(PHP ActiveX) Rabobank GET /v3/accounts

Demonstrates a call to a Rabobank API. Specifically this makes a call to the "Accounts AIS sb" API to deliver all the consented payments accounts for a specific Rabobank customer.

(This includes source code to for signing requests for PSD2 APIs)

For more information, see https://developer-sandbox.rabobank.nl/reference/accounts-ais-sb/3-0-8

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows Note: The php_com_dotnet.dll may need to be enabled inside of php.ini.

<?php

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Http')
$http = new COM("Chilkat.Http");

// Implements the following CURL command:

// curl --request GET \
//   --url https://api-sandbox.rabobank.nl/openapi/sandbox/payments/account-information/ais/v3/accounts \
//   --header 'accept: application/json' \
//   --header 'authorization: Bearer REPLACE_BEARER_TOKEN' \
//   --header 'date: REPLACE_THIS_VALUE' \
//   --header 'digest: REPLACE_THIS_VALUE' \
//   --header 'psu-ip-address: OPTIONAL' \
//   --header 'signature: REPLACE_THIS_VALUE' \
//   --header 'tpp-signature-certificate: MIIDkDCCAnigA ... cwE6gUl0rMA==' \
//   --header 'x-ibm-client-id: Client ID' \
//   --header 'x-request-id: REPLACE_THIS_VALUE'

// Load the previously fetched OAuth2 access token.
// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.JsonObject')
$jsonToken = new COM("Chilkat.JsonObject");
$success = $jsonToken->LoadFile('qa_data/tokens/rabobank.json');
if ($success == 0) {
    print $jsonToken->LastErrorText . "\n";
    exit;
}

// This adds the "authorization: Bearer REPLACE_BEARER_TOKEN" header.
$http->AuthToken = $jsonToken->stringOf('access_token');

// This is the TTP Signature certificate: The certificate used for signing the request.
// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.StringBuilder')
$sbTppCert = new COM("Chilkat.StringBuilder");
$sbTppCert->Append('MIIDkDCCAnigAwIBAgIEWs3AJDANBgkqhkiG9w0BAQsFADCBiTELMAkGA1UEBhMC');
$sbTppCert->Append('TkwxEDAOBgNVBAgMB1V0cmVjaHQxEDAOBgNVBAcMB1V0cmVjaHQxETAPBgNVBAoM');
$sbTppCert->Append('CFJhYm9iYW5rMRwwGgYDVQQLDBNPbmxpbmUgVHJhbnNhY3Rpb25zMSUwIwYDVQQD');
$sbTppCert->Append('DBxQU0QyIEFQSSBQSSBTZXJ2aWNlcyBTYW5kYm94MB4XDTE4MDQxMTA3NTgyOFoX');
$sbTppCert->Append('DTIzMDQxMTA3NTgyOFowgYkxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0');
$sbTppCert->Append('MRAwDgYDVQQHDAdVdHJlY2h0MREwDwYDVQQKDAhSYWJvYmFuazEcMBoGA1UECwwT');
$sbTppCert->Append('T25saW5lIFRyYW5zYWN0aW9uczElMCMGA1UEAwwcUFNEMiBBUEkgUEkgU2Vydmlj');
$sbTppCert->Append('ZXMgU2FuZGJveDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANoAjqGW');
$sbTppCert->Append('UgCIm2F+0sBSEwLal+T3u+uldLikpxHCB8iL1GD7FrRjcA+MVsxhvHly7vRsHK+t');
$sbTppCert->Append('QyMSaeK782RHpY33qxPLc8LmoQLb2EuiQxXj9POYkYBQ74qkrZnvKVlR3WoyQWeD');
$sbTppCert->Append('OXnSY2wbNFfkP8ET4ElwyuIIEriwYhab0OIrnnrO8X82/SPZxHwEd3aQjQ6uhiw8');
$sbTppCert->Append('paDspJbS5WjEfuwY16KVVUYlhbtAwGjvc6aK0NBm+LH9fMLpAE6gfGZNy0gzMDor');
$sbTppCert->Append('VNbkQK1IoAGD8p9ZHdB0F3FwkILEjUiQW6nK+/fKDNJ0TBbpgZUpY8bR460qzxKd');
$sbTppCert->Append('eZ1yPDqX2Cjh6fkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAYL4iD6noMJAt63kD');
$sbTppCert->Append('ED4RB2mII/lssvHhcxuDpOm3Ims9urubFWEpvV5TgIBAxy9PBinOdjhO1kGJJnYi');
$sbTppCert->Append('7F1jv1qnZwTV1JhYbvxv3+vk0jaiu7Ew7G3ASlzruXyMhN6t6jk9MpaWGl5Uw1T+');
$sbTppCert->Append('gNRUcWQRR44g3ahQRIS/UHkaV+vcpOa8j186/1X0ULHfbcVQk4LMmJeXqNs8sBAU');
$sbTppCert->Append('dKU/c6ssvj8jfJ4SfrurcBhY5UBTOdQOXTPY85aU3iFloerx7Oi9EHewxInOrU5X');
$sbTppCert->Append('zqqTz2AQPXezexVeAQxP27lzqCmYC7CFiam6QBr06VebkmnPLfs76n8CDc1cwE6g');
$sbTppCert->Append('Ul0rMA==');
$http->SetRequestHeader('tpp-signature-certificate',$sbTppCert->getAsString());

