The Front Office API

The methods described in this section are used to configure and operate the B2Core UI in code.

Get started with the Front Office API

To get access to the available Front Office API methods, authenticate in the B2Core UI using the methods described below.

Note

If you haven’t yet been registered in the B2Core UI, use the sign up and then sign in methods.

If you have already been registered in the B2Core UI, use the sign in methods.

Sign up

  1. Initialize the Sign Up Wizard and get the uuid that is required for signing up to the B2Core UI via the API. To do this, send the following request:

POST[host]/api/v2/my/signup/wizard

Refer to the method to initialize the Sign Up Wizard for details.

  1. Sign up to the B2Core UI by sending the following request:

POST[host]/api/v2/my/signup

In the request body, specify the following required parameters:

uuid string required

The universally unique identifier (UUID) obtained at the previous step.

email string required

The client email.

password string required

The client password.

password_confirmation string required

The repeatedly entered password for its confirmation.

device_fingerprint string required

The free-form JSON data (which includes the required user_agent field) generated by a client in the format of a Base64-encoded string that uniquely identifies a device from which a request is sent.

To learn how to get a device fingerprint, refer to Obtain a device fingerprint.

Refer to the method to sign up to the B2Core UI for details.

Sign in

  1. Initialize the Sign In Wizard and get the uuid that is required for signing in to the B2Core UI via the API. To do this, send the following request:

    POST[host]/api/v2/my/signin/wizard

Refer to the method to initialize the Sign In Wizard for details.

  1. Sign in to the B2Core UI by sending the following request:

POST[host]/api/v2/my/signin

In the request body, specify the following required parameters:

uuid string required

The universally unique identifier (UUID) obtained at the previous step.

email string required

The client email.

password string required

The client password.

device_fingerprint string required

The free-form JSON data (which includes the required user_agent field) generated by a client in the format of a Base64-encoded string that uniquely identifies a device from which a request is sent.

To learn how to get a device fingerprint, refer to Obtain a device fingerprint.

If you have already generated a device fingerprint string when signing up to the B2Core UI, include the one in your sign-in requests.

Refer to the method to sign in to the B2Core UI for details.

After you have successfully signed in to the B2Core UI, you can use the available Front Office API methods to operate the B2Core UI in code.

Obtain a device fingerprint

The device_fingerprint is one of the required parameters for the methods to sign up and sign in to the B2Core UI.

To obtain a device fingerprint, do the following:

  1. Create a free-form JSON string that uniquely identifies your device. The JSON string must include the user_agent field among the other fields that you may want to include in it.

  2. Convert the created JSON string to a Base64 string.

  3. Include the generated Base64 string as the device_fingerprint parameter in your sign up and sign in requests.

Example

The following example illustrates how to generate a device fingerprint string in PHP:

>>> $j = json_encode(["user_agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"])
=> "{"user_agent":"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko\/20100101 Firefox\/47.0"}"

>>> base64_encode($j)
=> "eyJ1c2VyX2FnZW50IjoiTW96aWxsYVwvNS4WIChXaW5kb3dZIE5UIDYUMTSgV2luNjQ7IHg2NDsgcnY6NDCUMCkR2Vja29cLzIwMTAwMTAXIEZpcmVmb3hcLzQ3LjAifQ=="

Methods for two-factor authentication

Use these methods to authenticate in the B2Core UI by following a two-factor authentication procedure.

POST[host]/api/v2/my/2fa/google

Authenticate with Google Authenticator

POST[host]/api/v2/my/2fa/sms

Authenticate with SMS

Use Google Authenticator to secure access to the B2Core UI

Use this method to authenticate a client in the B2Core UI using Google Authenticator.

Request

Body:

uuid string required

The universally unique identifier (UUID) assigned to a client authentication session.

code string required

The Google Authenticator code that is used to obtain the access token.

