| User Interaction | Yes, the user must log in and grant the application access | No, no user interaction required |
| client_id | Yes, always required to identify the application | Yes, always required to identify the application |
| client_secret | The secret is created by us. We provide it to you. | You must generate it yourself via apps.hin.ch. |
| Authorization Code | Yes, after user login, the application receives an authorization code | No, not used, only initial. |
| Redirect URI | Yes, the URL to which the user is redirected after login with the access code in the URL. | No, not required |
| Access Token | Yes, requested after exchanging the authorization code | Yes, requested directly after requesting client_credentials |
| State | Has no significance, but must be provided. The content is irrelevant. | Has no significance, but must be provided. The content is irrelevant. |
| Grant Type | authorization_code (Authorization Code Flow) | client_credentials (Application access without user) |
| Token Group | Yes, always required. | Yes, always required. |
| Nevis Role | Yes, always required. | Yes, always required. |
| code | Yes, always required. This is the Auth Code. | Yes, always required. This is the Auth Code. |