(PHP ActiveX) ING Open Banking OAuth2 Client Credentials

Demonstrates how to get an access token for the ING Open Banking APIs using client credentials.

For more information, see https://developer.ing.com/openbanking/get-started/openbanking

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows Note: The php_com_dotnet.dll may need to be enabled inside of php.ini.

<?php

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Cert')
$cert = new COM("Chilkat.Cert");
$success = $cert->LoadFromFile('qa_data/certs_and_keys/ING/example_client_tls.cer');
if ($success == 0) {
    print $cert->LastErrorText . "\n";
    exit;
}

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.BinData')
$bdPrivKey = new COM("Chilkat.BinData");
$success = $bdPrivKey->LoadFile('qa_data/certs_and_keys/ING/example_client_tls.key');
if ($success == 0) {
    print 'Failed to load example_client_tls.key' . "\n";
    exit;
}

// The OAuth 2.0 client_id for these certificates is e77d776b-90af-4684-bebc-521e5b2614dd. 
// Please note down this client_id since you will need it in the next steps to call the API.

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.PrivateKey')
$privKey = new COM("Chilkat.PrivateKey");
$success = $privKey->LoadAnyFormat($bdPrivKey,'');
if ($success == 0) {
    print $privKey->LastErrorText . "\n";
    exit;
}

// Associate the private key with the certificate.
$success = $cert->SetPrivateKey($privKey);
if ($success == 0) {
    print $cert->LastErrorText . "\n";
    exit;
}

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Http')
$http = new COM("Chilkat.Http");

$success = $http->SetSslClientCert($cert);
if ($success == 0) {
    print $http->LastErrorText . "\n";
    exit;
}

// Calculate the Digest and add the "Digest" header.  Do the equivalent of this:
// payload="grant_type=client_credentials"
// payloadDigest=`echo -n "$payload" | openssl dgst -binary -sha256 | openssl base64`
// digest=SHA-256=$payloadDigest
// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Crypt2')
$crypt = new COM("Chilkat.Crypt2");
$crypt->HashAlgorithm = 'SHA256';
$crypt->EncodingMode = 'base64';
$payload = 'grant_type=client_credentials';
$payloadDigest = $crypt->hashStringENC($payload);

// Calculate the current date/time and add the Date header.  
// reqDate=$(LC_TIME=en_US.UTF-8 date -u "+%a, %d %b %Y %H:%M:%S GMT")  
// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.CkDateTime')
$dt = new COM("Chilkat.CkDateTime");
$dt->SetFromCurrentSystemTime();
// The desire date/time format is the "RFC822" format.
$http->SetRequestHeader('Date',$dt->getAsRfc822(0));

// Calculate signature for signing your request
// Duplicate the following code:

// 	httpMethod="post"
// 	reqPath="/oauth2/token"
// 	signingString="(request-target): $httpMethod $reqPath
// 	date: $reqDate
// 	digest: $digest"
// 	signature=`printf "$signingString" | openssl dgst -sha256 -sign "${certPath}example_client_signing.key" -passin "pass:changeit" | openssl base64 -A`

$httpMethod = 'POST';
$reqPath = '/oauth2/token';

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.StringBuilder')
$sbStringToSign = new COM("Chilkat.StringBuilder");
$sbStringToSign->Append('(request-target): ');
$sbStringToSign->Append($httpMethod);
$sbStringToSign->ToLowercase();
$sbStringToSign->Append(' ');
$sbStringToSign->AppendLine($reqPath,0);

$sbStringToSign->Append('date: ');
$sbStringToSign->AppendLine($dt->getAsRfc822(0),0);

$sbStringToSign->Append('digest: SHA-256=');
$sbStringToSign->Append($payloadDigest);

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.PrivateKey')
$signingPrivKey = new COM("Chilkat.PrivateKey");
$success = $signingPrivKey->LoadPemFile('qa_data/certs_and_keys/ING/example_client_signing.key');
if ($success == 0) {
    print $signingPrivKey->LastErrorText . "\n";
    exit;
}

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Rsa')
$rsa = new COM("Chilkat.Rsa");
$success = $rsa->ImportPrivateKeyObj($signingPrivKey);
if ($success == 0) {
    print $rsa->LastErrorText . "\n";
    exit;
}