POST[host]/api/v2/my/2fa/google

curl --location --request POST 'https://host.name/api/v2/my/2fa/google' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "code": "123456"
}'

Response

code integer

An HTTP code specifying the current step of an authentication process:

  • HTTP code 200 for an intermediary step after which another page of an authentication form is displayed to a user

  • HTTP code 202 for a final wizard step signaling that user authentication succeeded

data object

The access token and refresh token data:

Show object fields
token string

The access or refresh token.

createdAt string

The date and time when a token was generated.

expiresAt string

The date and time when a token is due to expire.

done boolean

If true, authentication has succeeded; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a client authentication session.

workflow string

A string value indicating the current stage of an authentication procedure.

RESPONSE EXAMPLE
{  
  "code": 202,
  "data": {
    "accessToken": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
      "createdAt": "2022-01-01T00:00:00+00:00",
      "expiresAt": "2022-01-01T00:00:00+00:00"
    },
    "refreshToken": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
      "createdAt": "2022-01-01T00:00:00+00:00",
      "expiresAt": "2022-01-01T00:00:00+00:00"
    }
  },
  "done": true,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "login",
}

Use an SMS code to secure access to the B2Core UI

Use this method to use an SMS code for client authentication in the B2Core UI.

Request

Body:

uuid string required

The universally unique identifier (UUID) assigned to a client authentication session.

code string required

The SMS code that is used to obtain the access token.

POST[host]/api/v2/my/2fa/sms

curl --location --request POST 'https://host.name/api/v2/my/2fa/sms' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "code": "123456"
}'

Response

code integer

An HTTP code specifying the current step of an authentication process:

  • HTTP code 200 for an intermediary step after which another page of an authentication form is displayed to a user

  • HTTP code 202 for a final wizard step signaling that user authentication succeeded

data object

The access token and refresh token data:

Show object fields
token string

The access or refresh token.

createdAt string

The date and time when a token was generated.

expiresAt string

The date and time when a token is due to expire.

done boolean

If true, authentication has succeeded; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a client authentication session.

workflow string

A string value indicating the current stage of an authentication procedure.

RESPONSE EXAMPLE
{  
  "code": 202,
  "data": {
    "accessToken": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
      "createdAt": "2022-01-01T00:00:00+00:00",
      "expiresAt": "2022-01-01T00:00:00+00:00"
    },
    "refreshToken": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
      "createdAt": "2022-01-01T00:00:00+00:00",
      "expiresAt": "2022-01-01T00:00:00+00:00"
    }
  },
  "done": true,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "login"
}

Methods for signing up to the B2Core UI

To allow a user to sign up to the B2Core UI, you need to select which fields are displayed to the user on the registration form. To do this, initialize the Sign Up Wizard and configure the custom form validation rules.

POST[host]/api/v2/my/signup/wizard

Initialize the Sign Up Wizard

POST[host]/api/v2/my/signup

Sign up to the B2Core UI

Initialize the Sign Up Wizard

Use this method to initialize the Sign Up Wizard for a user and specify the fields displayed on the user registration form.

Request

Body:

url string required

The template for a client registration link.

utm object

This object provides the following field:

referral string

The referral code which determines the client registration link address.

POST[host]/api/v2/my/signup/wizard

curl --location --request POST 'https://host.name/api/v2/my/signup/wizard' \
--data-raw '{
  "url": "https://host.name/register/{registration}/{code}",
  "utm": {
    "referral": "29734fc149dc93809d18f49ae970810a"
  }
}'

Response

code integer

An HTTP code specifying the current step in a progression of wizard pages:

  • HTTP code 200 for an intermediary step after which another page of an authentication form is displayed to a user

  • HTTP code 202 for a final wizard step signaling that user authentication succeeded

data object

Contains an object providing the following field:

fields object

An array of wizard fields displayed on a client registration form.

done boolean

If true, the wizard initialization succeeded; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a client authentication session.

workflow string

A string value indicating the current stage of an authentication procedure.

RESPONSE EXAMPLE
{
  "code": 202,
  "data": {
    "fields": {}
  },
  "done": true,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "basic_register_form"
}

Sign up to the B2Core UI

Use this method to sign up to the B2Core UI.

