Sample code for 30+ languages & platforms
Unicode C

ING Open Banking OAuth2 Client Credentials

See more OAuth2 Examples

Demonstrates how to get an access token for the ING Open Banking APIs using client credentials.

Chilkat Unicode C Downloads

Unicode C
#include <C_CkCertW.h>
#include <C_CkBinDataW.h>
#include <C_CkPrivateKeyW.h>
#include <C_CkHttpW.h>
#include <C_CkCrypt2W.h>
#include <C_CkDateTimeW.h>
#include <C_CkStringBuilderW.h>
#include <C_CkRsaW.h>
#include <C_CkHttpRequestW.h>
#include <C_CkHttpResponseW.h>
#include <C_CkJsonObjectW.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkCertW cert;
    HCkBinDataW bdPrivKey;
    HCkPrivateKeyW privKey;
    HCkHttpW http;
    HCkCrypt2W crypt;
    const wchar_t *payload;
    const wchar_t *payloadDigest;
    HCkDateTimeW dt;
    const wchar_t *httpMethod;
    const wchar_t *reqPath;
    HCkStringBuilderW sbStringToSign;
    HCkPrivateKeyW signingPrivKey;
    HCkRsaW rsa;
    const wchar_t *b64Signature;
    HCkStringBuilderW sbAuthHdrVal;
    HCkStringBuilderW sbDigestHdrVal;
    HCkHttpRequestW req;
    HCkHttpResponseW resp;
    HCkJsonObjectW json;
    const wchar_t *kty;
    const wchar_t *n;
    const wchar_t *e;
    const wchar_t *use;
    const wchar_t *alg;
    const wchar_t *x5t;
    const wchar_t *access_token;
    int expires_in;
    const wchar_t *scope;
    const wchar_t *token_type;
    const wchar_t *client_id;
    int i;
    int count_i;

    success = FALSE;

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    cert = CkCertW_Create();
    success = CkCertW_LoadFromFile(cert,L"qa_data/certs_and_keys/ING/example_client_tls.cer");
    if (success == FALSE) {
        wprintf(L"%s\n",CkCertW_lastErrorText(cert));
        CkCertW_Dispose(cert);
        return;
    }

    bdPrivKey = CkBinDataW_Create();
    success = CkBinDataW_LoadFile(bdPrivKey,L"qa_data/certs_and_keys/ING/example_client_tls.key");
    if (success == FALSE) {
        wprintf(L"Failed to load example_client_tls.key\n");
        CkCertW_Dispose(cert);
        CkBinDataW_Dispose(bdPrivKey);
        return;
    }

    // The OAuth 2.0 client_id for these certificates is e77d776b-90af-4684-bebc-521e5b2614dd. 
    // Please note down this client_id since you will need it in the next steps to call the API.

    privKey = CkPrivateKeyW_Create();
    success = CkPrivateKeyW_LoadAnyFormat(privKey,bdPrivKey,L"");
    if (success == FALSE) {
        wprintf(L"%s\n",CkPrivateKeyW_lastErrorText(privKey));
        CkCertW_Dispose(cert);
        CkBinDataW_Dispose(bdPrivKey);
        CkPrivateKeyW_Dispose(privKey);
        return;
    }

    // Associate the private key with the certificate.
    success = CkCertW_SetPrivateKey(cert,privKey);
    if (success == FALSE) {
        wprintf(L"%s\n",CkCertW_lastErrorText(cert));
        CkCertW_Dispose(cert);
        CkBinDataW_Dispose(bdPrivKey);
        CkPrivateKeyW_Dispose(privKey);
        return;
    }

    http = CkHttpW_Create();

    success = CkHttpW_SetSslClientCert(http,cert);
    if (success == FALSE) {
        wprintf(L"%s\n",CkHttpW_lastErrorText(http));
        CkCertW_Dispose(cert);
        CkBinDataW_Dispose(bdPrivKey);
        CkPrivateKeyW_Dispose(privKey);
        CkHttpW_Dispose(http);
        return;
    }

    // Calculate the Digest and add the "Digest" header.  Do the equivalent of this:
    // payload="grant_type=client_credentials"
    // payloadDigest=`echo -n "$payload" | openssl dgst -binary -sha256 | openssl base64`
    // digest=SHA-256=$payloadDigest
    crypt = CkCrypt2W_Create();
    CkCrypt2W_putHashAlgorithm(crypt,L"SHA256");
    CkCrypt2W_putEncodingMode(crypt,L"base64");
    payload = L"grant_type=client_credentials";
    payloadDigest = CkCrypt2W_hashStringENC(crypt,payload);

    // Calculate the current date/time and add the Date header.  
    // reqDate=$(LC_TIME=en_US.UTF-8 date -u "+%a, %d %b %Y %H:%M:%S GMT")  
    dt = CkDateTimeW_Create();
    CkDateTimeW_SetFromCurrentSystemTime(dt);
    // The desire date/time format is the "RFC822" format.
    CkHttpW_SetRequestHeader(http,L"Date",CkDateTimeW_getAsRfc822(dt,FALSE));

