(PowerShell) Rabobank GET /v3/accounts

Demonstrates a call to a Rabobank API. Specifically this makes a call to the "Accounts AIS sb" API to deliver all the consented payments accounts for a specific Rabobank customer.

(This includes source code to for signing requests for PSD2 APIs)

For more information, see https://developer-sandbox.rabobank.nl/reference/accounts-ais-sb/3-0-8

Chilkat .NET Downloads Chilkat .NET Assemblies

Add-Type -Path "C:\chilkat\ChilkatDotNet47-9.5.0-x64\ChilkatDotNet47.dll"

# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

$http = New-Object Chilkat.Http

# Implements the following CURL command:

# curl --request GET \
#   --url https://api-sandbox.rabobank.nl/openapi/sandbox/payments/account-information/ais/v3/accounts \
#   --header 'accept: application/json' \
#   --header 'authorization: Bearer REPLACE_BEARER_TOKEN' \
#   --header 'date: REPLACE_THIS_VALUE' \
#   --header 'digest: REPLACE_THIS_VALUE' \
#   --header 'psu-ip-address: OPTIONAL' \
#   --header 'signature: REPLACE_THIS_VALUE' \
#   --header 'tpp-signature-certificate: MIIDkDCCAnigA ... cwE6gUl0rMA==' \
#   --header 'x-ibm-client-id: Client ID' \
#   --header 'x-request-id: REPLACE_THIS_VALUE'

# Load the previously fetched OAuth2 access token.
$jsonToken = New-Object Chilkat.JsonObject
$success = $jsonToken.LoadFile("qa_data/tokens/rabobank.json")
if ($success -eq $false) {
    $($jsonToken.LastErrorText)
    exit
}

# This adds the "authorization: Bearer REPLACE_BEARER_TOKEN" header.
$http.AuthToken = $jsonToken.StringOf("access_token")

# This is the TTP Signature certificate: The certificate used for signing the request.
$sbTppCert = New-Object Chilkat.StringBuilder
$sbTppCert.Append("MIIDkDCCAnigAwIBAgIEWs3AJDANBgkqhkiG9w0BAQsFADCBiTELMAkGA1UEBhMC")
$sbTppCert.Append("TkwxEDAOBgNVBAgMB1V0cmVjaHQxEDAOBgNVBAcMB1V0cmVjaHQxETAPBgNVBAoM")
$sbTppCert.Append("CFJhYm9iYW5rMRwwGgYDVQQLDBNPbmxpbmUgVHJhbnNhY3Rpb25zMSUwIwYDVQQD")
$sbTppCert.Append("DBxQU0QyIEFQSSBQSSBTZXJ2aWNlcyBTYW5kYm94MB4XDTE4MDQxMTA3NTgyOFoX")
$sbTppCert.Append("DTIzMDQxMTA3NTgyOFowgYkxCzAJBgNVBAYTAk5MMRAwDgYDVQQIDAdVdHJlY2h0")
$sbTppCert.Append("MRAwDgYDVQQHDAdVdHJlY2h0MREwDwYDVQQKDAhSYWJvYmFuazEcMBoGA1UECwwT")
$sbTppCert.Append("T25saW5lIFRyYW5zYWN0aW9uczElMCMGA1UEAwwcUFNEMiBBUEkgUEkgU2Vydmlj")
$sbTppCert.Append("ZXMgU2FuZGJveDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANoAjqGW")
$sbTppCert.Append("UgCIm2F+0sBSEwLal+T3u+uldLikpxHCB8iL1GD7FrRjcA+MVsxhvHly7vRsHK+t")
$sbTppCert.Append("QyMSaeK782RHpY33qxPLc8LmoQLb2EuiQxXj9POYkYBQ74qkrZnvKVlR3WoyQWeD")
$sbTppCert.Append("OXnSY2wbNFfkP8ET4ElwyuIIEriwYhab0OIrnnrO8X82/SPZxHwEd3aQjQ6uhiw8")
$sbTppCert.Append("paDspJbS5WjEfuwY16KVVUYlhbtAwGjvc6aK0NBm+LH9fMLpAE6gfGZNy0gzMDor")
$sbTppCert.Append("VNbkQK1IoAGD8p9ZHdB0F3FwkILEjUiQW6nK+/fKDNJ0TBbpgZUpY8bR460qzxKd")
$sbTppCert.Append("eZ1yPDqX2Cjh6fkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAYL4iD6noMJAt63kD")
$sbTppCert.Append("ED4RB2mII/lssvHhcxuDpOm3Ims9urubFWEpvV5TgIBAxy9PBinOdjhO1kGJJnYi")
$sbTppCert.Append("7F1jv1qnZwTV1JhYbvxv3+vk0jaiu7Ew7G3ASlzruXyMhN6t6jk9MpaWGl5Uw1T+")
$sbTppCert.Append("gNRUcWQRR44g3ahQRIS/UHkaV+vcpOa8j186/1X0ULHfbcVQk4LMmJeXqNs8sBAU")
$sbTppCert.Append("dKU/c6ssvj8jfJ4SfrurcBhY5UBTOdQOXTPY85aU3iFloerx7Oi9EHewxInOrU5X")
$sbTppCert.Append("zqqTz2AQPXezexVeAQxP27lzqCmYC7CFiam6QBr06VebkmnPLfs76n8CDc1cwE6g")
$sbTppCert.Append("Ul0rMA==")
$http.SetRequestHeader("tpp-signature-certificate",$sbTppCert.GetAsString())