Request

Body:

uuid string required

The universally unique identifier (UUID) assigned to a client authentication session.

email string required

The client email.

password string required

The client password.

password_confirmation string required

The repeatedly entered password for its confirmation.

device_fingerprint string required

The free-form JSON data (which includes the required user_agent field) generated by a client in the format of a Base64-encoded string that uniquely identifies a device from which a request is sent.

To learn how to get a device fingerprint, refer to Obtain a device fingerprint.

addresses object

A list of country codes indicating a client’s location.

info object

An object specifying a client name:

Show object fields
familyName string

The client last name.

givenName string

The client first name.

recaptchaResponse string

The reCAPTCHA response token.

POST[host]/api/v2/my/signup

curl --location --request POST 'https://host.name/api/v2/my/signup' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "email": "foo@bar.com",
  "password": "Secret123",
  "password_confirmation": "Secret123",
  "device_fingerprint": "dwqdnNFJBOEBFJEBjqewbkjqbdwjqwbndjnbj",
  "addresses": {
    "0": {
      "country_code": "16"
    }
  },
  "info": {
    "familyName": "Brown",
    "givenName": "John"
  },
  "recaptchaResponse": "ut nu"
}'

Response

code integer

An HTTP code specifying the current step in a progression of wizard pages:

  • HTTP code 200 for an intermediary step after which another page of an authentication form is displayed to a user

  • HTTP code 202 for a final wizard step signaling that user authentication succeeded

  • HTTP code 400 for an invalid authentication request

data object

The access token and refresh token data:

Show object fields
token string

The access or refresh token.

createdAt string

The date and time when a token was generated.

expiresAt string

The date and time when a token is due to expire.

done boolean

If true, authentication has succeeded; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a client authentication session.

workflow string

A string value indicating the current stage of an authentication procedure.

RESPONSE EXAMPLE
{
  "code": 202,
  "data": {},
  "done": true,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "login"
}

Methods for signing in and out of the B2Core UI

Use these methods to sign in and out of the B2Core UI.

To allow a user to sign in to the B2Core UI, you need to select which fields are displayed to the user on the login form. To do this, initialize the Sign In Wizard and configure the custom form validation rules.

POST[host]/api/v2/my/signin/wizard

Initialize the Sign In Wizard

POST[host]/api/v2/my/signin

Sign in to the B2Core UI

POST[host]/api/v2/my/refresh

Refresh the access token

POST[host]/api/v2/my/signout

Sign out of the B2Core UI

Initialize the Sign In Wizard

Use this method to initialize the Sign In Wizard for a user and specify the fields displayed on the user login form.

Request

No parameters.

GET[host]/api/v2/my/signin/wizard

curl --location --request GET 'https://host.name/api/v2/my/signin/wizard' \

Response

code integer

An HTTP code specifying the current step in a progression of wizard pages:

  • HTTP code 200 for an intermediary step after which another page of an authentication form is displayed to a user

  • HTTP code 202 for a final wizard step signaling that user authentication succeeded

data object

Contains a recaptcha object providing the following field:

enabled boolean

If true, reCAPTCHA is added to the authorization form displayed for a client; otherwise, false.

done boolean

If true, the wizard initialization succeeded; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a client authentication session.

workflow string

A string value indicating the current stage of an authentication procedure.

RESPONSE EXAMPLE
{
  "code": 202,
  "data": {
    "recaptcha": {
      "enabled": false
    }
  },
  "done": true,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "login"
}

Sign in to the B2Core UI

Use this method to sign in to the B2Core UI.

Note

If you exceed the allowed number of sign-in attempts, you’ll not be allowed to authenticate during a certain period.

The default number of allowed attempts is 5 within a minute, and the default blocking period is 10 minutes.

The default limits can be changed by the admin in the section User Auth Settings, which is available upon navigating to System > Settings in the Back Office.

Request

Body:

uuid string required

The universally unique identifier (UUID) assigned to a client authentication session.

email string required

The client email.

password string required

The client password.

device_fingerprint string required

The free-form JSON data (which includes the required user_agent field) generated by a client in the format of a Base64-encoded string that uniquely identifies a device from which a request is sent.