    // Calculate signature for signing your request
    // Duplicate the following code:

    // 	httpMethod="post"
    // 	reqPath="/oauth2/token"
    // 	signingString="(request-target): $httpMethod $reqPath
    // 	date: $reqDate
    // 	digest: $digest"
    // 	signature=`printf "$signingString" | openssl dgst -sha256 -sign "${certPath}example_client_signing.key" -passin "pass:changeit" | openssl base64 -A`

    httpMethod = L"POST";
    reqPath = L"/oauth2/token";

    sbStringToSign = CkStringBuilderW_Create();
    CkStringBuilderW_Append(sbStringToSign,L"(request-target): ");
    CkStringBuilderW_Append(sbStringToSign,httpMethod);
    CkStringBuilderW_ToLowercase(sbStringToSign);
    CkStringBuilderW_Append(sbStringToSign,L" ");
    CkStringBuilderW_AppendLine(sbStringToSign,reqPath,FALSE);

    CkStringBuilderW_Append(sbStringToSign,L"date: ");
    CkStringBuilderW_AppendLine(sbStringToSign,CkDateTimeW_getAsRfc822(dt,FALSE),FALSE);

    CkStringBuilderW_Append(sbStringToSign,L"digest: SHA-256=");
    CkStringBuilderW_Append(sbStringToSign,payloadDigest);

    signingPrivKey = CkPrivateKeyW_Create();
    success = CkPrivateKeyW_LoadPemFile(signingPrivKey,L"qa_data/certs_and_keys/ING/example_client_signing.key");
    if (success == FALSE) {
        wprintf(L"%s\n",CkPrivateKeyW_lastErrorText(signingPrivKey));
        CkCertW_Dispose(cert);
        CkBinDataW_Dispose(bdPrivKey);
        CkPrivateKeyW_Dispose(privKey);
        CkHttpW_Dispose(http);
        CkCrypt2W_Dispose(crypt);
        CkDateTimeW_Dispose(dt);
        CkStringBuilderW_Dispose(sbStringToSign);
        CkPrivateKeyW_Dispose(signingPrivKey);
        return;
    }

    rsa = CkRsaW_Create();
    success = CkRsaW_UsePrivateKey(rsa,signingPrivKey);
    if (success == FALSE) {
        wprintf(L"%s\n",CkRsaW_lastErrorText(rsa));
        CkCertW_Dispose(cert);
        CkBinDataW_Dispose(bdPrivKey);
        CkPrivateKeyW_Dispose(privKey);
        CkHttpW_Dispose(http);
        CkCrypt2W_Dispose(crypt);
        CkDateTimeW_Dispose(dt);
        CkStringBuilderW_Dispose(sbStringToSign);
        CkPrivateKeyW_Dispose(signingPrivKey);
        CkRsaW_Dispose(rsa);
        return;
    }

    CkRsaW_putEncodingMode(rsa,L"base64");
    b64Signature = CkRsaW_signStringENC(rsa,CkStringBuilderW_getAsString(sbStringToSign),L"SHA256");

    sbAuthHdrVal = CkStringBuilderW_Create();
    CkStringBuilderW_Append(sbAuthHdrVal,L"Signature keyId=\"e77d776b-90af-4684-bebc-521e5b2614dd\",");
    CkStringBuilderW_Append(sbAuthHdrVal,L"algorithm=\"rsa-sha256\",");
    CkStringBuilderW_Append(sbAuthHdrVal,L"headers=\"(request-target) date digest\",");
    CkStringBuilderW_Append(sbAuthHdrVal,L"signature=\"");
    CkStringBuilderW_Append(sbAuthHdrVal,b64Signature);
    CkStringBuilderW_Append(sbAuthHdrVal,L"\"");

    sbDigestHdrVal = CkStringBuilderW_Create();
    CkStringBuilderW_Append(sbDigestHdrVal,L"SHA-256=");
    CkStringBuilderW_Append(sbDigestHdrVal,payloadDigest);

    // Do the following CURL statement:

    // 	curl -i -X POST "${httpHost}${reqPath}" \
    // 	-H 'Accept: application/json' \
    // 	-H 'Content-Type: application/x-www-form-urlencoded' \
    // 	-H "Digest: ${digest}" \
    // 	-H "Date: ${reqDate}" \
    // 	-H "authorization: Signature keyId=\"$keyId\",algorithm=\"rsa-sha256\",headers=\"(request-target) date digest\",signature=\"$signature\"" \
    // 	-d "${payload}" \
    // 	--cert "${certPath}tlsCert.crt" \
    // 	--key "${certPath}tlsCert.key"

    req = CkHttpRequestW_Create();
    CkHttpRequestW_AddParam(req,L"grant_type",L"client_credentials");
    CkHttpRequestW_AddHeader(req,L"Accept",L"application/json");
    CkHttpRequestW_AddHeader(req,L"Date",CkDateTimeW_getAsRfc822(dt,FALSE));
    CkHttpRequestW_AddHeader(req,L"Digest",CkStringBuilderW_getAsString(sbDigestHdrVal));
    CkHttpRequestW_AddHeader(req,L"Authorization",CkStringBuilderW_getAsString(sbAuthHdrVal));

