Sample code for 30+ languages & platforms
Go

HMRC Validate Fraud Prevention Headers

See more HTTP Misc Examples

Demonstrates how to test (validate) HMRC fraud prevention headers.

Chilkat Go Downloads

Go
    success := false

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    rest := chilkat.NewRest()

    success = rest.Connect("test-api.service.hmrc.gov.uk",443,true,true)
    if success == false {
        fmt.Println(rest.LastErrorText())
        rest.DisposeRest()
        return
    }

    // Load the previously fetched access token.
    json := chilkat.NewJsonObject()
    success = json.LoadFile("qa_data/tokens/hmrc.json")
    accessToken := json.StringOf("access_token")
    fmt.Println("Using access toke: ", *accessToken)

    sbAuthHeaderValue := chilkat.NewStringBuilder()
    sbAuthHeaderValue.Append("Bearer ")
    sbAuthHeaderValue.Append(*accessToken)

    rest.AddHeader("Accept","application/vnd.hmrc.1.0+json")
    rest.AddHeader("Authorization",*sbAuthHeaderValue.GetAsString())

    // Add the fraud prevention headers.
    // See https://developer.service.hmrc.gov.uk/api-documentation/docs/fraud-prevention
    rest.AddHeader("gov-client-connection-method","DESKTOP_APP_DIRECT")

    // This should be generated by an application and persistently stored on the device. The identifier should not expire.
    rest.AddHeader("gov-client-device-id","beec798b-b366-47fa-b1f8-92cede14a1ce")

    // See https://developer.service.hmrc.gov.uk/api-documentation/docs/fraud-prevention
    rest.AddHeader("gov-client-user-ids","os=user123")

    // Your local IP addresses (comma separated), such as addresses beginning with "192.168." or "172.16."
    rest.AddHeader("gov-client-local-ips","172.16.16.23")
    // You'll need to find a way to get your MAC address.  Chilkat does not yet provide this ability...
    rest.AddHeader("gov-client-mac-addresses","7C%3AD3%3A0A%3A25%3ADA%3A1C")

    rest.AddHeader("gov-client-timezone","UTC+00:00")

    // You can probably just hard-code these so they're always the same with each request.
    rest.AddHeader("gov-client-window-size","width=1256&height=800")
    rest.AddHeader("gov-client-screens","width=1920&height=1080&scaling-factor=1&colour-depth=16")
    rest.AddHeader("gov-client-user-agent","Windows/Server%202012 (Dell%20Inc./OptiPlex%20980)")
    rest.AddHeader("gov-vendor-version","My%20Desktop%20Software=1.2.3.build4286")

    responseStr := rest.FullRequestNoBody("GET","/test/fraud-prevention-headers/validate")
    if rest.LastMethodSuccess() == false {
        fmt.Println(rest.LastErrorText())
        rest.DisposeRest()
        json.DisposeJsonObject()
        sbAuthHeaderValue.DisposeStringBuilder()
        return
    }

    // If the status code is 200, then the fraud prevention headers were validated.
    // The JSON response may include some warnings..
    fmt.Println("Response status code = ", rest.ResponseStatusCode())
    fmt.Println("Response JSON body: ")
    fmt.Println(*responseStr)

    rest.DisposeRest()
    json.DisposeJsonObject()
    sbAuthHeaderValue.DisposeStringBuilder()