To learn how to get a device fingerprint, refer to Obtain a device fingerprint.

recaptchaResponse string

The reCAPTCHA response token.

POST[host]/api/v2/my/signin

curl --location --request POST 'https://host.name/api/v2/my/signin' \
--data-raw '{
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "email": "foo@bar.com",
  "password": "Secret123",
  "device_fingerprint": "dwqdnNFJBOEBFJEBjqewbkjqbdwjqwbndjnbj",
  "recaptchaResponse": "in quis cillum nisi"
}'

Response

code integer

An HTTP code specifying the current step in a progression of wizard pages:

  • HTTP code 200 for an intermediary step after which another page of an authentication form is displayed to a user

  • HTTP code 202 for a final wizard step signaling that user authentication succeeded

data object

The details about the access and refresh tokens:

Show object fields
token string

The access or refresh token.

createdAt string

The date and time when a token was generated.

expiresAt string

The date and time when a token is due to expire.

done boolean

If true, authentication has succeeded; otherwise, false.

uuid string

The universally unique identifier (UUID) assigned to a client authentication session.

workflow string

A string value indicating the current stage of an authentication procedure.

RESPONSE EXAMPLE
{
  "code": 202,
  "data": {
    "accessToken": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
      "createdAt": "2022-01-01T00:00:00+00:00",
      "expiresAt": "2022-01-01T00:00:00+00:00"
    },
    "refreshToken": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
      "createdAt": "2022-01-01T00:00:00+00:00",
      "expiresAt": "2022-01-01T00:00:00+00:00"
    }
  },
  "done": true,
  "uuid": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "workflow": "login"
}

Refresh the access token

Use this method to refresh the access token.

If the access token has expired, you can use a valid refresh token to obtain a new set of access and refresh tokens.

Note

If you exceed the allowed number of attempts to refresh the access token within a specified time period, you’ll not be allowed to authenticate during a certain period.

The default number of allowed attempts is 5 within a minute, and the default blocking period is 10 minutes.

The default limits can be changed by the admin in the section User Auth Settings, which is available upon navigating to System > Settings in the Back Office.

Request

Body:

refreshToken string required

The refresh token issued for a current client.

POST[host]/api/v2/my/refresh

curl --location --request POST 'https://host.name/api/v2/my/refresh' \
--data-raw '{
  "refreshToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w"
}'

Response

accessToken object

The details about the access token.

Show object fields
token string

The access token.

createdAt string

The date and time when a token was generated.

expiresAt string

The date and time when a token is due to expire.

refreshToken object

The details about the refresh token.

Show object fields
token string

The refresh token.

createdAt string

The date and time when a token was generated.

expiresAt string

The date and time when a token is due to expire.

RESPONSE EXAMPLE
{
  "accessToken": {
    "token": "wyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
    "createdAt": "2022-01-01T00:00:00+00:00",
    "expiresAt": "2022-01-01T00:00:00+00:00"
  },
  "refreshToken": {
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
    "createdAt": "2022-01-01T00:00:00+00:00",
    "expiresAt": "2022-01-01T00:00:00+00:00"
  }
}

Sign out of the B2Core UI

Use this method to sign out of the B2Core UI.

Request

Header parameters:

  • Authorization: Bearer <access_token>

POST[host]/api/v2/my/signout

curl --location --request POST 'https://host.name/api/v2/my/signout' \
--header 'Authorization: Bearer <token>'

Response

In case of success, HTTP code 200 is returned.

If the access token issued for a current client was revoked or expired, HTTP code 401 is returned.

Methods for viewing client accounts

Use these methods to obtain information about client accounts.

GET[host]/api/v2/my/accounts

Get a list of client accounts

GET[host]/api/v2/accounts/{accountId}

Get client account details

Get a list of client accounts

Use this method to obtain a list of the available client accounts.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Query parameters:

The following filter parameters are available for this method:

alphabeticCurrencyCode

The Alpha code of a currency in which client accounts are denominated (such as BTC).

permissions

The client permissions. The valid enum values:

  • deposit

  • exchange

  • trade

  • transferDeposit

  • transferWithdrawal

  • withdrawal

platformId

The identifier of a trading platform on which client accounts are opened.

