Sample code for 30+ languages & platforms
Tcl

HMRC Validate Fraud Prevention Headers

See more HTTP Misc Examples

Demonstrates how to test (validate) HMRC fraud prevention headers.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set rest [new_CkRest]

set success [CkRest_Connect $rest "test-api.service.hmrc.gov.uk" 443 1 1]
if {$success == 0} then {
    puts [CkRest_lastErrorText $rest]
    delete_CkRest $rest
    exit
}

# Load the previously fetched access token.
set json [new_CkJsonObject]

set success [CkJsonObject_LoadFile $json "qa_data/tokens/hmrc.json"]
set accessToken [CkJsonObject_stringOf $json "access_token"]
puts "Using access toke: $accessToken"

set sbAuthHeaderValue [new_CkStringBuilder]

CkStringBuilder_Append $sbAuthHeaderValue "Bearer "
CkStringBuilder_Append $sbAuthHeaderValue $accessToken

CkRest_AddHeader $rest "Accept" "application/vnd.hmrc.1.0+json"
CkRest_AddHeader $rest "Authorization" [CkStringBuilder_getAsString $sbAuthHeaderValue]

# Add the fraud prevention headers.
# See https://developer.service.hmrc.gov.uk/api-documentation/docs/fraud-prevention
CkRest_AddHeader $rest "gov-client-connection-method" "DESKTOP_APP_DIRECT"

# This should be generated by an application and persistently stored on the device. The identifier should not expire.
CkRest_AddHeader $rest "gov-client-device-id" "beec798b-b366-47fa-b1f8-92cede14a1ce"

# See https://developer.service.hmrc.gov.uk/api-documentation/docs/fraud-prevention
CkRest_AddHeader $rest "gov-client-user-ids" "os=user123"

# Your local IP addresses (comma separated), such as addresses beginning with "192.168." or "172.16."
CkRest_AddHeader $rest "gov-client-local-ips" "172.16.16.23"
# You'll need to find a way to get your MAC address.  Chilkat does not yet provide this ability...
CkRest_AddHeader $rest "gov-client-mac-addresses" "7C%3AD3%3A0A%3A25%3ADA%3A1C"

CkRest_AddHeader $rest "gov-client-timezone" "UTC+00:00"

# You can probably just hard-code these so they're always the same with each request.
CkRest_AddHeader $rest "gov-client-window-size" "width=1256&height=800"
CkRest_AddHeader $rest "gov-client-screens" "width=1920&height=1080&scaling-factor=1&colour-depth=16"
CkRest_AddHeader $rest "gov-client-user-agent" "Windows/Server%202012 (Dell%20Inc./OptiPlex%20980)"
CkRest_AddHeader $rest "gov-vendor-version" "My%20Desktop%20Software=1.2.3.build4286"

set responseStr [CkRest_fullRequestNoBody $rest "GET" "/test/fraud-prevention-headers/validate"]
if {[CkRest_get_LastMethodSuccess $rest] == 0} then {
    puts [CkRest_lastErrorText $rest]
    delete_CkRest $rest
    delete_CkJsonObject $json
    delete_CkStringBuilder $sbAuthHeaderValue
    exit
}

# If the status code is 200, then the fraud prevention headers were validated.
# The JSON response may include some warnings..
puts "Response status code = [CkRest_get_ResponseStatusCode $rest]"
puts "Response JSON body: "
puts "$responseStr"

delete_CkRest $rest
delete_CkJsonObject $json
delete_CkStringBuilder $sbAuthHeaderValue