# Authorization in the Back Office

The B2COPY API supports authorization that uses a **bearer token**. To get a pair of access and refresh tokens, use the method described below. Once you have the access token, make sure to include the access token in the **Bearer Authorization Header** of your API requests.

{% hint style="info" %}
To obtain a pair of access and refresh tokens, you must already be registered in the Back Office and have credentials to access it.
{% endhint %}

<mark style="color:blue;">`POST`</mark> `[host]/api/v2/signin`

## **Request**

In the request body, specify the following parameters:

**Body**

<table><thead><tr><th width="141">Name</th><th width="114">Type</th><th width="106">Required</th><th>Description</th></tr></thead><tbody><tr><td><strong>email</strong></td><td>string</td><td>Yes</td><td>The email address used for accessing the Back Office.</td></tr><tr><td><strong>password</strong></td><td>number</td><td>Yes</td><td>The password used for accessing the Back Office.</td></tr></tbody></table>

**Request example**

```shell
curl --location --request POST 'https://host.name/api/v2/signin' \
--data-raw '{
  "email": "username@example.com",
  "password": "Secret123"
}'
```

## Response

The response includes a pair of access and refresh tokens.

**Response example**

```json
{  
  "2faRequired": false,
  "accessToken": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
      "createdAt": "2024-01-01T00:00:00+00:00",
      "expiresAt": "2024-01-01T00:00:00+00:00"
   },
   "refreshToken": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjU2MDY3MTU0LCJleHAiOjE2NTYxMDMxNTQsImlzcyI6Imh0dHBzOlwvXC9hcC52ZW5kb3IuY29tIn0.u6HuS_oQ4udk2EEUa-7XutJ0CAKIZty1OcFaqTckLRGYEr3xcWXZEHCfrhDl31N6_t0XP6_m-ESue_NoWx_f1sGMv6XMT0pPg1NQ1XJ1JJ4slaeEWjSuGIl8_Jbj-20zZOvwzUZbed7UQg0jUM11OUt0l1jVVSF19vKJJpVGFDYMIOHkS7tlFeKiypReYRd2af-Pf_au1v6vG3V42SFpZER3eKqALZkoT617B35enJdtUqmyrRgb_rCIOCwAHQdUcOuosyBUk9U-Cz3WEoHx5nqtvFVAeXKqlbn0Cbqk4joFt1FY8nUqlyVZNI9E3-dbjFPzod8Vej6rkAVd312M3w",
      "createdAt": "2024-01-01T00:00:00+00:00",
      "expiresAt": "2024-01-01T00:00:00+00:00"
   }
}
```