The following sorting parameter is available for this method:

createTime

The date and time when the client account was created.

Refer to the Query parameters section in the API Overview for details on applying filter and sorting parameters.

GET[host]/api/v2/my/accounts

curl --location -g --request GET 'https://host.name/api/v2/my/accounts?limit=10&offset=0&sort_order=desc&sort_by=createTime&filter[alphabeticCurrencyCode]=BTC&filter[permissions]=nisi amet sint id&filter[platformId]=1' \
--header 'Authorization: Bearer <token>'

Response

A response includes an array of Account objects providing information about client accounts.

Get client account details

Use this method to obtain detailed information about a specified client account.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Path parameters:

accountId required

The identifier of a client account.

GET[host]/api/v2/accounts/{accountId}

curl --location --request GET 'https://host.name/api/v2/my/accounts/1' \
--header 'Authorization: Bearer <token>'

Response

A response includes an Account object providing information about the specified client account.

Methods for operations with currencies

Use these methods to exchange currencies and obtain the current exchange rates.

GET[host]/api/v2/my/rates/{baseCurrency}

Get currency rates

GET[host]/api/v2/my/rates/{baseCurrency}/{quoteCurrency}

Get an exchange rate for a currency pair

POST[host]/api/v2/my/exchanges

Exchange currencies

Get currency rates

Use this method to obtain a list of currencies available for exchange and their current rates.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Path parameters:

baseCurrency required

The alphabetic code of a base currency for which the exchange rates are retrieved.

GET[host]/api/v2/my/rates/{baseCurrency}

curl --location --request GET 'https://host.name/api/v2/my/rates/usd' \
--header 'Authorization: Bearer <token>'

Response

A response contains an array of objects providing information about the available quote currencies and their current exchange rates.

quoteId string

The quote identifier.

currency object

The details about the quote currency available for exchange. See the Currency object to learn more.

expiredAt string

The date and time when the exchange rate data is due to expire.

lifetime integer

The number of seconds the exchange rate data is valid.

rate object

The details about a current exchange rate.

Show object fields
value string

The exchange rate.

scale integer

The number of decimal places displayed when representing amounts in a currency.

RESPONSE EXAMPLE
{
  "quoteId": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "сurrency": {
    "alphabeticCode": "USD",
    "minorUnit": 2,
    "name": "US Dollar",
    "numericCode": 840
  },
  "expiredAt": "2022-01-01T00:00:00+00:00",
  "lifetime": 60,
  "rate": {
    "value": "1.000000000000000000",
    "scale": 1
  }
}

Get an exchange rate for a currency pair

Use this method to obtain a current exchange rate for a specified currency pair.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Path parameters:

baseCurrency required

The alphabetic code of a base currency.

quoteCurrency required

The alphabetic code of a quote currency.

GET[host]/api/v2/my/rates/{baseCurrency}/{quoteCurrency}

curl --location --request GET 'https://host.name/api/v2/my/rates/btc/usd' \
--header 'Authorization: Bearer <token>'

Response

A response contains an object providing information about a specified quote currency and its current exchange rate.

quoteId string

The quote identifier.

currency object

The details about a quote currency. See the Currency object to learn more.

expiredAt string

The date and time when the exchange rate data is due to expire.

lifetime integer

The number of seconds the exchange rate data is valid.

rate object

The details about an exchange rate.

Show object fields
value string

The exchange rate.

scale integer

The number of decimal places displayed when representing amounts in a currency.

RESPONSE EXAMPLE
{
  "quoteId": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "сurrency": {
    "alphabeticCode": "USD",
    "minorUnit": 2,
    "name": "US Dollar",
    "numericCode": 840
  },
  "expiredAt": "2022-01-01T00:00:00+00:00",
  "lifetime": 60,
  "rate": {
    "value": "1.000000000000000000",
    "scale": 1
  }
}

Exchange currencies

Use this method to exchange currencies in specified amounts.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Body:

Specify the following parameters for an exchange operation:

amount string required

The amount to be exchanged.

destinationAccountId integer required

The identifier of a destination account.

quoteId string required

The quote identifier.

sourceAccountId integer required

The identifier of a source account.