// ----------------------------------------------------------------
// We're not going to add the psu-ip-address header in this example.

// ----------------------------------------------------------------
// X-Request-ID header...
// Generate a UUID v4.
// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Crypt2')
$crypt = new COM("Chilkat.Crypt2");
$xRequestId = $crypt->generateUuid();
$http->SetRequestHeader('x-request-id',$xRequestId);

// ----------------------------------------------------------------
// Date header...
// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.CkDateTime')
$dt = new COM("Chilkat.CkDateTime");
$dt->SetFromCurrentSystemTime();
$dateHdrVal = $dt->getAsRfc822(0);
// The desire date/time format is the "RFC822" format.
$http->SetRequestHeader('Date',$dateHdrVal);

// ----------------------------------------------------------------
// Digest header...
$crypt->HashAlgorithm = 'SHA256';
$crypt->EncodingMode = 'base64';
// A GET request has no HTTP request body.  Therefore the payload is the empty string.
$payload = '';
$payloadDigest = $crypt->hashStringENC($payload);
// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.StringBuilder')
$sbDigestHdrVal = new COM("Chilkat.StringBuilder");
$sbDigestHdrVal->Append('SHA-256=');
$sbDigestHdrVal->Append($payloadDigest);
$http->SetRequestHeader('digest',$sbDigestHdrVal->getAsString());

// ----------------------------------------------------------------
// The HTTP request needs to be signed for PSD2 API's...
// Create the signing string (to use in signing the HTTP request).
// See https://developer.rabobank.nl/signing-requests-psd2-apis
// 
// For "account information" HTTP requests, we must use the following headers in the signing string.
//    date
//    digest
//    x-request-id

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.StringBuilder')
$sbStringToSign = new COM("Chilkat.StringBuilder");
$sbStringToSign->Append('date: ');
$sbStringToSign->AppendLine($dateHdrVal,0);
$sbStringToSign->Append('digest: ');
$sbStringToSign->AppendLine($sbDigestHdrVal->getAsString(),0);
$sbStringToSign->Append('x-request-id: ');
$sbStringToSign->Append($xRequestId);