# ----------------------------------------------------------------
# We're not going to add the psu-ip-address header in this example.

# ----------------------------------------------------------------
# X-Request-ID header...
# Generate a UUID v4.
$crypt = New-Object Chilkat.Crypt2
$xRequestId = $crypt.GenerateUuid()
$http.SetRequestHeader("x-request-id",$xRequestId)

# ----------------------------------------------------------------
# Date header...
$dt = New-Object Chilkat.CkDateTime
$dt.SetFromCurrentSystemTime()
$dateHdrVal = $dt.GetAsRfc822($false)
# The desire date/time format is the "RFC822" format.
$http.SetRequestHeader("Date",$dateHdrVal)

# ----------------------------------------------------------------
# Digest header...
$crypt.HashAlgorithm = "SHA256"
$crypt.EncodingMode = "base64"
# A GET request has no HTTP request body.  Therefore the payload is the empty string.
$payload = ""
$payloadDigest = $crypt.HashStringENC($payload)
$sbDigestHdrVal = New-Object Chilkat.StringBuilder
$sbDigestHdrVal.Append("SHA-256=")
$sbDigestHdrVal.Append($payloadDigest)
$http.SetRequestHeader("digest",$sbDigestHdrVal.GetAsString())

# ----------------------------------------------------------------
# The HTTP request needs to be signed for PSD2 API's...
# Create the signing string (to use in signing the HTTP request).
# See https://developer.rabobank.nl/signing-requests-psd2-apis
# 
# For "account information" HTTP requests, we must use the following headers in the signing string.
#    date
#    digest
#    x-request-id

$sbStringToSign = New-Object Chilkat.StringBuilder
$sbStringToSign.Append("date: ")
$sbStringToSign.AppendLine($dateHdrVal,$false)
$sbStringToSign.Append("digest: ")
$sbStringToSign.AppendLine($sbDigestHdrVal.GetAsString(),$false)
$sbStringToSign.Append("x-request-id: ")
$sbStringToSign.Append($xRequestId)

