Apex Code Development You need to sign in to do that
Don't have an account?
Philip Meldrum08237737677563425 HMRC Fraud Prevention Headers - Can we access these parameters from a Visualforce Page?
We are building an integration with GOV.UK connecting to the HMRC Tax API using Visualforce Pages, Lightning components and APEX Outbound API calls. This will enable us to comply with the UK Government's 'Making Tax Digital' (MTD).
The gov.uk site requires a raft of fraud prevention which are supplied in Headers and we are struggling to give them the details they are after.
Specifically: Gov-Vendor-Public-IP and Gov-Client-Public-Port
https://developer.service.hmrc.gov.uk/guides/fraud-prevention/connection-method/other-via-server/
From our understanding it is not possible for us to access these details but I'm asking the community incase there is a way around it.
Here are some further technical details of these parameters:
Gov-Vendor-Public-IP
"The public IP address of the servers the originating device sent their requests to."
Which I would understand would be the Salesforce Instance IP Address
DOES ANYONE KNOW IF IT IS POSSIBLE TO DETERMINE THIS FROM A VISUALFORCE PAGE?
Gov-Client-Public-Port
"The public TCP port used by the originating device when initiating the request.
"This must not be a server port, for example 80 for http connections and 443 for https connections"
Our understanding is this would always be 443, and on clarification, HMRC replied:
"The requirement for the Gov-Client-Public-Port header is to submit the number of the ephemeral port that the client opens to receive the response from the server. This wouldn't normally be detectable at the client end itself as it's handled by the operating system rather than the application software. Instead it would be observed at the server end, either at the backend server process itself or at the web application firewall (WAF), load balancer or reverse proxy if configured. As your application is architected on top of Salesforce it may be the case that you are unable to obtain a value to submit"
Our understanding is the "ephemeral port" could change from call to call.
AGAIN DOES ANYONE KNOW IF IT IS POSSIBLE TO DETERMINE THIS FROM A VISUALFORCE PAGE?
The gov.uk site requires a raft of fraud prevention which are supplied in Headers and we are struggling to give them the details they are after.
Specifically: Gov-Vendor-Public-IP and Gov-Client-Public-Port
https://developer.service.hmrc.gov.uk/guides/fraud-prevention/connection-method/other-via-server/
From our understanding it is not possible for us to access these details but I'm asking the community incase there is a way around it.
Here are some further technical details of these parameters:
Gov-Vendor-Public-IP
"The public IP address of the servers the originating device sent their requests to."
Which I would understand would be the Salesforce Instance IP Address
DOES ANYONE KNOW IF IT IS POSSIBLE TO DETERMINE THIS FROM A VISUALFORCE PAGE?
Gov-Client-Public-Port
"The public TCP port used by the originating device when initiating the request.
"This must not be a server port, for example 80 for http connections and 443 for https connections"
Our understanding is this would always be 443, and on clarification, HMRC replied:
"The requirement for the Gov-Client-Public-Port header is to submit the number of the ephemeral port that the client opens to receive the response from the server. This wouldn't normally be detectable at the client end itself as it's handled by the operating system rather than the application software. Instead it would be observed at the server end, either at the backend server process itself or at the web application firewall (WAF), load balancer or reverse proxy if configured. As your application is architected on top of Salesforce it may be the case that you are unable to obtain a value to submit"
Our understanding is the "ephemeral port" could change from call to call.
AGAIN DOES ANYONE KNOW IF IT IS POSSIBLE TO DETERMINE THIS FROM A VISUALFORCE PAGE?
Maimoona ShahidDid you get this solved? I am facing the same issue. Please also let me know if "Web application via server" is the right connection method ?