POST[host]/api/v2/my/exchanges

curl --location --request POST 'https://host.name/api/v2/my/exchanges' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
  "amount": "1.000000000000000000",
  "destinationAccountId": 1,
  "quoteId": "36f59381-5b54-48bd-a0c7-3b908c476732",
  "sourceAccountId": 1
}'

Response

A response includes a Transaction object providing information about the exchange operation that was made.

Methods for managing client transactions

Use these methods to obtain information about transactions (such as deposits, withdrawals, exchanges and transfers) made on accounts owned by a user that is currently signed in to the B2Core UI.

GET[host]/api/v2/my/transactions

Get a list of transactions

GET[host]/api/v2/transactions/{transactionId}

Get transaction details

Get a list of client transactions

Use this method to obtain a list of transactions made on accounts owned by a user that is currently signed in to the B2Core UI.

To obtain detailed information about a specific transaction, use a separate method to get transaction details.

When a request doesn’t include a filter parameter indicating the transaction type, a response presents transactions of all types.

The available filter and sorting parameters are listed in the Request section below.

Note

A response includes transactions with any status, except for those marked as new.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Query parameters:

The following filter parameters are available for this method:

accountId

The identifier of a client account.

status

The current transaction status. The valid enum values:

  • cancelled

  • done

  • failed

  • hold

  • holdFailed

  • inProgress

  • new

  • partial

  • pending

  • rejected

  • refund

  • refundFailed

  • trade

Transactions with the new status are not returned.

type

The transaction type. The valid enum values:

  • deposit

  • exchange

  • external

  • partner

  • transfer

  • withdrawal

The following sorting parameter is available for this method:

createTime

The date and time when a transaction was made.

Refer to the Query parameters section in the API Overview for details on applying filter and sorting parameters.

GET[host]/api/v2/my/transactions

curl --location -g --request GET 'https://host.name/api/v2/my/transactions?limit=10&offset=0&sort_order=desc&sort_by=createTime&filter[accountId]=1&filter[status]=done&filter[type]=deposit' \
--header 'Authorization: Bearer <token>'

Response

A response contains an array of Transaction objects providing information about all or selected transactions.

Get transaction details

Use this method to obtain detailed information about a specified transaction. To obtain a list of transactions made on a client account, use a separate method to get a list of transactions.

Request

Path parameters:

transactionId required

The transaction identifier.

GET[host]/api/v2/transactions{transactionId}

curl --location --request GET 'https://host.name/api/v2/my/transactions/1' \
--header 'Authorization: Bearer <token>'

Response

A response contains a Transaction object providing details about the specified transaction.

Methods for managing transfer operations

Use these methods to manage transfer operations.

POST[host]/api/v2/my/transfers

Transfer funds between accounts

Transfer funds between accounts

Use these method to transfer funds from one user account to another.

Funds can only be transferred between user accounts denominated in the same currency.

Request

Header parameters:

  • Authorization: Bearer <access_token>

Body:

Specify the following parameters for a transfer operation:

amount string required

The transfer amount.

sourceAccountId integer required

The identifier of a source account from which funds are to be credited.

destinationAccountId integer required

The identifier of a destination account to which funds are to be debited.

destinationCurrencyId integer

The identifier of a currency in which a destination account is denominated.

sourceCurrencyId integer

The identifier of a currency in which a source account is denominated.

POST[host]/api/v2/my/transfers

curl --location --request POST 'https://host.name/api/v2/my/transfers' \
--header 'Authorization: Bearer <token>' \
--data-raw '{
  "amount": "1.000000000000000000",
  "sourceAccountId": 1,
  "destinationAccountId": 1,
  "destinationCurrencyId": 1,
  "sourceCurrencyId": 1
}'

Response

A response includes a Transaction object providing information about the transfer operation that was made.

