README.md

Sample for authentication using the Code Flow

The Authorization Code is an OAuth 2.0 grant that regular web apps use in order to access an API.

This version uses cURL for the requests. If your installation doesn't support cURL, there is an example using the legacy file_get_contents() as well.

Get an OpenAPI Developer Account here: https://www.developer.saxo/accounts/sim/signup.
Navigate to App Management in the Developer Portal: https://www.developer.saxo/openapi/appmanagement.
Create a Code Flow app with a redirect to http://localhost/openapi-samples-php/authentication/oauth2-code-flow/demonstrate-code-flow.php.
Modify the server-config file, so it contains your app details.
Copy the files in this folder to your webserver (running PHP) and make sure your redirect is active.
Navigate to the index.php, sign in and get data from the API.

Rate limits are logged, as well as the X-Correlation response header.

This sample contains the following files:

Filename	Description
server‑config.php	This is the configuration with the hosts of SIM and Live, and your app details. Add your app details before trying the sample!
index.php	This is the landing file. The file creates the URL, saves the CSRF token in the session and initiates a redirect to the OAuth2 server of Saxo Bank.
demonstrate‑code‑flow.php	After the OAuth2, the user is redirected to this file. This file detects errors, if any, it verifies the request using the CSRF token and af all is good, it requests an access token. This access token is used for a request to the API and afterwards, a new access token is requested.
cacert.pem	This is a bundle of X.509 certificates of public Certificate Authorities (CA) required to verify the SSL endpoints. Latest version: https://curl.haxx.se/docs/caextract.html

The JavaScript sample repository contains a sample where PHP is used as backend, and JavaScript handles the requests.