Authentication method for pharmacy systems

Authentication method for (partial) redemption of e-prescriptions

oAuth2 is used as the authentication method. You can find detailed documentation on how HIN's OAuth2 service is implemented here: https://cdn.hin.ch/oauth2/manual/EN/Auth-Code/Auth-Code-Introduction.html

This is a step-by-step guide on how to fetch the bearer token:

1. An oAuth2 access token is required, which can be obtained in two different ways:
   Option 1: on https://apps.hin.ch -> ID Delegation für «eRezept Pharma» or
   Option 2: using the URL

http://apps.hin.ch/REST/v1/OAuth/GetAuthCode/hin_erxpharmacy?response_type=code&client_id=<client_id>&redirect_uri=http%3A%2F%2Flocalhost%2FgetAccessToken

2. The oAuth2 access token must be converted to a bearer token using the following command:

curl --location --request POST 'https://oauth2.hin.ch/REST/v1/OAuth/GetAccessToken' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code={access_token}' \
--data-urlencode 'redirect_uri=http://localhost/getAccessToken' \
--data-urlencode 'client_id={client_id}' \
--data-urlencode 'client_secret={client_secret}'

WARNING

Leave redirect_uri blank if the auth code was resolved via apps.hin.ch.

Using the oAuth/JWT Tokens: These 2 options to transmit the token are possible:

• as a prefix in the authorization header: --header 'Authorization: Bearer acs:{bearer token}'
• as a separate header (adhering to the oAuth standard): --header 'Token-Type: HIN_ACS' --header 'Authorization: Bearer {bearer token}'

The values are accepted for the token-type header: *OAUTH: for the signing process *HIN_JWT: for the dispense process using an OVAN ID *HIN_ACS: for the dispense process using a HIN ID