GALANTHUS / ABI FUNCTION REFERENCE
gln_revolut_prepare_product_credentials
Declared in <galanthus/c_api/gln_capi.h>.
GLN_API gln_status_t GLN_CALL gln_revolut_prepare_product_credentials(
const gln_revolut_prepare_product_credentials_request_t* in_request,
char** out_setup_json,
gln_error_t* out_error);
Purpose
Creates or refreshes a prepared Revolut product credential profile without requiring a ClientID.
The call creates or reuses a CurrentUser CNG-backed non-exportable signing certificate, validates reused certificate/key security, exports public certificate material, creates the product token root, and returns only setup-safe JSON.
Return
Returns GLN_OK on success and a non-OK gln_status_t value on failure.
| Type | Nullability | Ownership |
|---|---|---|
gln_status_t | value | value |
Parameters
| Name | Direction | Type | Nullability | Ownership |
|---|---|---|---|---|
in_request | input | const gln_revolut_prepare_product_credentials_request_t* | nonnull | borrowed |
out_setup_json | output | char** | nonnull | transferred_out |
out_error | output | gln_error_t* | nonnull | caller_allocated_output |
Request
Initialize gln_revolut_prepare_product_credentials_request_t with gln_default_revolut_prepare_product_credentials_request before filling fields.
environment and redirect_uri are required. product_credential_ref_or_null may be absent to use the library default. product_credential_root_or_null and storage_root_or_null are optional UTF-8 filesystem path strings; pass the same roots that open/preflight will use.
redirect_uri must be exactly https://varinomics.github.io/galanthus-oauth-callback/. Advanced loopback setups may instead use an exact http loopback redirect URI with host localhost, 127.0.0.1, or ::1, an explicit valid port, and a non-root absolute path.
Result And Redaction
On success, out_setup_json receives a caller-owned string released with gln_release_string.
The JSON reports profile reference, environment, redirect URI, certificate thumbprint, certificate reuse, ClientID presence, token-root readiness, preflight readiness, public certificate paths, and public certificate PEM.
The result never exposes private keys, private PEM, JWT/client assertions, authorization codes, access tokens, refresh tokens, raw token endpoint bodies, raw security descriptors, or the normal UI token-root path.
Failure Cases
Invalid request fields return GLN_ERR_INVALID_ARG. Token-root creation failures return GLN_ERR_TOKEN_PERSIST_FAILED.
Non-Windows platforms return GLN_ERR_NOT_SUPPORTED after request validation because setup requires Windows CurrentUser CNG certificate-store support.
Reused certificates are rejected if the profile SID/ACL, key accessibility, non-exportability, or private-key security descriptor is not acceptable.
Example
gln_revolut_prepare_product_credentials_request_t request = {0};
gln_default_revolut_prepare_product_credentials_request(&request);
request.product_credential_ref_or_null = "revolut/product/default";
request.environment = "sandbox";
request.redirect_uri = "https://varinomics.github.io/galanthus-oauth-callback/";
request.product_credential_root_or_null = "C:/ProgramData/Galanthus/RevolutProductCredentials";
request.storage_root_or_null = "C:/ProgramData/Galanthus/Revolut";
char* setup_json = NULL;
gln_error_t error = {0};
gln_default_error(&error);
gln_status_t rc = gln_revolut_prepare_product_credentials(
&request,
&setup_json,
&error);
if (rc == GLN_OK) {
show_public_certificate_setup(setup_json);
}
gln_release_string(setup_json);
gln_release_error(&error);