// ----------------------------------------------------------------
// Sign with our private key...
// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.StringBuilder')
$sbPrivKey = new COM("Chilkat.StringBuilder");
$sbPrivKey->Append('MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDaAI6hllIAiJth');
$sbPrivKey->Append('ftLAUhMC2pfk97vrpXS4pKcRwgfIi9Rg+xa0Y3APjFbMYbx5cu70bByvrUMjEmni');
$sbPrivKey->Append('u/NkR6WN96sTy3PC5qEC29hLokMV4/TzmJGAUO+KpK2Z7ylZUd1qMkFngzl50mNs');
$sbPrivKey->Append('GzRX5D/BE+BJcMriCBK4sGIWm9DiK556zvF/Nv0j2cR8BHd2kI0OroYsPKWg7KSW');
$sbPrivKey->Append('0uVoxH7sGNeilVVGJYW7QMBo73OmitDQZvix/XzC6QBOoHxmTctIMzA6K1TW5ECt');
$sbPrivKey->Append('SKABg/KfWR3QdBdxcJCCxI1IkFupyvv3ygzSdEwW6YGVKWPG0eOtKs8SnXmdcjw6');
$sbPrivKey->Append('l9go4en5AgMBAAECggEAB8nsTqalwGIhFw8mbXuhNUFlGuek/arYLD6pv28swwQH');
$sbPrivKey->Append('7v0ZlxFUcCHF+iBl0PsDwZTZQ4ePtgGS6ehoLkWHCzb1lEv5E1YVG5qKNE2UUwRl');
$sbPrivKey->Append('fIyPakO6AzyV/UF3uzq7C+/GuXGNTKZxKewg5yD/DCFvKoCOpxu9u36FyqP/hw0S');
$sbPrivKey->Append('ADVlmp35/zoPDPZzu1j4FiCo0pJ9LwJcHxeJHopNAKDw9k6I4z/grskdgupsGzK2');
$sbPrivKey->Append('BiGiQ/+wmmO68/6Xa6KWfpr1PQ6ODJHgzZsdGCVi6Ebaqlj6BbsYWxP6h3lrsGt+');
$sbPrivKey->Append('LmHBaN2jCD6cDp+lihqFgnm8hfdv0lmbPilp71EDfwKBgQD6U8PBzZtN8yXm5WuS');
$sbPrivKey->Append('NL+/8q5GjNmeTJBSo1gM6Y8vOT4QAE147LbVuVBDwyHPoSrNejePae6Q14PswjBy');
$sbPrivKey->Append('T7B8DZ0OeQyGa3trrFg/ib7Vv4ZMvJqX9+WzBrzZsxTg7oCKHzmCR4vIRItKHH3z');
$sbPrivKey->Append('Wnnhqlo8ic2AZ2O43cdJosbO1wKBgQDe8UODOLu0vnHohOKeUqF3w/ZOB2+83/js');
$sbPrivKey->Append('YyUbSkzsGvHIwTjObuMUFTQvdMZ6IkIyJdfnDZIbvlBSD8tzL5iKFTNCK2nL1i4G');
$sbPrivKey->Append('iFr0CYLaHAlhJ5GEbTrTMDoJeBPerZq83HPrSa/Wb0xO18QTWsoVQPFfPFbbcQyI');
$sbPrivKey->Append('9ryJ2iIDrwKBgQC6kuAefG46ZPVk6K2KZUJdgDUgZC52a75NuW0RAqszmUiGiJM1');
$sbPrivKey->Append('g8ip9tq6BqAWrprGV0c93shusBKlzf5p1LdHXqYmeVY6gbWVhPipMrNHgN5KJ3BZ');
$sbPrivKey->Append('v+w1yNnMsErpcxne2HL2hPjMJTpj3GSLkm2xIlTrNhIyl9ydlr7IRUhENQKBgQCv');
$sbPrivKey->Append('i6HxbXa/90WSJTCcIcxqla8X+dsOCf3jhJ3vQy4Wq5C+1wZ35fCAG8Ifq/+so9Uj');
$sbPrivKey->Append('z5CVqqXlmpF8TFuSs2OVNuRJsg14J4nOMwgLKIIUZAcurQ10DN5I9Kx+UEK1EFXL');
$sbPrivKey->Append('aHsORdNjMfgQDO2jn9WHrr9gkg6CdB2+qyoCEfS+mQKBgBW08lcy9V5RzRWb/v/j');
$sbPrivKey->Append('xsc7ovmgAhCJhDeV7dPbx4HbFeoQJlbA8g1thdcFlcatSGyNDbvNE1GPSd4NhkpR');
$sbPrivKey->Append('Y6Hfv53kdEzjVkEtU8lUdL7HNVJqX7bU7oZlfbYcwxWQ1Gg8C1oLIAyEt71slQtd');
$sbPrivKey->Append('RiNYBRZTQe2F0wxbXnuUqLAw');

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.PrivateKey')
$privKey = new COM("Chilkat.PrivateKey");
$success = $privKey->LoadPem($sbPrivKey->getAsString());
if ($success == 0) {
    print $privKey->LastErrorText . "\n";
    exit;
}

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Rsa')
$rsa = new COM("Chilkat.Rsa");
$success = $rsa->ImportPrivateKeyObj($privKey);
if ($success == 0) {
    print $rsa->LastErrorText . "\n";
    exit;
}

$rsa->EncodingMode = 'base64';
$b64Signature = $rsa->signStringENC($sbStringToSign->getAsString(),'SHA256');

// ----------------------------------------------------------------
// Add the "signature" header.
// 
// The signature header will look like this:
// signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="y5o7gKxmfA6AT6...blE1A9Q=="
// 
// The keyId is the serial number of the certificate as defined in 'TPP-Signing-Certificate' header, the format should be Integer not hex. 
// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Cert')
$cert = new COM("Chilkat.Cert");
$success = $cert->SetFromEncoded($sbTppCert->getAsString());
if ($success == 0) {
    print $cert->LastErrorText . "\n";
    exit;
}

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.StringBuilder')
$sbSigHdrVal = new COM("Chilkat.StringBuilder");
$sbSigHdrVal->Append('keyId=\'');
$sbSigHdrVal->Append($cert->SerialDecimal);
$sbSigHdrVal->Append('\',');
$sbSigHdrVal->Append('algorithm=\'rsa-sha256\',');
$sbSigHdrVal->Append('headers=\'date digest x-request-id\',');
$sbSigHdrVal->Append('signature=\'');
$sbSigHdrVal->Append($b64Signature);
$sbSigHdrVal->Append('\'');

$http->SetRequestHeader('signature',$sbSigHdrVal->getAsString());

// ----------------------------------------------------------------
// Add remaining headers...

