App Registration for Himsa IdP

The Client Application which may be a native application or a browser based application will request the user via the default web-browser to be authenticated against HIMSA's IdP, which supports the OIDC specification (
Different types of client applications (native applications or a browser based applications) will have different recommended authentication flows related to their ability to 'keep a secret'.

When one wants to register an Application with Himsa IdP, they need a Client ID, and potentially a Client Secret, which will be required for utilizing the Noah ES API.

Some application types may also need to specify any CORS ( related requirements during the registration to obtain a ClientId - this will apply to certain browser based application types.
It must be decided which application types (e.g. native application or browser based applications … etc.) that will be supported in order to ensure that the IdP in conjunction with the NoahES Web API is configured correctly to support the required authorization flows.

To obtain a Client ID and/or Client Secret for your application, please create a support ticket here:

Please choose: “HIMSA IdP App Registration Form“


Information needed when you create the ticket:

App Name: The name of your Application

Company Name: The name of your Company

Contact Email: The E-mail address that you want HIMSA to contact in case there are any important messages relevant to your Application

Contact Phone Number: The phone number that you want HIMSA to contact in case of emergencies relevant to your Application

Client Type: You need to provide information about the type of your client/application. HIMSA differentiates between 3 kinds :

  • Native Applications: These applications include mobile, desktop, or hybrid apps running natively on a device (e.g., i0S, Android).

  • Single-Page Web Applications: These applications include JavaScript apps that perform most of their user interface logic in a web browser, communicating with a web server primarily using APIs (e.g., AngularJS + Node.js or React).

  • Regular Web Applications: These applications are traditional web applications that perform most of their application logic on the server (e.g., Express.js, ASP.NET).

RedirectURI: This is where your application receives and processes the response from the IdP, and is the URL to which users are redirected once the authentication is complete