GALANTHUS / ABI FUNCTION REFERENCE
gln_revolut_finalize_product_credentials
Declared in <galanthus/c_api/gln_capi.h>.
GLN_API gln_status_t GLN_CALL gln_revolut_finalize_product_credentials(
const gln_revolut_finalize_product_credentials_request_t* in_request,
char** out_setup_json,
gln_error_t* out_error);
Purpose
Stores the Revolut ClientID for an existing prepared product credential profile.
The call validates the prepared profile, SID/ACL binding, signing key, and product token root, then makes the same profile ready for preflight and backend open.
Return
Returns GLN_OK on success and a non-OK gln_status_t value on failure.
| Type | Nullability | Ownership |
|---|---|---|
gln_status_t | value | value |
Parameters
| Name | Direction | Type | Nullability | Ownership |
|---|---|---|---|---|
in_request | input | const gln_revolut_finalize_product_credentials_request_t* | nonnull | borrowed |
out_setup_json | output | char** | nonnull | transferred_out |
out_error | output | gln_error_t* | nonnull | caller_allocated_output |
Request
Initialize gln_revolut_finalize_product_credentials_request_t with gln_default_revolut_finalize_product_credentials_request before filling fields.
environment, redirect_uri, and client_id are required. product_credential_ref_or_null, product_credential_root_or_null, and storage_root_or_null must identify the same prepared profile and token root used by prepare.
Finalize does not create a new certificate or accept private-key material. If the prepared profile, certificate, key, or token root is missing or insecure, the call fails.
Result And Redaction
On success, out_setup_json receives a caller-owned string released with gln_release_string.
The JSON reports readiness and public certificate material, but reports only ClientID presence, not the ClientID value.
The result never exposes private keys, private PEM, JWT/client assertions, authorization codes, access tokens, refresh tokens, raw token endpoint bodies, raw security descriptors, or the normal UI token-root path.
Failure Cases
Invalid request fields or mismatched prepared profile fields return GLN_ERR_INVALID_ARG.
A missing prepared profile or inaccessible signing key returns a non-OK status with a specific issue type. A missing token root returns GLN_ERR_TOKEN_PERSIST_FAILED.
Non-Windows platforms return GLN_ERR_NOT_SUPPORTED after request validation because setup requires Windows CurrentUser CNG certificate-store support.
Example
gln_revolut_finalize_product_credentials_request_t request = {0};
gln_default_revolut_finalize_product_credentials_request(&request);
request.product_credential_ref_or_null = "revolut/product/default";
request.environment = "sandbox";
request.redirect_uri = "https://varinomics.github.io/galanthus-oauth-callback/";
request.product_credential_root_or_null = "C:/ProgramData/Galanthus/RevolutProductCredentials";
request.storage_root_or_null = "C:/ProgramData/Galanthus/Revolut";
request.client_id = revolut_client_id_from_registration;
char* setup_json = NULL;
gln_error_t error = {0};
gln_default_error(&error);
gln_status_t rc = gln_revolut_finalize_product_credentials(
&request,
&setup_json,
&error);
if (rc == GLN_OK) {
remember_revolut_setup_complete(setup_json);
}
gln_release_string(setup_json);
gln_release_error(&error);