The Front Office API objects

In this section, you can learn about the objects used in the Front Office API:

The Account object (Front Office)

This object provides the following data about a client account:

accountId integer

The identifier of a client account.

accountNumber string

The account number that is displayed to a client.

currency object

The details about a currency in which a client account is denominated. See the Currency object to learn more.

favourite boolean

If true, an account is marked as favorite; otherwise, false.

group object

The details about a group to which an account belongs.

Show object fields
id integer

The identifier of an account group.

name string

The name of an account group.

priority integer

The group sorting priority.

platform object

The details about a trading platform on which an account is opened.

Show object fields
id integer

The identifier of a trading platform.

name string

The name of a trading platform.

priority integer

The trading account priority.

statement object

The account statement providing details about a client account. See the Statement object to learn more.

type string

The account type (such as personal, trade or demo).

createTime string

The date and time when the client account was created.

THE ACCOUNT OBJECT (FRONT OFFICE)
{
  "accountId": 1,
  "accountNumber": "12345678",
  "currency": {
    "alphabeticCode": "USD",
    "minorUnit": 2,
    "name": "US Dollar",
    "numericCode": 840
  },
  "favourite": true,
  "group": {
    "id": 1,
    "name": "Fiat",
    "priority": 1
  },
  "platform": {
    "id": 1,
    "name": "MetaTrader 5"
  },
  "priority": 1,
  "statement": {
    "availableBalance": "1.000000000000000000",
    "currentBalance": "1.000000000000000000",
    "credit": "1.000000000000000000",
    "equity": "1.000000000000000000",
    "freeMargin": "1.000000000000000000",
    "hold": "1.000000000000000000",
    "margin": "1.000000000000000000",
    "marginLevel": "1.000000000000000000",
    "pnl": "1.000000000000000000",
    "updateTime": "2022-01-01T00:00:00+00:00"
  },
  "type": "trade",
  "createTime": "2022-01-01T00:00:00+00:00"
}

The Transaction object (Front Office)

This object provides the following data about a transaction:

transactionId integer

The transaction identifier.

creditDetails object

The details about the credit side of a transaction.

Show object fields
account object

The details about an account to which funds were credited. See the Account object (Front Office) to learn more.

amount string

The amount credited.

commission string

The transaction fee amount.

currency object

The details about a credit currency. See the Currency object to learn more.

debitDetails object

The details about the debit side of a transaction.

Show object fields
account object

The details about an account from which funds were debited. See the Account object (Front Office) to learn more.

amount string

The amount debited.

commission string

The transaction fee amount.

currency object

The details about a debit currency. See the Currency object to learn more.

foreignExchangeRate string

The exchange rate at which a transaction was made.

method object

The details about a method by which the transaction was made.

Show object fields
id integer

The method identifier.

name string

The localized method name.

resolution object

Applicable only in the case of a failure.

Show object fields
id integer

The identifier of a particular failure.

name string

The localized description of a failure.

status string

The current transaction status. The valid enum values:

  • cancelled

  • done

  • failed

  • hold

  • holdFailed

  • inProgress

  • new

  • partial

  • pending

  • rejected

  • refund

  • refundFailed

  • trade

Transactions with the new status are not returned.

type string

The transaction type. The valid enum values:

  • deposit

  • exchange

  • external

  • partner

  • transfer

  • withdrawal

createTime string

The date and time when the transaction was made.

updateTime string

The date and time when the transaction status has last been updated.

