Skip to main content
hConnect exposes two distinct surfaces:
  • OIDC OP (OpenID Provider): Standard OIDC endpoints (authorization, token, userinfo, jwks) for browser-based sign-in flows.
  • REST API: Server-to-server endpoints for provider discovery and verification lifecycle.
They use different base URLs and authentication methods. Keep them conceptually separate in your integration.

OIDC OP Endpoints

Authorization, Token, UserInfo, JWKS and discovery document

REST API Endpoints

Providers list and Verification lifecycle endpoints

Error Codes

Unified error model and handling strategies

Environments

Sandbox (testing) and Production (live) are provided for both OIDC and REST.

Environment Details

Compare Sandbox vs Production and find all canonical URLs

OIDC OP Overview

OIDC endpoints are served from the Connect domain and follow the OpenID Provider discovery standard.

Base URLs

Authentication & Flows

  • OAuth2/OIDC Authorization Code flow
  • Client authentication and scopes configured per application

REST API Overview

REST endpoints are served from the API domain and use Basic Auth for server-to-server calls.

Base URLs

Authentication

Use Basic Authentication with your Client ID and Client Secret.
In the API playground, set Authorization.username to your Client ID (client_id) and Authorization.password to your Client Secret (client_secret). The header is generated automatically.

Versioning

Current REST API version: v1 (included in the path).

Common Headers

Support

📧 dev@hopae.com