Sample code for 30+ languages & platforms
Delphi DLL

Egyptian eReceipt OAuth2 Client Credentials

See more Egypt eReceipt Examples

Get an OAuth2 access token for the Egyptian eReceipt REST API using client credentials (no interactivity with a web browser required).

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Http, HttpRequest, HttpResponse, StringBuilder, JsonObject;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
http: HCkHttp;
req: HCkHttpRequest;
resp: HCkHttpResponse;
sbResponseBody: HCkStringBuilder;
jResp: HCkJsonObject;
respStatusCode: Integer;
token_type: PWideChar;
access_token: PWideChar;
expires_in: PWideChar;
scope: PWideChar;

begin
success := False;

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

http := CkHttp_Create();

// Note: Any provider of a REST API, such as the Egyptian government in this case, can make life 
// much easier for developers by providing one or more of the following in the API documentation:
// 
// 1) A sample CURL statement for each API call.
// 2) A Postman collection, or Swagger/OpenAPI specification file.
// 3) A sample of a raw HTTP request and response for each API call.
// 
// The sample CURL statements or raw HTTP request/responses do not need to comprehensively show all 
// possible options.  Providing a sample allows one to quickly make a successful API call.
// It also allows for code generation directly from the CURL, Postman collection, or raw request/response,
// and it tends to answer all questions about the format/structure of a request that, suprisingly,
// remain ambiguous or not obvious in other forms of documentation.

req := CkHttpRequest_Create();
CkHttpRequest_AddParam(req,'grant_type','client_credentials');
// Use your actual client ID and client secret...
CkHttpRequest_AddParam(req,'client_id','d0394a9f-0607-40de-a978-2d3eb8375b04');
CkHttpRequest_AddParam(req,'client_secret','6d62315e-d65a-4e41-9112-4195ea834edf');

CkHttpRequest_AddHeader(req,'posserial','1234567899');
CkHttpRequest_AddHeader(req,'pososversion','os');
CkHttpRequest_AddHeader(req,'posmodelframework','1');
CkHttpRequest_AddHeader(req,'presharedkey','03ac674216f3e1...');

// When writing this example, the documentation at https://sdk.invoicing.eta.gov.eg/ereceiptapi/01-authenticate-pos/
// shows us the HTTP verb and path (POST /connect/token), however,
// we don't see the actual domain where the request is to be sent.
// What are the endpoints???
// It took some searching, but we found some endpoints here:  https://sdk.invoicing.eta.gov.eg/faq/
// It's not immediately apparent which endpoint is to be used with a given API call.
// Why not just include the endpoint in the documentation for each REST API call?
// Endpoints are literally the #1 thing that needs to be known.
// They can't just be buried in a FAQ.  They should be up-front and obvious.
// 
// So.. we're guessing the endpoint is likely "https://invoicing.eta.gov.eg/connect/token"
CkHttpRequest_putHttpVerb(req,'POST');
CkHttpRequest_putContentType(req,'application/x-www-form-urlencoded');

resp := CkHttpResponse_Create();
success := CkHttp_HttpReq(http,'https://invoicing.eta.gov.eg/connect/token',req,resp);
if (success = False) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

sbResponseBody := CkStringBuilder_Create();
CkHttpResponse_GetBodySb(resp,sbResponseBody);

jResp := CkJsonObject_Create();
CkJsonObject_LoadSb(jResp,sbResponseBody);
CkJsonObject_putEmitCompact(jResp,False);

Memo1.Lines.Add('Response Body:');
Memo1.Lines.Add(CkJsonObject__emit(jResp));

respStatusCode := CkHttpResponse_getStatusCode(resp);
Memo1.Lines.Add('Response Status Code = ' + IntToStr(respStatusCode));
if (respStatusCode >= 400) then
  begin
    Memo1.Lines.Add('Response Header:');
    Memo1.Lines.Add(CkHttpResponse__header(resp));
    Memo1.Lines.Add('Failed.');
    Exit;
  end;

// If successful, the OAuth2 access token JSON looks like this:

// {
//   "token_type": "Bearer",
//   "access_token": "eyJraW......R2sbqrY",
//   "expires_in": "3600",
//   "scope": "..."
// }

token_type := CkJsonObject__stringOf(jResp,'token_type');
access_token := CkJsonObject__stringOf(jResp,'access_token');
expires_in := CkJsonObject__stringOf(jResp,'expires_in');
scope := CkJsonObject__stringOf(jResp,'scope');

CkHttp_Dispose(http);
CkHttpRequest_Dispose(req);
CkHttpResponse_Dispose(resp);
CkStringBuilder_Dispose(sbResponseBody);
CkJsonObject_Dispose(jResp);

end;