$http->SetRequestHeader('x-ibm-client-id','YOUR_APP_CLIENT_ID');
$http->SetRequestHeader('accept','application/json');

// ----------------------------------------------------------------
// Add our certificate and key for mutual TLS 
// (provide a registered X509 client certificate during TLS handhake)

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Cert')
$tlsCert = new COM("Chilkat.Cert");
$success = $tlsCert->LoadFromFile('qa_data/certs_and_keys/ING/example_client_tls.cer');
if ($success == 0) {
    print $tlsCert->LastErrorText . "\n";
    exit;
}

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.BinData')
$bdPrivKey = new COM("Chilkat.BinData");
$success = $bdPrivKey->LoadFile('qa_data/certs_and_keys/ING/example_client_tls.key');
if ($success == 0) {
    print 'Failed to load example_client_tls.key' . "\n";
    exit;
}

// The OAuth 2.0 client_id for these certificates is e77d776b-90af-4684-bebc-521e5b2614dd. 
// Please note down this client_id since you will need it in the next steps to call the API.

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.PrivateKey')
$tlsPrivKey = new COM("Chilkat.PrivateKey");
$success = $tlsPrivKey->LoadAnyFormat($bdPrivKey,'');
if ($success == 0) {
    print $tlsPrivKey->LastErrorText . "\n";
    exit;
}

// Associate the private key with the certificate.
$success = $tlsCert->SetPrivateKey($tlsPrivKey);
if ($success == 0) {
    print $tlsCert->LastErrorText . "\n";
    exit;
}

$success = $http->SetSslClientCert($tlsCert);
if ($success == 0) {
    print $http->LastErrorText . "\n";
    exit;
}

// ----------------------------------------------------------------
// Finally, send the request...

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.StringBuilder')
$sbResponseBody = new COM("Chilkat.StringBuilder");
$success = $http->QuickGetSb('https://api-sandbox.rabobank.nl/openapi/sandbox/payments/account-information/ais/v3/accounts',$sbResponseBody);
if ($success == 0) {
    print $http->LastErrorText . "\n";
    print $sbResponseBody->getAsString() . "\n";
    exit;
}

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.JsonObject')
$jResp = new COM("Chilkat.JsonObject");
$jResp->LoadSb($sbResponseBody);
$jResp->EmitCompact = 0;

print 'Response Body:' . "\n";
print $jResp->emit() . "\n";

$respStatusCode = $http->LastStatus;
print 'Response Status Code = ' . $respStatusCode . "\n";
if ($respStatusCode >= 400) {
    print 'Response Header:' . "\n";
    print $http->LastHeader . "\n";
    print 'Failed.' . "\n";
    exit;
}

// Sample JSON response:
// (Sample code for parsing the JSON response is shown below)

// {
//   "accounts": [
//     {
//       "_links": {
//         "account": "/v3/accounts/dW9od2VIVUhGVypIZHVpaGRhdWR3OGRoY",
//         "balances": "/v3/accounts/dW9od2VIVUhGVypIZHVpaGRhdWR3OGRoY/balances",
//         "transactions": "/v3/accounts/dW9od2VIVUhGVypIZHVpaGRhdWR3OGRoY/transactions"
//       },
//       "currency": "EUR",
//       "iban": "NL05RABO0812836782",
//       "name": "Rosie Roy",
//       "resourceId": "dW9od2VIVUhGVypIZHVpaGRhdWR3OGRoY",
//       "status": "enabled"
//     }
//   ]
// }

// Sample code for parsing the JSON response...
// Use the following online tool to generate parsing code from sample JSON:
// Generate Parsing Code from JSON

$i = 0;
$count_i = $jResp->SizeOfArray('accounts');
while ($i < $count_i) {
    $jResp->I = $i;
    $v_linksAccount = $jResp->stringOf('accounts[i]._links.account');
    $v_linksBalances = $jResp->stringOf('accounts[i]._links.balances');
    $v_linksTransactions = $jResp->stringOf('accounts[i]._links.transactions');
    $currency = $jResp->stringOf('accounts[i].currency');
    $iban = $jResp->stringOf('accounts[i].iban');
    $name = $jResp->stringOf('accounts[i].name');
    $resourceId = $jResp->stringOf('accounts[i].resourceId');
    $status = $jResp->stringOf('accounts[i].status');
    $i = $i + 1;
}


?>