# ----------------------------------------------------------------
# Sign with our private key...
$sbPrivKey = New-Object Chilkat.StringBuilder
$sbPrivKey.Append("MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDaAI6hllIAiJth")
$sbPrivKey.Append("ftLAUhMC2pfk97vrpXS4pKcRwgfIi9Rg+xa0Y3APjFbMYbx5cu70bByvrUMjEmni")
$sbPrivKey.Append("u/NkR6WN96sTy3PC5qEC29hLokMV4/TzmJGAUO+KpK2Z7ylZUd1qMkFngzl50mNs")
$sbPrivKey.Append("GzRX5D/BE+BJcMriCBK4sGIWm9DiK556zvF/Nv0j2cR8BHd2kI0OroYsPKWg7KSW")
$sbPrivKey.Append("0uVoxH7sGNeilVVGJYW7QMBo73OmitDQZvix/XzC6QBOoHxmTctIMzA6K1TW5ECt")
$sbPrivKey.Append("SKABg/KfWR3QdBdxcJCCxI1IkFupyvv3ygzSdEwW6YGVKWPG0eOtKs8SnXmdcjw6")
$sbPrivKey.Append("l9go4en5AgMBAAECggEAB8nsTqalwGIhFw8mbXuhNUFlGuek/arYLD6pv28swwQH")
$sbPrivKey.Append("7v0ZlxFUcCHF+iBl0PsDwZTZQ4ePtgGS6ehoLkWHCzb1lEv5E1YVG5qKNE2UUwRl")
$sbPrivKey.Append("fIyPakO6AzyV/UF3uzq7C+/GuXGNTKZxKewg5yD/DCFvKoCOpxu9u36FyqP/hw0S")
$sbPrivKey.Append("ADVlmp35/zoPDPZzu1j4FiCo0pJ9LwJcHxeJHopNAKDw9k6I4z/grskdgupsGzK2")
$sbPrivKey.Append("BiGiQ/+wmmO68/6Xa6KWfpr1PQ6ODJHgzZsdGCVi6Ebaqlj6BbsYWxP6h3lrsGt+")
$sbPrivKey.Append("LmHBaN2jCD6cDp+lihqFgnm8hfdv0lmbPilp71EDfwKBgQD6U8PBzZtN8yXm5WuS")
$sbPrivKey.Append("NL+/8q5GjNmeTJBSo1gM6Y8vOT4QAE147LbVuVBDwyHPoSrNejePae6Q14PswjBy")
$sbPrivKey.Append("T7B8DZ0OeQyGa3trrFg/ib7Vv4ZMvJqX9+WzBrzZsxTg7oCKHzmCR4vIRItKHH3z")
$sbPrivKey.Append("Wnnhqlo8ic2AZ2O43cdJosbO1wKBgQDe8UODOLu0vnHohOKeUqF3w/ZOB2+83/js")
$sbPrivKey.Append("YyUbSkzsGvHIwTjObuMUFTQvdMZ6IkIyJdfnDZIbvlBSD8tzL5iKFTNCK2nL1i4G")
$sbPrivKey.Append("iFr0CYLaHAlhJ5GEbTrTMDoJeBPerZq83HPrSa/Wb0xO18QTWsoVQPFfPFbbcQyI")
$sbPrivKey.Append("9ryJ2iIDrwKBgQC6kuAefG46ZPVk6K2KZUJdgDUgZC52a75NuW0RAqszmUiGiJM1")
$sbPrivKey.Append("g8ip9tq6BqAWrprGV0c93shusBKlzf5p1LdHXqYmeVY6gbWVhPipMrNHgN5KJ3BZ")
$sbPrivKey.Append("v+w1yNnMsErpcxne2HL2hPjMJTpj3GSLkm2xIlTrNhIyl9ydlr7IRUhENQKBgQCv")
$sbPrivKey.Append("i6HxbXa/90WSJTCcIcxqla8X+dsOCf3jhJ3vQy4Wq5C+1wZ35fCAG8Ifq/+so9Uj")
$sbPrivKey.Append("z5CVqqXlmpF8TFuSs2OVNuRJsg14J4nOMwgLKIIUZAcurQ10DN5I9Kx+UEK1EFXL")
$sbPrivKey.Append("aHsORdNjMfgQDO2jn9WHrr9gkg6CdB2+qyoCEfS+mQKBgBW08lcy9V5RzRWb/v/j")
$sbPrivKey.Append("xsc7ovmgAhCJhDeV7dPbx4HbFeoQJlbA8g1thdcFlcatSGyNDbvNE1GPSd4NhkpR")
$sbPrivKey.Append("Y6Hfv53kdEzjVkEtU8lUdL7HNVJqX7bU7oZlfbYcwxWQ1Gg8C1oLIAyEt71slQtd")
$sbPrivKey.Append("RiNYBRZTQe2F0wxbXnuUqLAw")

$privKey = New-Object Chilkat.PrivateKey
$success = $privKey.LoadPem($sbPrivKey.GetAsString())
if ($success -eq $false) {
    $($privKey.LastErrorText)
    exit
}

$rsa = New-Object Chilkat.Rsa
$success = $rsa.ImportPrivateKeyObj($privKey)
if ($success -eq $false) {
    $($rsa.LastErrorText)
    exit
}

$rsa.EncodingMode = "base64"
$b64Signature = $rsa.SignStringENC($sbStringToSign.GetAsString(),"SHA256")

# ----------------------------------------------------------------
# Add the "signature" header.
# 
# The signature header will look like this:
# signature: keyId="1523433508",algorithm="rsa-sha512",headers="date digest x-request-id",signature="y5o7gKxmfA6AT6...blE1A9Q=="
# 
# The keyId is the serial number of the certificate as defined in 'TPP-Signing-Certificate' header, the format should be Integer not hex. 
$cert = New-Object Chilkat.Cert
$success = $cert.SetFromEncoded($sbTppCert.GetAsString())
if ($success -eq $false) {
    $($cert.LastErrorText)
    exit
}

