Sample code for 30+ languages & platforms
Delphi DLL

Isabel Connect Create First Access Token and Refresh Token

See more Ibanity Examples

Creates your first access token and refresh token. Once created, the refresh token can be used to get a new access token after it expires, or before it expires.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Http, HttpResponse, HttpRequest, JsonObject, StringBuilder, Cert, Crypt2;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
http: HCkHttp;
cert: HCkCert;
req: HCkHttpRequest;
crypt: HCkCrypt2;
idempotencyKey: PWideChar;
resp: HCkHttpResponse;
sbResponseBody: HCkStringBuilder;
jResp: HCkJsonObject;
respStatusCode: Integer;
token_type: PWideChar;
scope: PWideChar;
refresh_token: PWideChar;
expires_in: Integer;
access_token: PWideChar;

begin
success := False;

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

http := CkHttp_Create();

// Implements the following CURL command:

// curl -X POST https://api.ibanity.com/isabel-connect/oauth2/token \
// --cert certificate.pem:qwertyuiop1 \
// --key private_key.pem  \
// -H "Content-Type: application/x-www-form-urlencoded" \
// -H "Accept: application/vnd.api+json" \
// -H "Ibanity-Idempotency-Key: af621a8f-f74b-41a2-b011-336997633df4"  \
// -d grant_type=authorization_code \
// -d code=valid_authorization_code \
// -d client_id=valid_client_id \
// -d client_secret=valid_client_secret \
// -d redirect_uri=https://fake-tpp.com 

// Ibanity provides the certificate + private key in PFX format.  This example will use the .pfx instead of the pair of PEM files.
// (It is also possible to implement using Chilkat with the PEM files, but PFX is easier.)
cert := CkCert_Create();
success := CkCert_LoadPfxFile(cert,'qa_data/pfx/my_ibanity_certificate.pfx','my_pfx_password');
if (success = False) then
  begin
    Memo1.Lines.Add(CkCert__lastErrorText(cert));
    Exit;
  end;

success := CkHttp_SetSslClientCert(http,cert);
if (success = False) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

req := CkHttpRequest_Create();
CkHttpRequest_putHttpVerb(req,'POST');
CkHttpRequest_putPath(req,'/isabel-connect/oauth2/token');
CkHttpRequest_putContentType(req,'application/x-www-form-urlencoded');
CkHttpRequest_AddParam(req,'grant_type','authorization_code');

// Note: For sandbox testing, we literally want to use the strings
// "valid_authorization_code", "valid_client_id", and "valid_client_secret".
// For the live app, you would replace these with actual values.
CkHttpRequest_AddParam(req,'code','valid_authorization_code');
CkHttpRequest_AddParam(req,'client_id','valid_client_id');
CkHttpRequest_AddParam(req,'client_secret','valid_client_secret');
CkHttpRequest_AddParam(req,'redirect_uri','https://fake-tpp.com');

CkHttpRequest_AddHeader(req,'Accept','application/vnd.api+json');

crypt := CkCrypt2_Create();
idempotencyKey := CkCrypt2__generateUuid(crypt);
Memo1.Lines.Add('Ibanity-Idempotency-Key: ' + idempotencyKey);
CkHttpRequest_AddHeader(req,'Ibanity-Idempotency-Key',idempotencyKey);

resp := CkHttpResponse_Create();
success := CkHttp_HttpReq(http,'https://api.ibanity.com/isabel-connect/oauth2/token',req,resp);
if (success = False) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

sbResponseBody := CkStringBuilder_Create();
CkHttpResponse_GetBodySb(resp,sbResponseBody);
jResp := CkJsonObject_Create();
CkJsonObject_LoadSb(jResp,sbResponseBody);
CkJsonObject_putEmitCompact(jResp,False);

Memo1.Lines.Add('Response Body:');
Memo1.Lines.Add(CkJsonObject__emit(jResp));

respStatusCode := CkHttpResponse_getStatusCode(resp);
Memo1.Lines.Add('Response Status Code = ' + IntToStr(respStatusCode));
if (respStatusCode >= 400) then
  begin
    Memo1.Lines.Add('Response Header:');
    Memo1.Lines.Add(CkHttpResponse__header(resp));
    Memo1.Lines.Add('Failed.');
    Exit;
  end;

// Sample JSON response:
// (Sample code for parsing the JSON response is shown below)

// {
//   "token_type": "Bearer",
//   "scope": "cloudconnect",
//   "refresh_token": "valid_refresh_token",
//   "expires_in": 1799,
//   "access_token": "access_token_1617371230"
// }

// Sample code for parsing the JSON response...
// Use the following online tool to generate parsing code from sample JSON:
// Generate Parsing Code from JSON

token_type := CkJsonObject__stringOf(jResp,'token_type');
scope := CkJsonObject__stringOf(jResp,'scope');
refresh_token := CkJsonObject__stringOf(jResp,'refresh_token');
expires_in := CkJsonObject_IntOf(jResp,'expires_in');
access_token := CkJsonObject__stringOf(jResp,'access_token');

// Save to a file for future use in refreshing the access token.
// The refresh token is the same each time we refresh to get a new access token.
success := CkJsonObject_WriteFile(jResp,'qa_data/tokens/isabel_refresh_token.json');

// Also save to a file to be used as the current access token.
success := CkJsonObject_WriteFile(jResp,'qa_data/tokens/isabel_access_token.json');

CkHttp_Dispose(http);
CkCert_Dispose(cert);
CkHttpRequest_Dispose(req);
CkCrypt2_Dispose(crypt);
CkHttpResponse_Dispose(resp);
CkStringBuilder_Dispose(sbResponseBody);
CkJsonObject_Dispose(jResp);

end;