Sample code for 30+ languages & platforms
Classic ASP

HMRC Validate Fraud Prevention Headers

See more HTTP Misc Examples

Demonstrates how to test (validate) HMRC fraud prevention headers.

Chilkat Classic ASP Downloads

Classic ASP
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
success = 0

' This example requires the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.

set rest = Server.CreateObject("Chilkat.Rest")

success = rest.Connect("test-api.service.hmrc.gov.uk",443,1,1)
If (success = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( rest.LastErrorText) & "</pre>"
    Response.End
End If

' Load the previously fetched access token.
set json = Server.CreateObject("Chilkat.JsonObject")
success = json.LoadFile("qa_data/tokens/hmrc.json")
accessToken = json.StringOf("access_token")
Response.Write "<pre>" & Server.HTMLEncode( "Using access toke: " & accessToken) & "</pre>"

set sbAuthHeaderValue = Server.CreateObject("Chilkat.StringBuilder")
success = sbAuthHeaderValue.Append("Bearer ")
success = sbAuthHeaderValue.Append(accessToken)

success = rest.AddHeader("Accept","application/vnd.hmrc.1.0+json")
success = rest.AddHeader("Authorization",sbAuthHeaderValue.GetAsString())

' Add the fraud prevention headers.
' See https://developer.service.hmrc.gov.uk/api-documentation/docs/fraud-prevention
success = rest.AddHeader("gov-client-connection-method","DESKTOP_APP_DIRECT")

' This should be generated by an application and persistently stored on the device. The identifier should not expire.
success = rest.AddHeader("gov-client-device-id","beec798b-b366-47fa-b1f8-92cede14a1ce")

' See https://developer.service.hmrc.gov.uk/api-documentation/docs/fraud-prevention
success = rest.AddHeader("gov-client-user-ids","os=user123")

' Your local IP addresses (comma separated), such as addresses beginning with "192.168." or "172.16."
success = rest.AddHeader("gov-client-local-ips","172.16.16.23")
' You'll need to find a way to get your MAC address.  Chilkat does not yet provide this ability...
success = rest.AddHeader("gov-client-mac-addresses","7C%3AD3%3A0A%3A25%3ADA%3A1C")

success = rest.AddHeader("gov-client-timezone","UTC+00:00")

' You can probably just hard-code these so they're always the same with each request.
success = rest.AddHeader("gov-client-window-size","width=1256&height=800")
success = rest.AddHeader("gov-client-screens","width=1920&height=1080&scaling-factor=1&colour-depth=16")
success = rest.AddHeader("gov-client-user-agent","Windows/Server%202012 (Dell%20Inc./OptiPlex%20980)")
success = rest.AddHeader("gov-vendor-version","My%20Desktop%20Software=1.2.3.build4286")

responseStr = rest.FullRequestNoBody("GET","/test/fraud-prevention-headers/validate")
If (rest.LastMethodSuccess = 0) Then
    Response.Write "<pre>" & Server.HTMLEncode( rest.LastErrorText) & "</pre>"
    Response.End
End If

' If the status code is 200, then the fraud prevention headers were validated.
' The JSON response may include some warnings..
Response.Write "<pre>" & Server.HTMLEncode( "Response status code = " & rest.ResponseStatusCode) & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( "Response JSON body: ") & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( responseStr) & "</pre>"

%>
</body>
</html>