Response Access Token
The access token is returned in JSON format:
{
"access_token" : "TOKEN",
"expires_in" : 3600,
"hin_id" : "example",
"token_type" : "Bearer"
}
"expires_in" defines in seconds when the token expires. Please note
that a token can be deleted at any time by the identity owner. Thus, a token can also become invalid before the "expires_in" period expires.
If an access token is requested with an invalid authorization code, an error is returned:
{ "error" : "invalid_request" }
Once the third-party application has obtained the token, access to the resource server is possible. To do this, the token is sent as a Basic Auth header. The Basic Auth header is appended with "Bearer" according to the OAuth standard.
Status Codes
| Status Code | Description |
|---|---|
| 400 | Invalid request, e.g., missing parameters |
| 403 | Client secret or token group is invalid |
| 404 | Possible reasons: The client ID is not authorized for the corresponding token group or the selected token group does not exist. Authorization is granted by HIN support. |