authorization",sbAuthHdrVal.GetAsString()

req.HttpVerb = "POST"
req.ContentType = "application/x-www-form-urlencoded"

set resp = Server.CreateObject("Chilkat.HttpResponse")
success = http.HttpReq("https://api.sandbox.ing.com/oauth2/token",req,resp)
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( http.LastErrorText) & "</pre>"
    Response.End
End If

' If successful, the status code = 200
Response.Write "<pre>" & Server.HTMLEncode( "Response Status Code: " & resp.StatusCode) & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( resp.BodyStr) & "</pre>"

set json = Server.CreateObject("Chilkat.JsonObject")
success = json.Load(resp.BodyStr)

json.EmitCompact = 0
Response.Write "<pre>" & Server.HTMLEncode( json.Emit()) & "</pre>"

' A successful response contains an access token such as:
' {
'   "access_token": "eyJhbGc ... bxI_SoPOBH9xmoM",
'   "expires_in": 905,
'   "scope": "payment-requests:view payment-requests:create payment-requests:close greetings:view virtual-ledger-accounts:fund-reservation:create virtual-ledger-accounts:fund-reservation:delete virtual-ledger-accounts:balance:view",
'   "token_type": "Bearer",
'   "keys": [
'     {
'       "kty": "RSA",
'       "n": "3l3rdz4...04VPkdV",
'       "e": "AQAB",
'       "use": "sig",
'       "alg": "RS256",
'       "x5t": "3c396700fc8cd709cf9cb5452a22bcde76985851"
'     }
'   ],
'   "client_id": "e77d776b-90af-4684-bebc-521e5b2614dd"
' }

' Use this online tool to generate parsing code from sample JSON: 
' Generate Parsing Code from JSON

access_token = json.StringOf("access_token")
expires_in = json.IntOf("expires_in")
scope = json.StringOf("scope")
token_type = json.StringOf("token_type")
client_id = json.StringOf("client_id")
i = 0
count_i = json.SizeOfArray("keys")
Do While i < count_i
    json.I = i
    kty = json.StringOf("keys[i].kty")
    n = json.StringOf("keys[i].n")
    e = json.StringOf("keys[i].e")
    use = json.StringOf("keys[i].use")
    alg = json.StringOf("keys[i].alg")
    x5t = json.StringOf("keys[i].x5t")
    i = i + 1
Loop

' This example will save the JSON containing the access key to a file so that
' a subsequent example can load it and then use the access key for a request, such as to create a payment request.
success = json.WriteFile("qa_data/tokens/ing_access_token.json")

%>
</body>
</html>