    CkHttpRequestW_putHttpVerb(req,L"POST");
    CkHttpRequestW_putContentType(req,L"application/x-www-form-urlencoded");

    resp = CkHttpResponseW_Create();
    success = CkHttpW_HttpReq(http,L"https://api.sandbox.ing.com/oauth2/token",req,resp);
    if (success == FALSE) {
        wprintf(L"%s\n",CkHttpW_lastErrorText(http));
        CkCertW_Dispose(cert);
        CkBinDataW_Dispose(bdPrivKey);
        CkPrivateKeyW_Dispose(privKey);
        CkHttpW_Dispose(http);
        CkCrypt2W_Dispose(crypt);
        CkDateTimeW_Dispose(dt);
        CkStringBuilderW_Dispose(sbStringToSign);
        CkPrivateKeyW_Dispose(signingPrivKey);
        CkRsaW_Dispose(rsa);
        CkStringBuilderW_Dispose(sbAuthHdrVal);
        CkStringBuilderW_Dispose(sbDigestHdrVal);
        CkHttpRequestW_Dispose(req);
        CkHttpResponseW_Dispose(resp);
        return;
    }

    // If successful, the status code = 200
    wprintf(L"Response Status Code: %d\n",CkHttpResponseW_getStatusCode(resp));
    wprintf(L"%s\n",CkHttpResponseW_bodyStr(resp));

    json = CkJsonObjectW_Create();
    CkJsonObjectW_Load(json,CkHttpResponseW_bodyStr(resp));

    CkJsonObjectW_putEmitCompact(json,FALSE);
    wprintf(L"%s\n",CkJsonObjectW_emit(json));

    // A successful response contains an access token such as:
    // {
    //   "access_token": "eyJhbGc ... bxI_SoPOBH9xmoM",
    //   "expires_in": 905,
    //   "scope": "payment-requests:view payment-requests:create payment-requests:close greetings:view virtual-ledger-accounts:fund-reservation:create virtual-ledger-accounts:fund-reservation:delete virtual-ledger-accounts:balance:view",
    //   "token_type": "Bearer",
    //   "keys": [
    //     {
    //       "kty": "RSA",
    //       "n": "3l3rdz4...04VPkdV",
    //       "e": "AQAB",
    //       "use": "sig",
    //       "alg": "RS256",
    //       "x5t": "3c396700fc8cd709cf9cb5452a22bcde76985851"
    //     }
    //   ],
    //   "client_id": "e77d776b-90af-4684-bebc-521e5b2614dd"
    // }

    // Use this online tool to generate parsing code from sample JSON: 
    // Generate Parsing Code from JSON

    access_token = CkJsonObjectW_stringOf(json,L"access_token");
    expires_in = CkJsonObjectW_IntOf(json,L"expires_in");
    scope = CkJsonObjectW_stringOf(json,L"scope");
    token_type = CkJsonObjectW_stringOf(json,L"token_type");
    client_id = CkJsonObjectW_stringOf(json,L"client_id");
    i = 0;
    count_i = CkJsonObjectW_SizeOfArray(json,L"keys");
    while (i < count_i) {
        CkJsonObjectW_putI(json,i);
        kty = CkJsonObjectW_stringOf(json,L"keys[i].kty");
        n = CkJsonObjectW_stringOf(json,L"keys[i].n");
        e = CkJsonObjectW_stringOf(json,L"keys[i].e");
        use = CkJsonObjectW_stringOf(json,L"keys[i].use");
        alg = CkJsonObjectW_stringOf(json,L"keys[i].alg");
        x5t = CkJsonObjectW_stringOf(json,L"keys[i].x5t");
        i = i + 1;
    }

    // This example will save the JSON containing the access key to a file so that
    // a subsequent example can load it and then use the access key for a request, such as to create a payment request.
    CkJsonObjectW_WriteFile(json,L"qa_data/tokens/ing_access_token.json");


    CkCertW_Dispose(cert);
    CkBinDataW_Dispose(bdPrivKey);
    CkPrivateKeyW_Dispose(privKey);
    CkHttpW_Dispose(http);
    CkCrypt2W_Dispose(crypt);
    CkDateTimeW_Dispose(dt);
    CkStringBuilderW_Dispose(sbStringToSign);
    CkPrivateKeyW_Dispose(signingPrivKey);
    CkRsaW_Dispose(rsa);
    CkStringBuilderW_Dispose(sbAuthHdrVal);
    CkStringBuilderW_Dispose(sbDigestHdrVal);
    CkHttpRequestW_Dispose(req);
    CkHttpResponseW_Dispose(resp);
    CkJsonObjectW_Dispose(json);

    }