Authentication
Last updated
Last updated
API credentials are sent to your e-mail after registration. You can regenerate them anytime in Control panel > API Access.
POST
[base]/token
Name | Type | Required | Description |
---|---|---|---|
Once you receive a new key pair using your refresh token, the previous refresh token can no longer be used. A refresh token that is found to be invalid while not being expired must be rendered suspicious.
POST
[base]/token/refresh/
The response body is the same as for Obtain token request, but without meta
fields.
Refer to the example below for a sign verification instance.
Name | Type | Description |
---|---|---|
HTTP code | Application code | Description | Suggested action |
---|---|---|---|
Name | Type | Required | Description |
---|---|---|---|
HTTP code | Application code | Description | Suggested action |
---|---|---|---|
login
string
Yes
Your API key.
password
string
Yes
Your API secret.
access
string
Your access token. It has an expiry time of about a minute and after expiration should be refreshed.
refresh
string
The long-living token that is used for obtaining new access tokens (refer to Refresh token).
access_expired_at
string
The date and time of access token expiration.
refresh_expired_at
string
The date and time of refresh token expiration.
is_2fa_confirmed
boolean
If true
, 2FA is enabled.
2FA is unavailable for API users.
time
string
The date and time of request receiving.
sign
string
The HMAC signature for a response payload authentication.
To verify that the refresh token was sent by B2BINPAY, generate an HMAC signature using the sha256
as algorithm: sha256
hash of the concatenation of your login and password as a key, and the concatenation of meta.time
and refresh
fields as a message.
Refer to Auth verification below for a sign verification example.
200
—
OK
—
400
2006: No active account found with the given credentials
Incorrect credentials
Send correct credentials.
429
throttled: Request was throttled
Too many requests
Try again later.
500
—
Internal server error
Try again later.
502
—
Bad gateway
Try again later.
503
—
Service unavailable
Try again later.
504
—
Gateway timeout
Try again later.
5xx
—
Other server errors
Try again later.
refresh
string
Yes
Your refresh token from the Obtain token response.
200
—
OK
—
401
2007: No active account found with the given credentials
Incorrect credentials
Send correct credentials.
500
—
Internal server error
Try again later.
502
—
Bad gateway
Try again later.
503
—
Service unavailable
Try again later.
504
—
Gateway timeout
Try again later.
5xx
—
Other server errors
Try again later.