Skip to content

Declared in <galanthus/c_api/gln_capi.h>.

GLN_API gln_status_t GLN_CALL gln_revolut_prepare_product_credentials(
    const gln_revolut_prepare_product_credentials_request_t* in_request,
    char**                                                   out_setup_json,
    gln_error_t*                                             out_error);
  • Family: Row field accessors
  • Return type: gln_status_t

Purpose

Creates or refreshes a prepared Revolut product credential profile without requiring a ClientID.

The call creates or reuses a CurrentUser CNG-backed non-exportable signing certificate, validates reused certificate/key security, exports public certificate material, creates the product token root, and returns only setup-safe JSON.

Return

Returns GLN_OK on success and a non-OK gln_status_t value on failure.

TypeNullabilityOwnership
gln_status_tvaluevalue

Parameters

NameDirectionTypeNullabilityOwnership
in_requestinputconst gln_revolut_prepare_product_credentials_request_t*nonnullborrowed
out_setup_jsonoutputchar**nonnulltransferred_out
out_erroroutputgln_error_t*nonnullcaller_allocated_output

Request

Initialize gln_revolut_prepare_product_credentials_request_t with gln_default_revolut_prepare_product_credentials_request before filling fields.

environment and redirect_uri are required. product_credential_ref_or_null may be absent to use the library default. product_credential_root_or_null and storage_root_or_null are optional UTF-8 filesystem path strings; pass the same roots that open/preflight will use.

redirect_uri must be exactly https://varinomics.github.io/galanthus-oauth-callback/. Advanced loopback setups may instead use an exact http loopback redirect URI with host localhost, 127.0.0.1, or ::1, an explicit valid port, and a non-root absolute path.

Result And Redaction

On success, out_setup_json receives a caller-owned string released with gln_release_string.

The JSON reports profile reference, environment, redirect URI, certificate thumbprint, certificate reuse, ClientID presence, token-root readiness, preflight readiness, public certificate paths, and public certificate PEM.

The result never exposes private keys, private PEM, JWT/client assertions, authorization codes, access tokens, refresh tokens, raw token endpoint bodies, raw security descriptors, or the normal UI token-root path.

Failure Cases

Invalid request fields return GLN_ERR_INVALID_ARG. Token-root creation failures return GLN_ERR_TOKEN_PERSIST_FAILED.

Non-Windows platforms return GLN_ERR_NOT_SUPPORTED after request validation because setup requires Windows CurrentUser CNG certificate-store support.

Reused certificates are rejected if the profile SID/ACL, key accessibility, non-exportability, or private-key security descriptor is not acceptable.

Example

gln_revolut_prepare_product_credentials_request_t request = {0};
gln_default_revolut_prepare_product_credentials_request(&request);
request.product_credential_ref_or_null = "revolut/product/default";
request.environment = "sandbox";
request.redirect_uri = "https://varinomics.github.io/galanthus-oauth-callback/";
request.product_credential_root_or_null = "C:/ProgramData/Galanthus/RevolutProductCredentials";
request.storage_root_or_null = "C:/ProgramData/Galanthus/Revolut";

char* setup_json = NULL;
gln_error_t error = {0};
gln_default_error(&error);
gln_status_t rc = gln_revolut_prepare_product_credentials(
    &request,
    &setup_json,
    &error);
if (rc == GLN_OK) {
    show_public_certificate_setup(setup_json);
}

gln_release_string(setup_json);
gln_release_error(&error);

See Also