Hi,
One of our VCL products is accounting
software that submits MTD VAT returns to HMRC. Whe have to get
authorisation using Tfrm_OAuthWebForm.
I am developing a web version of our bridging software. How do I do the same thing in TMS Web Core?
Thanks,
Ken
You might have a look at how the example with Google Calendar (demo is included) is implemented as for authentication & authorization of the Google Calendar REST API, OAuth (v2) is used.
Thanks, I'll take a look at that. I might need some help later!
Ok. Before I get that far I have to be able to add a test user to the HMRC MTD Sandbox. The VCL code I use is below but in Web Core I can't find equivalents for most of this:
LClient:=TRestClient.Create(HMRCCreateUserEndpoint);
LRequest:=TRESTRequest.Create(LClient);
LRequest.Method:=TRESTRequestMethod.rmPOST;
LRequest.Accept:='application/vnd.hmrc.1.0+json';
LRequest.Params.AddHeader('Authorization','Bearer '+SA_ServerToken).Options:=[TRestRequestParameterOption.poDoNotEncode];
jArr:=TJSONArray.Create;
jArr.Add('mtd-vat');
jObj:=TJSONObject.Create;
jObj.AddPair('serviceNames',jArr);
LRequest.AddBody(jObj);
jObj.Free;
LRequest.Execute;
if LRequest.Response.StatusCode=201 then
begin
...
end;
LClient.Free;
You should be able to do this post request with the TWebHttpRequest component.
Have you checked this?
Yes but how do a set Accept as this is mandatory?
Further to this, when I add Accept=application/vnd.hmrc.1.0+json to the headers and execute the request. What is received the other end is Accept:/
Adding in TWebHttpRequest.Headers the line Accept=yourvalue is what should be used.
The browser should use this accept header normally when set this way.
From what browser are you testing this?
Firefo. Have tried everyting I can think of.
Typo. it should be Firefox.
Maybe analyzing the request with a (free) tool like Fiddler will reveal where the issue is?
The doc from FireFox explicitly mentions that using setRequestHeader can set a different accept header
and setRequestHeader is what the TWebHttpRequest component does for each value in the TWebHttpRequest.Headers list
Hi,
I have examined it and it is definitely */*
Would you mind trying a get request as follows. It is open endpoint and only requres the accept header shown:
Test code:
procedure TForm3.WebButton1Click(Sender: TObject);
begin
WebHttpRequest1.Headers.Clear;
WebHttpRequest1.Headers.Add('Accept=application/vnd.hmrc.1.0+json');
WebHttpRequest1.Execute;
end;
procedure TForm3.WebHttpRequest1Response(Sender: TObject; AResponse: string);
begin
Webmemo1.Lines.Add(aresponse);
end;
And this results in the browser console we see is:
Thanks but no, I don't think it does. I think this is happening because the accept is not being passed correctly.
Did you read up about the whole background, mechanism, reason of CORS?
Yes I did as I had to implement it for my own site but this is the HMRC VAT test site which is used by a couple of hundred developers most of which are web based. Please see https://developer.service.hmrc.gov.uk/api-documentation/docs/tutorials for details of the hello world non restricted request.
The examples at https://developer.service.hmrc.gov.uk/api-documentation/docs/tutorials are for server side API usage, NOT for client side usage. CORS is related to client side (browser) HTTP requests.
Damn. Thanks for looking into this!
Hi Russell,
I also had no problems in a desktop app but for the Eb Core app I have had to implement this using PHP on the server. If you go this route you have to make sure that the header access control is set properly in the php script.
If you need further info I am happy to provide specifics.
Regards,
Ken
Regards,
Ken