$rsa->EncodingMode = 'base64';
$b64Signature = $rsa->signStringENC($sbStringToSign->getAsString(),'SHA256');

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.StringBuilder')
$sbAuthHdrVal = new COM("Chilkat.StringBuilder");
$sbAuthHdrVal->Append('Signature keyId=\'e77d776b-90af-4684-bebc-521e5b2614dd\',');
$sbAuthHdrVal->Append('algorithm=\'rsa-sha256\',');
$sbAuthHdrVal->Append('headers=\'(request-target) date digest\',');
$sbAuthHdrVal->Append('signature=\'');
$sbAuthHdrVal->Append($b64Signature);
$sbAuthHdrVal->Append('\'');

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.StringBuilder')
$sbDigestHdrVal = new COM("Chilkat.StringBuilder");
$sbDigestHdrVal->Append('SHA-256=');
$sbDigestHdrVal->Append($payloadDigest);

// Do the following CURL statement:

// 	curl -i -X POST "${httpHost}${reqPath}" \
// 	-H 'Accept: application/json' \
// 	-H 'Content-Type: application/x-www-form-urlencoded' \
// 	-H "Digest: ${digest}" \
// 	-H "Date: ${reqDate}" \
// 	-H "authorization: Signature keyId=\"$keyId\",algorithm=\"rsa-sha256\",headers=\"(request-target) date digest\",signature=\"$signature\"" \
// 	-d "${payload}" \
// 	--cert "${certPath}tlsCert.crt" \
// 	--key "${certPath}tlsCert.key"

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.HttpRequest')
$req = new COM("Chilkat.HttpRequest");
$req->AddParam('grant_type','client_credentials');
$req->AddHeader('Accept','application/json');
$req->AddHeader('Date',$dt->getAsRfc822(0));
$req->AddHeader('Digest',$sbDigestHdrVal->getAsString());
$req->AddHeader('Authorization',$sbAuthHdrVal->getAsString());
// resp is a Chilkat.HttpResponse
$resp = $http->PostUrlEncoded('https://api.sandbox.ing.com/oauth2/token',$req);
if ($http->LastMethodSuccess == 0) {
    print $http->LastErrorText . "\n";
    exit;
}

// If successful, the status code = 200
print 'Response Status Code: ' . $resp->StatusCode . "\n";
print $resp->BodyStr . "\n";

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.JsonObject')
$json = new COM("Chilkat.JsonObject");
$json->Load($resp->BodyStr);

$json->EmitCompact = 0;
print $json->emit() . "\n";

// A successful response contains an access token such as:
// {
//   "access_token": "eyJhbGc ... bxI_SoPOBH9xmoM",
//   "expires_in": 905,
//   "scope": "payment-requests:view payment-requests:create payment-requests:close greetings:view virtual-ledger-accounts:fund-reservation:create virtual-ledger-accounts:fund-reservation:delete virtual-ledger-accounts:balance:view",
//   "token_type": "Bearer",
//   "keys": [
//     {
//       "kty": "RSA",
//       "n": "3l3rdz4...04VPkdV",
//       "e": "AQAB",
//       "use": "sig",
//       "alg": "RS256",
//       "x5t": "3c396700fc8cd709cf9cb5452a22bcde76985851"
//     }
//   ],
//   "client_id": "e77d776b-90af-4684-bebc-521e5b2614dd"
// }

// Use this online tool to generate parsing code from sample JSON: 
// Generate Parsing Code from JSON

$access_token = $json->stringOf('access_token');
$expires_in = $json->IntOf('expires_in');
$scope = $json->stringOf('scope');
$token_type = $json->stringOf('token_type');
$client_id = $json->stringOf('client_id');
$i = 0;
$count_i = $json->SizeOfArray('keys');
while ($i < $count_i) {
    $json->I = $i;
    $kty = $json->stringOf('keys[i].kty');
    $n = $json->stringOf('keys[i].n');
    $e = $json->stringOf('keys[i].e');
    $use = $json->stringOf('keys[i].use');
    $alg = $json->stringOf('keys[i].alg');
    $x5t = $json->stringOf('keys[i].x5t');
    $i = $i + 1;
}

// This example will save the JSON containing the access key to a file so that
// a subsequent example can load it and then use the access key for a request, such as to create a payment request.
$json->WriteFile('qa_data/tokens/ing_access_token.json');

?>