Introduction
TEST
Purpose of the Document
OAuth2 is a system that helps applications securely access a user's data without requiring the user to share their password directly. There are two important flows for the HIN system: the Grant Flow and the Credential Flow.
The Grant Flow is used when a user logs in to an application and grants the application access to their data. An example of this is logging in to an application using a Google account, where the application is granted access to the user's emails. The application receives an authorization code, which it then exchanges for an Access Token. This token grants the application permission to access the user's data. For example, we have "Filebox", which is suitable for the Grant Flow. In this case, it is important which user makes the request, as the content of Filebox is different for each user.
The Credential Flow works differently, as there is no user who needs to consent. The application simply requests an Access Token to access an API or other data. This typically occurs when two applications/machines need to communicate directly with each other without a user being involved in the process. For example, the Covercard service would be correct for the Credential Flow, as it does not matter who the user is.
Specifications
| Type | Time |
|---|---|
| Auth Token | 10 minutes |
| Refresh Token | 2592000s → 30 days |
| API Calls | 1 year |
| Secret (CC) | Max 0.3 per second |
| Secret (GF) | undefined |
OAuth2 Downloads
https://download.hin.ch/acs/oAuth_Vorlage.postman_collection.json.zip
Further Information
You can find additional answers on https://support.hin.ch/.