Basic access authentication
Before you start using the B2Core IB API, obtain a pair of your Client ID
and Client Secret
(refer to How to access the API for step-by-step instructions).
These are unique credentials that allow to recognize which app is using the API. They’re essential to protect you and your customers. Keep them in a safe place.
After that, make a POST request with your Client ID
and Client Secret
(Base64 encoded) to the B2Core IB server.
Request
Header parameters:
Content-Type: application/json
Authorization: Basic <Base64-encoded Client ID and Client Secret>
Body:
- grant_type string
Always
"client_credentials"
.
POST [base]/tokens
curl --location --request POST 'https://your.base-url.here/tokens' \
--header 'Authorization: Basic <credentials>' \
--data-raw '{
"grant_type": "client_credentials"
}'
Response
Body:
- access_token string
The access token.
- token_type string
Always
"Bearer"
.- expires_in integer
The token lifespan in milliseconds.
RESPONSE EXAMPLE
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9",
"token_type": "Bearer",
"expires_in": 600
}