hConnect exposes two distinct surfaces:
- OIDC OP (OpenID Provider): Standard OIDC endpoints (authorization, token, userinfo, jwks) for browser-based sign-in flows.
- REST API: Server-to-server endpoints for provider discovery and verification lifecycle.
Quick Links
OIDC OP Endpoints
Authorization, Token, UserInfo, JWKS and discovery document
REST API Endpoints
Providers list and Verification lifecycle endpoints
Error Codes
Unified error model and handling strategies
Environments
Sandbox (testing) and Production (live) are provided for both OIDC and REST.Environment Details
Compare Sandbox vs Production and find all canonical URLs
OIDC OP Overview
OIDC endpoints are served from the Connect domain and follow the OpenID Provider discovery standard.Base URLs
Authentication & Flows
- OAuth2/OIDC flows (Authorization Code with PKCE recommended)
- Client authentication and scopes configured per application
REST API Overview
REST endpoints are served from the API domain and use Basic Auth for server-to-server calls.Base URLs
Authentication
Use Basic Authentication with your Client ID and Client Secret.In the API playground, set
Authorization.username to your Client ID (client_id) and Authorization.password to your Client Secret (client_secret). The header is generated automatically.Versioning
Current REST API version:v1 (included in the path).
Common Headers
| Header | Value | Description |
|---|---|---|
Authorization | Basic <base64(client_id:client_secret)> | Your API credentials |
Content-Type | application/json | Required for POST/PUT requests |