Sample code for 30+ languages & platforms
Delphi DLL

RSAP Union API - Get OAuth2 Access Token

See more _Miscellaneous_ Examples

Demonstrates how to get an OAuth2 access token for the RSAP Union API. Note: This uses the client credentials flow, which does NOT require an interactive engagement using a browser.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, HttpResponse, StringBuilder, JsonObject, PrivateKey, Cert, Http;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
http: HCkHttp;
json: HCkJsonObject;
cert: HCkCert;
privKey: HCkPrivateKey;
resp: HCkHttpResponse;
sbResponseBody: HCkStringBuilder;
jResp: HCkJsonObject;
respStatusCode: Integer;

begin
success := False;

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

http := CkHttp_Create();

// The following JSON is sent in the request body.

// {
//   "grant_type": "client_credentials",
//   "client_id": 1234,
//   "client_secret": "23456abcde"
// }

json := CkJsonObject_Create();
CkJsonObject_UpdateString(json,'grant_type','client_credentials');
CkJsonObject_UpdateInt(json,'client_id',1234);
CkJsonObject_UpdateString(json,'client_secret','23456abcde');

CkHttp_SetRequestHeader(http,'Content-type','application/json');

// Add the client certificate TLS authentication.
cert := CkCert_Create();
success := CkCert_LoadFromFile(cert,'qa_data/certs_and_keys/union_client_certificate.crt');
if (success = False) then
  begin
    Memo1.Lines.Add(CkCert__lastErrorText(cert));
    Exit;
  end;

privKey := CkPrivateKey_Create();
success := CkPrivateKey_LoadAnyFormatFile(privKey,'qa_data/certs_and_keys/union_client_certificate.nopass.key','');
if (success = False) then
  begin
    Memo1.Lines.Add(CkPrivateKey__lastErrorText(privKey));
    Exit;
  end;

// Associate the private key with the cert.
// This will fail if the private key is not actually the correct one that corresponds to the public key stored within the cert.
success := CkCert_SetPrivateKey(cert,privKey);
if (success = False) then
  begin
    Memo1.Lines.Add(CkCert__lastErrorText(cert));
    Exit;
  end;

// Tell HTTP to use the cert for client TLS certificate authentication.
success := CkHttp_SetSslClientCert(http,cert);
if (success = False) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

resp := CkHttpResponse_Create();
success := CkHttp_HttpJson(http,'POST','https://api-test.rsap.ca/oauth/token',json,'application/json',resp);
if (success = False) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

sbResponseBody := CkStringBuilder_Create();
CkHttpResponse_GetBodySb(resp,sbResponseBody);
jResp := CkJsonObject_Create();
CkJsonObject_LoadSb(jResp,sbResponseBody);
CkJsonObject_putEmitCompact(jResp,False);

Memo1.Lines.Add('Response Body:');
Memo1.Lines.Add(CkJsonObject__emit(jResp));

respStatusCode := CkHttpResponse_getStatusCode(resp);
Memo1.Lines.Add('Response Status Code = ' + IntToStr(respStatusCode));
if (respStatusCode >= 400) then
  begin
    Memo1.Lines.Add('Response Header:');
    Memo1.Lines.Add(CkHttpResponse__header(resp));
    Memo1.Lines.Add('Failed.');
    Exit;
  end;

// Sample JSON response:
// (Sample code for parsing the JSON response is shown below)

// {
//   "token_type": "Bearer",
//   "expires_in": 3600,
//   "access_token": "eyJ0eXAi...LnE"
// }

// This token expires in 1 hour.  Your application could re-use the same token for up to an hour,
// or it can simply get a new access token before each request (if you're not doing too many requests).
success := CkJsonObject_WriteFile(jResp,'qa_data/tokens/rsapToken.json');

CkHttp_Dispose(http);
CkJsonObject_Dispose(json);
CkCert_Dispose(cert);
CkPrivateKey_Dispose(privKey);
CkHttpResponse_Dispose(resp);
CkStringBuilder_Dispose(sbResponseBody);
CkJsonObject_Dispose(jResp);

end;