Sample code for 30+ languages & platforms
C

HMRC Validate Fraud Prevention Headers

See more HTTP Misc Examples

Demonstrates how to test (validate) HMRC fraud prevention headers.

Chilkat C Downloads

C
#include <C_CkRest.h>
#include <C_CkJsonObject.h>
#include <C_CkStringBuilder.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkRest rest;
    HCkJsonObject json;
    const char *accessToken;
    HCkStringBuilder sbAuthHeaderValue;
    const char *responseStr;

    success = FALSE;

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    rest = CkRest_Create();

    success = CkRest_Connect(rest,"test-api.service.hmrc.gov.uk",443,TRUE,TRUE);
    if (success == FALSE) {
        printf("%s\n",CkRest_lastErrorText(rest));
        CkRest_Dispose(rest);
        return;
    }

    // Load the previously fetched access token.
    json = CkJsonObject_Create();
    success = CkJsonObject_LoadFile(json,"qa_data/tokens/hmrc.json");
    accessToken = CkJsonObject_stringOf(json,"access_token");
    printf("Using access toke: %s\n",accessToken);

    sbAuthHeaderValue = CkStringBuilder_Create();
    CkStringBuilder_Append(sbAuthHeaderValue,"Bearer ");
    CkStringBuilder_Append(sbAuthHeaderValue,accessToken);

    CkRest_AddHeader(rest,"Accept","application/vnd.hmrc.1.0+json");
    CkRest_AddHeader(rest,"Authorization",CkStringBuilder_getAsString(sbAuthHeaderValue));

    // Add the fraud prevention headers.
    // See https://developer.service.hmrc.gov.uk/api-documentation/docs/fraud-prevention
    CkRest_AddHeader(rest,"gov-client-connection-method","DESKTOP_APP_DIRECT");

    // This should be generated by an application and persistently stored on the device. The identifier should not expire.
    CkRest_AddHeader(rest,"gov-client-device-id","beec798b-b366-47fa-b1f8-92cede14a1ce");

    // See https://developer.service.hmrc.gov.uk/api-documentation/docs/fraud-prevention
    CkRest_AddHeader(rest,"gov-client-user-ids","os=user123");

    // Your local IP addresses (comma separated), such as addresses beginning with "192.168." or "172.16."
    CkRest_AddHeader(rest,"gov-client-local-ips","172.16.16.23");
    // You'll need to find a way to get your MAC address.  Chilkat does not yet provide this ability...
    CkRest_AddHeader(rest,"gov-client-mac-addresses","7C%3AD3%3A0A%3A25%3ADA%3A1C");

    CkRest_AddHeader(rest,"gov-client-timezone","UTC+00:00");

    // You can probably just hard-code these so they're always the same with each request.
    CkRest_AddHeader(rest,"gov-client-window-size","width=1256&height=800");
    CkRest_AddHeader(rest,"gov-client-screens","width=1920&height=1080&scaling-factor=1&colour-depth=16");
    CkRest_AddHeader(rest,"gov-client-user-agent","Windows/Server%202012 (Dell%20Inc./OptiPlex%20980)");
    CkRest_AddHeader(rest,"gov-vendor-version","My%20Desktop%20Software=1.2.3.build4286");

    responseStr = CkRest_fullRequestNoBody(rest,"GET","/test/fraud-prevention-headers/validate");
    if (CkRest_getLastMethodSuccess(rest) == FALSE) {
        printf("%s\n",CkRest_lastErrorText(rest));
        CkRest_Dispose(rest);
        CkJsonObject_Dispose(json);
        CkStringBuilder_Dispose(sbAuthHeaderValue);
        return;
    }

    // If the status code is 200, then the fraud prevention headers were validated.
    // The JSON response may include some warnings..
    printf("Response status code = %d\n",CkRest_getResponseStatusCode(rest));
    printf("Response JSON body: \n");
    printf("%s\n",responseStr);


    CkRest_Dispose(rest);
    CkJsonObject_Dispose(json);
    CkStringBuilder_Dispose(sbAuthHeaderValue);

    }