phpfour/hmrc.php

## hmrc.php
<?php

// Source: https://www.example-code.com/phpExt/hmrc_fraud_prevention_headers.asp

// The version number (9_5_0) should match version of the Chilkat extension used, omitting the micro-version number.
// For example, if using Chilkat v9.5.0.48, then include as shown here:
include("chilkat_9_5_0.php");

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

$rest = new CkRest();

$success = $rest->Connect('test-api.service.hmrc.gov.uk',443,true,true);
if ($success == false) {
    print $rest->lastErrorText() . "\n";
    exit;
}

// Load the previously fetched access token.
$json = new CkJsonObject();
$success = $json->LoadFile('qa_data/tokens/hmrc.json');
$accessToken = $json->stringOf('access_token');
print 'Using access toke: ' . $accessToken . "\n";

$sbAuthHeaderValue = new CkStringBuilder();
$sbAuthHeaderValue->Append('Bearer ');
$sbAuthHeaderValue->Append($accessToken);

$rest->AddHeader('Accept','application/vnd.hmrc.1.0+json');
$rest->AddHeader('Authorization',$sbAuthHeaderValue->getAsString());

// Add the fraud prevention headers.
// See https://developer.service.hmrc.gov.uk/api-documentation/docs/fraud-prevention
$rest->AddHeader('gov-client-connection-method','DESKTOP_APP_DIRECT');

// This should be generated by an application and persistently stored on the device. The identifier should not expire.
$rest->AddHeader('gov-client-device-id','beec798b-b366-47fa-b1f8-92cede14a1ce');

// See https://developer.service.hmrc.gov.uk/api-documentation/docs/fraud-prevention
$rest->AddHeader('gov-client-user-ids','os=user123');

// Your local IP addresses (comma separated), such as addresses beginning with "192.168." or "172.16."
$rest->AddHeader('gov-client-local-ips','172.16.16.23');
// You'll need to find a way to get your MAC address.  Chilkat does not yet provide this ability...
$rest->AddHeader('gov-client-mac-addresses','7C%3AD3%3A0A%3A25%3ADA%3A1C');

$rest->AddHeader('gov-client-timezone','UTC+00:00');

// You can probably just hard-code these so they're always the same with each request.
$rest->AddHeader('gov-client-window-size','width=1256&height=800');
$rest->AddHeader('gov-client-screens','width=1920&height=1080&scaling-factor=1&colour-depth=16');
$rest->AddHeader('gov-client-user-agent','Windows/Server%202012 (Dell%20Inc./OptiPlex%20980)');
$rest->AddHeader('gov-vendor-version','My%20Desktop%20Software=1.2.3.build4286');

$responseStr = $rest->fullRequestNoBody('GET','/test/fraud-prevention-headers/validate');
if ($rest->get_LastMethodSuccess() == false) {
    print $rest->lastErrorText() . "\n";
    exit;
}

// If the status code is 200, then the fraud prevention headers were validated.
// The JSON response may include some warnings..
print 'Response status code = ' . $rest->get_ResponseStatusCode() . "\n";
print 'Response JSON body: ' . "\n";
print $responseStr . "\n";

?>
	<?php

	// Source: https://www.example-code.com/phpExt/hmrc_fraud_prevention_headers.asp

	// The version number (9_5_0) should match version of the Chilkat extension used, omitting the micro-version number.
	// For example, if using Chilkat v9.5.0.48, then include as shown here:
	include("chilkat_9_5_0.php");

	// This example requires the Chilkat API to have been previously unlocked.
	// See Global Unlock Sample for sample code.

	$rest = new CkRest();

	$success = $rest->Connect('test-api.service.hmrc.gov.uk',443,true,true);
	if ($success == false) {
	print $rest->lastErrorText() . "\n";
	exit;
	}

	// Load the previously fetched access token.
	$json = new CkJsonObject();
	$success = $json->LoadFile('qa_data/tokens/hmrc.json');
	$accessToken = $json->stringOf('access_token');
	print 'Using access toke: ' . $accessToken . "\n";

	$sbAuthHeaderValue = new CkStringBuilder();
	$sbAuthHeaderValue->Append('Bearer ');
	$sbAuthHeaderValue->Append($accessToken);

	$rest->AddHeader('Accept','application/vnd.hmrc.1.0+json');
	$rest->AddHeader('Authorization',$sbAuthHeaderValue->getAsString());

	// Add the fraud prevention headers.
	// See https://developer.service.hmrc.gov.uk/api-documentation/docs/fraud-prevention
	$rest->AddHeader('gov-client-connection-method','DESKTOP_APP_DIRECT');

	// This should be generated by an application and persistently stored on the device. The identifier should not expire.
	$rest->AddHeader('gov-client-device-id','beec798b-b366-47fa-b1f8-92cede14a1ce');

	// See https://developer.service.hmrc.gov.uk/api-documentation/docs/fraud-prevention
	$rest->AddHeader('gov-client-user-ids','os=user123');

	// Your local IP addresses (comma separated), such as addresses beginning with "192.168." or "172.16."
	$rest->AddHeader('gov-client-local-ips','172.16.16.23');
	// You'll need to find a way to get your MAC address. Chilkat does not yet provide this ability...
	$rest->AddHeader('gov-client-mac-addresses','7C%3AD3%3A0A%3A25%3ADA%3A1C');

	$rest->AddHeader('gov-client-timezone','UTC+00:00');

	// You can probably just hard-code these so they're always the same with each request.
	$rest->AddHeader('gov-client-window-size','width=1256&height=800');
	$rest->AddHeader('gov-client-screens','width=1920&height=1080&scaling-factor=1&colour-depth=16');
	$rest->AddHeader('gov-client-user-agent','Windows/Server%202012 (Dell%20Inc./OptiPlex%20980)');
	$rest->AddHeader('gov-vendor-version','My%20Desktop%20Software=1.2.3.build4286');

	$responseStr = $rest->fullRequestNoBody('GET','/test/fraud-prevention-headers/validate');
	if ($rest->get_LastMethodSuccess() == false) {
	print $rest->lastErrorText() . "\n";
	exit;
	}

	// If the status code is 200, then the fraud prevention headers were validated.
	// The JSON response may include some warnings..
	print 'Response status code = ' . $rest->get_ResponseStatusCode() . "\n";
	print 'Response JSON body: ' . "\n";
	print $responseStr . "\n";

	?>