Efficient Token Management with the B2BINPAY API

Accessing and integrating with the B2BINPAY API requires a secure and efficient approach to token management. This article walks you through the step-by-step process of obtaining, using, refreshing, and renewing tokens to ensure uninterrupted and optimized API interactions.

📌 Step 1: Obtain an Authentication Token

To start using the B2BINPAY API, you first need to generate an authentication token.

API Endpoint:

POST https://api-sandbox.b2binpay.com/token/

Request Headers:

Content-Type: application/vnd.api+json

Request Body:

{
  "data": {
    "type": "auth-token",
    "attributes": {
      "login": "your_login",
      "password": "your_password"
    }
  }
}

Response:

{
   "data": {
       "type": "auth-token",
       "id": null,
       "attributes": {
           "refresh": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTcxODIzNjA2NCwiaWF0IjoxNzE4MjE0NDY0LCJqdGkiOiI0OGFlOTA3ZmNhMjY0NjI1YTQzYmU4ZGFmNzgxZGM3NiIsInVzZXJfaWQiOjM0fQ.hr3Q6gW4Ht9dFzQR-BFXkCKHwBJDFQL_XFoqTHcmv-Y",
           "access": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNzE4MjE1MzY0LCJpYXQiOjE3MTgyMTQ0NjQsImp0aSI6ImFhMzU0ZmE4NGFlOTQyZjZhZTMzOGViYjdkMzQzNGZkIiwidXNlcl9pZCI6MzR9.dcZFcTPUwrDo3wT4C5CINcJTbsRwmcX5btFLKg13pY0",
           "access_expired_at": "2024-06-12T18:02:44.405243Z",
           "refresh_expired_at": "2024-06-12T23:47:44.405243Z",
           "is_2fa_confirmed": false
       }
   },
   "meta": {
       "time": "2024-06-12T17:47:44.405243Z",
       "sign": "39c20afc367abfde2a971a189fb10d76b74769a6add5e01e211c951246b77ce9"
   }
}

Upon successful authentication, you'll receive the following values:

• data.attributes.access: Your access token (valid for approx. 3 minutes)
• data.attributes.access_expired_at: Expiry time of the access token
• data.attributes.refresh: Refresh token
• data.attributes.refresh_expired_at: Expiry time of the refresh token

⚠️ If you receive an error like “No active account found with the given credentials,” double-check your login credentials.

⏳ Step 2: Use the Access Token

Before making any authorized API calls (e.g., deposits, withdrawals), ensure that:

• The current time is less than access_expired_at.

If valid, include the token in your request header:

Authorization: Bearer YOUR_ACCESS_TOKEN

You can reuse this token for up to 30-40 requests during its lifespan.

🔄 Step 3: Refresh the Token

If the access token has expired, you don’t need to log in again. Instead, refresh it using the refresh token.

API Endpoint:

POST https://api-sandbox.b2binpay.com/token/refresh/

Request Body:

{
  "data": {
    "type": "auth-token",
    "attributes": {
      "refresh": "YOUR_REFRESH_TOKEN"
    }
  }
}

This will return a new access token and refresh token along with updated expiration times.

🔁 Step 4: Reauthenticate if Refresh Token is Expired

If the current time is past refresh_expired_at, you will need to:

1. Make a new login request using your KEY and SECRET (Step 1).
2. Obtain a fresh set of tokens.

✅ Summary of Token Lifecycle

📈 Best Practice: Store token expiration timestamps and validate them before each request to avoid unnecessary failures.

🚀 Benefits of Proper Token Management

• Performance: Avoid repeated login requests by refreshing tokens.
• Scalability: Make up to 30–40 API requests with a single access token.
• Security: Tokens expire quickly, reducing risk exposure.