Home B2Core API REST API The Back Office API Authentication

Authentication

Use these methods to sign in and out of the Back Office.

POST[host]/api/v2/signin

Sign in to the Back Office

POST[host]/api/v2/2fa/confirm

Confirm a 2FA verification code

POST[host]/api/v2/refresh

Refresh the access token

POST[host]/api/v2/signout

Sign out of the Back Office

Sign in to the Back Office

Use this method to sign in to the Back Office.

Note

The default number of allowed sign-in attempts is 5 within a minute. After exceeding the limit, you’ll be not allowed to authenticate during a certain period of time.

Request

Body:

email string required

The user email.

password string required

The user password.

POST[host]/api/v2/signin

curl --location --request POST 'https://host.name/api/v2/signin' \
--data-raw '{
  "email": "foo@bar.com",
  "password": "Secret123"
}'

Response

2faRequired boolean

If true, two-factor authentication (2FA) is enabled; otherwise, false.

2faDetails object

If 2FA is enabled, the details about 2FA.

Show object fields
token string

The 2FA token that is used to obtain the access token.

provider string

The method used to deliver a verification code to a user. Currently, it can only be sent to a user email.

expiresAt string

The date and time when a token is due to expire.

accessToken object

If 2FA is disabled, the details about the access token.

Show object fields
token string

The access token.

createdAt string

The date and time when a token was generated.

expiresAt string

The date and time when a token is due to expire.

refreshToken object

If 2FA is disabled, the details about the refresh token.

Show object fields
token string

The refresh token.

createdAt string

The date and time when a token was generated.

expiresAt string

The date and time when a token is due to expire.

RESPONSE EXAMPLE 
{
  "2faRequired": true,
  "2faDetails": {
    "token": "b2fcf999-2b0b-451d-9888-094a79117aa5",
    "provider": "email",
    "expiresAt": "2022-01-01T00:00:00+00:00"
  }
}

Confirm a 2FA verification code

Use this method to confirm a 2FA verification code sent to a user email and obtain a set of access and refresh tokens.

Note

The default number of allowed attempts to confirm a 2FA code is 3 within a minute. After exceeding the limit, you’ll be not allowed to authenticate during a certain period of time.

Request

Body:

token string required

The 2FA token.

code string required

The verification code sent to a user email.

POST[host]/api/v2/2fa/confirm

curl --location --request POST 'https://host.name/api/v2/2fa/confirm' \
--data-raw '{
  "token": "b2fcf999-2b0b-451d-9888-094a79117aa5",
  "code": "123456"
}'

Response

accessToken object

The details about the access token.

Show object fields
token string

The access token.

createdAt string

The date and time when a token was generated.

expiresAt string

The date and time when a token is due to expire.

refreshToken object

The details about the refresh token.

Show object fields
token string

The refresh token.

createdAt string

The date and time when a token was generated.

expiresAt string

The date and time when a token is due to expire.

RESPONSE EXAMPLE 
{
  "accessToken": {
    "token": "wyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
    "createdAt": "2022-01-01T00:00:00+00:00",
    "expiresAt": "2022-01-01T00:00:00+00:00"
  },
  "refreshToken": {
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
    "createdAt": "2022-01-01T00:00:00+00:00",
    "expiresAt": "2022-01-01T00:00:00+00:00"
  }
}

Refresh the access token

Use this method to refresh the access token.

If the access token has expired, you can use a valid refresh token to obtain a new set of access and refresh tokens.

Note

The default number of allowed attempts to refresh the access token is 5 within a minute. After exceeding the limit, you’ll be not allowed to authenticate during a certain period of time.

Request

Body:

refreshToken string required

The refresh token issued for a user.

POST[host]/api/v2/refresh

curl --location --request POST 'https://host.name/api/v2/refresh' \
--data-raw '{
  "refreshToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w"
}'

Response

accessToken object

The details about the access token.

Show object fields
token string

The access token.

createdAt string

The date and time when a token was generated.

expiresAt string

The date and time when a token is due to expire.

refreshToken object

The details about the refresh token.

Show object fields
token string

The refresh token.

createdAt string

The date and time when a token was generated.

expiresAt string

The date and time when a token is due to expire.

RESPONSE EXAMPLE 
{
  "accessToken": {
    "token": "wyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
    "createdAt": "2022-01-01T00:00:00+00:00",
    "expiresAt": "2022-01-01T00:00:00+00:00"
  },
  "refreshToken": {
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
    "createdAt": "2022-01-01T00:00:00+00:00",
    "expiresAt": "2022-01-01T00:00:00+00:00"
  }
}

Sign out of the Back Office

Use this method to sign out of the Back Office.

Request

Header parameters:

  • Authorization: Bearer <access_token>

POST[host]/api/v2/signout

 curl --location --request POST 'https://host.name/api/v2/signout' \
--header 'Authorization: Bearer <token>'

Response

In case of success, HTTP code 200 is returned.

If the access token issued for a user was revoked or expired, HTTP code 401 is returned.