Sample code for 30+ languages & platforms
SQL Server

HMRC Validate Fraud Prevention Headers

See more HTTP Misc Examples

Demonstrates how to test (validate) HMRC fraud prevention headers.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    DECLARE @rest int
    EXEC @hr = sp_OACreate 'Chilkat.Rest', @rest OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    EXEC sp_OAMethod @rest, 'Connect', @success OUT, 'test-api.service.hmrc.gov.uk', 443, 1, 1
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @rest, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @rest
        RETURN
      END

    -- Load the previously fetched access token.
    DECLARE @json int
    EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @json OUT

    EXEC sp_OAMethod @json, 'LoadFile', @success OUT, 'qa_data/tokens/hmrc.json'
    DECLARE @accessToken nvarchar(4000)
    EXEC sp_OAMethod @json, 'StringOf', @accessToken OUT, 'access_token'

    PRINT 'Using access toke: ' + @accessToken

    DECLARE @sbAuthHeaderValue int
    EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbAuthHeaderValue OUT

    EXEC sp_OAMethod @sbAuthHeaderValue, 'Append', @success OUT, 'Bearer '
    EXEC sp_OAMethod @sbAuthHeaderValue, 'Append', @success OUT, @accessToken

    EXEC sp_OAMethod @rest, 'AddHeader', @success OUT, 'Accept', 'application/vnd.hmrc.1.0+json'
    EXEC sp_OAMethod @sbAuthHeaderValue, 'GetAsString', @sTmp0 OUT
    EXEC sp_OAMethod @rest, 'AddHeader', @success OUT, 'Authorization', @sTmp0

    -- Add the fraud prevention headers.
    -- See https://developer.service.hmrc.gov.uk/api-documentation/docs/fraud-prevention
    EXEC sp_OAMethod @rest, 'AddHeader', @success OUT, 'gov-client-connection-method', 'DESKTOP_APP_DIRECT'

    -- This should be generated by an application and persistently stored on the device. The identifier should not expire.
    EXEC sp_OAMethod @rest, 'AddHeader', @success OUT, 'gov-client-device-id', 'beec798b-b366-47fa-b1f8-92cede14a1ce'

    -- See https://developer.service.hmrc.gov.uk/api-documentation/docs/fraud-prevention
    EXEC sp_OAMethod @rest, 'AddHeader', @success OUT, 'gov-client-user-ids', 'os=user123'

    -- Your local IP addresses (comma separated), such as addresses beginning with "192.168." or "172.16."
    EXEC sp_OAMethod @rest, 'AddHeader', @success OUT, 'gov-client-local-ips', '172.16.16.23'
    -- You'll need to find a way to get your MAC address.  Chilkat does not yet provide this ability...
    EXEC sp_OAMethod @rest, 'AddHeader', @success OUT, 'gov-client-mac-addresses', '7C%3AD3%3A0A%3A25%3ADA%3A1C'

    EXEC sp_OAMethod @rest, 'AddHeader', @success OUT, 'gov-client-timezone', 'UTC+00:00'

    -- You can probably just hard-code these so they're always the same with each request.
    EXEC sp_OAMethod @rest, 'AddHeader', @success OUT, 'gov-client-window-size', 'width=1256&height=800'
    EXEC sp_OAMethod @rest, 'AddHeader', @success OUT, 'gov-client-screens', 'width=1920&height=1080&scaling-factor=1&colour-depth=16'
    EXEC sp_OAMethod @rest, 'AddHeader', @success OUT, 'gov-client-user-agent', 'Windows/Server%202012 (Dell%20Inc./OptiPlex%20980)'
    EXEC sp_OAMethod @rest, 'AddHeader', @success OUT, 'gov-vendor-version', 'My%20Desktop%20Software=1.2.3.build4286'

    DECLARE @responseStr nvarchar(4000)
    EXEC sp_OAMethod @rest, 'FullRequestNoBody', @responseStr OUT, 'GET', '/test/fraud-prevention-headers/validate'
    EXEC sp_OAGetProperty @rest, 'LastMethodSuccess', @iTmp0 OUT
    IF @iTmp0 = 0
      BEGIN
        EXEC sp_OAGetProperty @rest, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @rest
        EXEC @hr = sp_OADestroy @json
        EXEC @hr = sp_OADestroy @sbAuthHeaderValue
        RETURN
      END

    -- If the status code is 200, then the fraud prevention headers were validated.
    -- The JSON response may include some warnings..

    EXEC sp_OAGetProperty @rest, 'ResponseStatusCode', @iTmp0 OUT
    PRINT 'Response status code = ' + @iTmp0

    PRINT 'Response JSON body: '

    PRINT @responseStr

    EXEC @hr = sp_OADestroy @rest
    EXEC @hr = sp_OADestroy @json
    EXEC @hr = sp_OADestroy @sbAuthHeaderValue


END
GO