Standards and terminology

The service conforms to the following standards:

• The OAuth 2.0 Authorization Framework

• Proof Key for Code Exchange by OAuth Public Clients

• OAuth 2.0 Token Revocation

• OpenID Connect Core 1.0 (partially)

• JSON Web Key

If you are not already familiar with the terms OAuth and OpenID Connect you might want to read OpenID Connect Basic Client Implementer’s Guide 1.0, which covers exactly the flow used by our OAuth system. We support the Authorization Code grant type only.

The following terms are used throughout this document:

• User: any person with IONOS login

• Client: an application requesting access to the User’s identity or data or to public APIs provided by IONOS

• OAuth Server: the IONOS OAuth and OpenID Connect Service

• Resource Server: a server providing User data or public APIs

See this diagram for a big picture overview of the OAuth authentication flow.

All HTTP requests described below use https://id.ionos.com/ as base URL.