Request Access Token
With the received authorization code, the access token can be obtained. The request is made using a POST to oauth2.hin.ch/REST/v1/OAuth/GetAccessToken. The parameters are sent as form data (Content-Type: application/x-www-form-urlencoded):
POST /REST/v1/OAuth/GetAccessToken HTTP/1.1
Host: oauth2.hin.ch
Content-Type: application/x-www-form-urlencoded
Accept: application/json
grant_type=authorization_code&code=AUTH_CODE&redirect_uri=REDIRECT_URI&client_id=client_id&client_secret=client_secret
The redirect URI must match the one used when obtaining the authorization code. Please note that the client_secret parameter may not be necessary depending on the configuration.
Obtaining an access token using Curl (authorization code apps.hin.ch):
curl --header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--data 'grant_type=authorization_code&redirect_uri=&code=<CODE>&client_id=<client_id>&client_secret=<client_secret>' \
https://oauth2.hin.ch/REST/v1/OAuth/GetAccessToken
Obtaining an access token using Curl (authorization code with redirect URI):
curl --header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Accept: application/json' \
--data 'grant_type=authorization_code&redirect_uri=<REDIRECT_URI>&code=<CODE>&client_id=<client_id>&client_secret=<client_secret>' \
https://oauth2.hin.ch/REST/v1/OAuth/GetAccessToken
Parameters
| Parameter | Value | Description |
|---|---|---|
grant_type | authorization_code | The type is fixed as "authorization_code" |
code | auth_code | Authorization code copied by the user |
redirect_uri | <"empty"> or <REDIRECT_URI> | Endpoint to which the response is delivered. Must match the value defined when obtaining the authorization code. |
client_id | <client_id> | OAuth client ID: assigned by HIN for the third-party application. Not a HIN identity. |
client_secret | <client_secret> | OAuth client secret: a password defined by HIN |