$sbSigHdrVal = New-Object Chilkat.StringBuilder
$sbSigHdrVal.Append("keyId=`"")
$sbSigHdrVal.Append($cert.SerialDecimal)
$sbSigHdrVal.Append("`",")
$sbSigHdrVal.Append("algorithm=`"rsa-sha256`",")
$sbSigHdrVal.Append("headers=`"date digest x-request-id`",")
$sbSigHdrVal.Append("signature=`"")
$sbSigHdrVal.Append($b64Signature)
$sbSigHdrVal.Append("`"")

$http.SetRequestHeader("signature",$sbSigHdrVal.GetAsString())

# ----------------------------------------------------------------
# Add remaining headers...

$http.SetRequestHeader("x-ibm-client-id","YOUR_APP_CLIENT_ID")
$http.SetRequestHeader("accept","application/json")

# ----------------------------------------------------------------
# Add our certificate and key for mutual TLS 
# (provide a registered X509 client certificate during TLS handhake)

$tlsCert = New-Object Chilkat.Cert
$success = $tlsCert.LoadFromFile("qa_data/certs_and_keys/ING/example_client_tls.cer")
if ($success -eq $false) {
    $($tlsCert.LastErrorText)
    exit
}

$bdPrivKey = New-Object Chilkat.BinData
$success = $bdPrivKey.LoadFile("qa_data/certs_and_keys/ING/example_client_tls.key")
if ($success -eq $false) {
    $("Failed to load example_client_tls.key")
    exit
}

# The OAuth 2.0 client_id for these certificates is e77d776b-90af-4684-bebc-521e5b2614dd. 
# Please note down this client_id since you will need it in the next steps to call the API.

$tlsPrivKey = New-Object Chilkat.PrivateKey
$success = $tlsPrivKey.LoadAnyFormat($bdPrivKey,"")
if ($success -eq $false) {
    $($tlsPrivKey.LastErrorText)
    exit
}

# Associate the private key with the certificate.
$success = $tlsCert.SetPrivateKey($tlsPrivKey)
if ($success -eq $false) {
    $($tlsCert.LastErrorText)
    exit
}

$success = $http.SetSslClientCert($tlsCert)
if ($success -eq $false) {
    $($http.LastErrorText)
    exit
}

# ----------------------------------------------------------------
# Finally, send the request...

$sbResponseBody = New-Object Chilkat.StringBuilder
$success = $http.QuickGetSb("https://api-sandbox.rabobank.nl/openapi/sandbox/payments/account-information/ais/v3/accounts",$sbResponseBody)
if ($success -eq $false) {
    $($http.LastErrorText)
    $($sbResponseBody.GetAsString())
    exit
}

$jResp = New-Object Chilkat.JsonObject
$jResp.LoadSb($sbResponseBody)
$jResp.EmitCompact = $false

$("Response Body:")
$($jResp.Emit())

$respStatusCode = $http.LastStatus
$("Response Status Code = " + $respStatusCode)
if ($respStatusCode -ge 400) {
    $("Response Header:")
    $($http.LastHeader)
    $("Failed.")
    exit
}

# Sample JSON response:
# (Sample code for parsing the JSON response is shown below)

# {
#   "accounts": [
#     {
#       "_links": {
#         "account": "/v3/accounts/dW9od2VIVUhGVypIZHVpaGRhdWR3OGRoY",
#         "balances": "/v3/accounts/dW9od2VIVUhGVypIZHVpaGRhdWR3OGRoY/balances",
#         "transactions": "/v3/accounts/dW9od2VIVUhGVypIZHVpaGRhdWR3OGRoY/transactions"
#       },
#       "currency": "EUR",
#       "iban": "NL05RABO0812836782",
#       "name": "Rosie Roy",
#       "resourceId": "dW9od2VIVUhGVypIZHVpaGRhdWR3OGRoY",
#       "status": "enabled"
#     }
#   ]
# }

# Sample code for parsing the JSON response...
# Use the following online tool to generate parsing code from sample JSON:
# Generate Parsing Code from JSON

$i = 0
$count_i = $jResp.SizeOfArray("accounts")
while ($i -lt $count_i) {
    $jResp.I = $i
    $v_linksAccount = $jResp.StringOf("accounts[i]._links.account")
    $v_linksBalances = $jResp.StringOf("accounts[i]._links.balances")
    $v_linksTransactions = $jResp.StringOf("accounts[i]._links.transactions")
    $currency = $jResp.StringOf("accounts[i].currency")
    $iban = $jResp.StringOf("accounts[i].iban")
    $name = $jResp.StringOf("accounts[i].name")
    $resourceId = $jResp.StringOf("accounts[i].resourceId")
    $status = $jResp.StringOf("accounts[i].status")
    $i = $i + 1
}