Authentication
Use these methods to sign in and out of the Back Office.
POST[host]/api/v2/signin |
|
POST[host]/api/v2/2fa/confirm |
|
POST[host]/api/v2/refresh |
|
POST[host]/api/v2/signout |
Sign in to the Back Office
Use this method to sign in to the Back Office.
Note
The default number of allowed sign-in attempts is 5 within a minute. After exceeding the limit, you’ll be not allowed to authenticate during a certain period of time.
Request
Body:
- email string required
The user email.
- password string required
The user password.
POST[host]/api/v2/signin
curl --location --request POST 'https://host.name/api/v2/signin' \
--data-raw '{
"email": "foo@bar.com",
"password": "Secret123"
}'
Response
- 2faRequired boolean
If
true
, two-factor authentication (2FA) is enabled; otherwise,false
.- 2faDetails object
If 2FA is enabled, the details about 2FA.
Show object fields- token string
The 2FA token that is used to obtain the access token.
- provider string
The method used to deliver a verification code to a user. Currently, it can only be sent to a user email.
- expiresAt string
The date and time when a token is due to expire.
- accessToken object
If 2FA is disabled, the details about the access token.
Show object fields- token string
The access token.
- createdAt string
The date and time when a token was generated.
- expiresAt string
The date and time when a token is due to expire.
- refreshToken object
If 2FA is disabled, the details about the refresh token.
Show object fields- token string
The refresh token.
- createdAt string
The date and time when a token was generated.
- expiresAt string
The date and time when a token is due to expire.
{
"2faRequired": true,
"2faDetails": {
"token": "b2fcf999-2b0b-451d-9888-094a79117aa5",
"provider": "email",
"expiresAt": "2022-01-01T00:00:00+00:00"
}
}
Confirm a 2FA verification code
Use this method to confirm a 2FA verification code sent to a user email and obtain a set of access and refresh tokens.
Note
The default number of allowed attempts to confirm a 2FA code is 3 within a minute. After exceeding the limit, you’ll be not allowed to authenticate during a certain period of time.
Request
Body:
- token string required
The 2FA token.
- code string required
The verification code sent to a user email.
POST[host]/api/v2/2fa/confirm
curl --location --request POST 'https://host.name/api/v2/2fa/confirm' \
--data-raw '{
"token": "b2fcf999-2b0b-451d-9888-094a79117aa5",
"code": "123456"
}'
Response
- accessToken object
The details about the access token.
Show object fields- token string
The access token.
- createdAt string
The date and time when a token was generated.
- expiresAt string
The date and time when a token is due to expire.
- refreshToken object
The details about the refresh token.
Show object fields- token string
The refresh token.
- createdAt string
The date and time when a token was generated.
- expiresAt string
The date and time when a token is due to expire.
{
"accessToken": {
"token": "wyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
"createdAt": "2022-01-01T00:00:00+00:00",
"expiresAt": "2022-01-01T00:00:00+00:00"
},
"refreshToken": {
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
"createdAt": "2022-01-01T00:00:00+00:00",
"expiresAt": "2022-01-01T00:00:00+00:00"
}
}
Refresh the access token
Use this method to refresh the access token.
If the access token has expired, you can use a valid refresh token to obtain a new set of access and refresh tokens.
Note
The default number of allowed attempts to refresh the access token is 5 within a minute. After exceeding the limit, you’ll be not allowed to authenticate during a certain period of time.
Request
Body:
- refreshToken string required
The refresh token issued for a user.
POST[host]/api/v2/refresh
curl --location --request POST 'https://host.name/api/v2/refresh' \
--data-raw '{
"refreshToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w"
}'
Response
- accessToken object
The details about the access token.
Show object fields- token string
The access token.
- createdAt string
The date and time when a token was generated.
- expiresAt string
The date and time when a token is due to expire.
- refreshToken object
The details about the refresh token.
Show object fields- token string
The refresh token.
- createdAt string
The date and time when a token was generated.
- expiresAt string
The date and time when a token is due to expire.
{
"accessToken": {
"token": "wyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
"createdAt": "2022-01-01T00:00:00+00:00",
"expiresAt": "2022-01-01T00:00:00+00:00"
},
"refreshToken": {
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
"createdAt": "2022-01-01T00:00:00+00:00",
"expiresAt": "2022-01-01T00:00:00+00:00"
}
}
Sign out of the Back Office
Use this method to sign out of the Back Office.
Request
Header parameters:
Authorization: Bearer <access_token>
POST[host]/api/v2/signout
curl --location --request POST 'https://host.name/api/v2/signout' \
--header 'Authorization: Bearer <token>'
Response
In case of success, HTTP code 200 is returned.
If the access token issued for a user was revoked or expired, HTTP code 401 is returned.