I'm trying to add OpenID Connect support to release-monitoring.org, and keep running into problems attempting to access the Ipsilon OAuth endpoints.

It would be incredibly helpful if there was clear documentation of:

• what API endpoints Ipsilon publishes for developers to access
• the exact parameters and formats it expects to receive on those endpoints

Even if these are just "What the relevant standard specifies (with specific hyperlinks to the relevant reference documentation)", it would still be useful when attempting to figure out whether a 500 error from Ipsilon is due to a genuine bug in handling an otherwise correct request, or else due to a 4xx error response not being generated due to some missing input validation.