THE TRANSACTION OBJECT (FRONT OFFICE)
{
  "transactionId": 1,
  "creditDetails": {
    "account": {
      "accountId": 1,
      "accountNumber": "12345678",
      "currency": {
        "alphabeticCode": "USD",
        "minorUnit": 2,
        "name": "US Dollar",
        "numericCode": 840
      },
      "favourite": true,
      "group": {
        "id": 1,
        "name": "Fiat",
        "priority": 1
      },
      "platform": {
        "id": 1,
        "name": "MetaTrader 5"
      },
      "priority": 1,
      "statement": {
        "availableBalance": "1.000000000000000000",
        "currentBalance": "1.000000000000000000",
        "credit": "1.000000000000000000",
        "equity": "1.000000000000000000",
        "freeMargin": "1.000000000000000000",
        "hold": "1.000000000000000000",
        "margin": "1.000000000000000000",
        "marginLevel": "1.000000000000000000",
        "pnl": "1.000000000000000000",
        "updateTime": "2022-01-01T00:00:00+00:00"
      },
      "type": "trade",
      "createTime": "2022-01-01T00:00:00+00:00"
    },
    "amount": "1.000000000000000000",
    "commission": "1.000000000000000000",
    "currency": {
      "alphabeticCode": "USD",
      "minorUnit": 2,
      "name": "US Dollar",
      "numericCode": 840
    }
  },
  "debitDetails": {
    "account": {
      "accountId": 1,
      "accountNumber": "12345678",
      "currency": {
        "alphabeticCode": "USD",
        "minorUnit": 2,
        "name": "US Dollar",
        "numericCode": 840
      },
      "favourite": true,
      "group": {
        "id": 1,
        "name": "Fiat",
        "priority": 1
      },
      "platform": {
        "id": 1,
        "name": "MetaTrader 5"
      },
      "priority": 1,
      "statement": {
        "availableBalance": "1.000000000000000000",
        "currentBalance": "1.000000000000000000",
        "credit": "1.000000000000000000",
        "equity": "1.000000000000000000",
        "freeMargin": "1.000000000000000000",
        "hold": "1.000000000000000000",
        "margin": "1.000000000000000000",
        "marginLevel": "1.000000000000000000",
        "pnl": "1.000000000000000000",
        "updateTime": "2022-01-01T00:00:00+00:00"
      },
      "type": "trade",
      "createTime": "2022-01-01T00:00:00+00:00"
    },
    "amount": "1.000000000000000000",
    "commission": "1.000000000000000000",
    "currency": {
      "alphabeticCode": "USD",
      "minorUnit": 2,
      "name": "US Dollar",
      "numericCode": 840
    }
  },
  "foreignExchangeRate": "1.000000000000000000",
  "method": {
    "id": 1,
    "name": "PayPal"
  },
  "resolution": {
    "id": 1,
    "name": "Failure description"
  },
  "status": "done",
  "type": "deposit",
  "createTime": "2022-01-01T00:00:00+00:00",
  "updateTime": "2022-01-01T00:00:00+00:00"
}

The Statement object (Front Office)

This object provides the following data about a client account statement:

availableBalance string

The free funds available on an account.

currentBalance string

The current balance on an account.

credit string

The amount of credit funds on an account.

equity string

The equity of an account.

freeMargin string

The account free margin.

hold string

The amount of funds currently on hold for an account.

margin string

The account margin.

marginLevel string

The account margin level, which is a ratio of equity to margin.

pnl string

The profit-loss value calculated for an account.

updateTime string

The date and time when an account statement has last been updated.

THE STATEMENT OBJECT (FRONT OFFICE)
{
  "availableBalance": "1.000000000000000000",
  "currentBalance": "1.000000000000000000",
  "credit": "1.000000000000000000",
  "equity": "1.000000000000000000",
  "freeMargin": "1.000000000000000000",
  "hold": "1.000000000000000000",
  "margin": "1.000000000000000000",
  "marginLevel": "1.000000000000000000",
  "pnl": "1.000000000000000000",
  "updateTime": "2022-01-01T00:00:00+00:00"
}

The Currency object (Front Office)

This object provides the following data about a currency:

alphabeticCode string

The alphabetic code of a currency (such as USD).

minorUnit integer

The number of decimal places displayed when representing amounts in a currency.

name string

The localized currency name.

numericCode integer

The numeric code of a currency.

THE CURRENCY OBJECT (FRONT OFFICE)
{
   "alphabeticCode": "USD",
   "minorUnit": 2,
   "name": "US Dollar",
   "numericCode": 840
 }