Tokens are a crucial element in ensuring secure and authenticated interactions between the player, your integration layer, provider systems, and wallet services. This page provides a comprehensive overview of token usage, general security considerations, and how to activate tokens for wallet operations.

Overview

A token is a unique identifier used to authenticate a player’s session and authorize various actions during gameplay and transactions. Your integration layer must use these tokens to ensure that only authorized players can access their sessions and perform actions within their scope of permissions.

Key Security Considerations

  • Confidentiality: Tokens must be kept secure and should never be exposed in URLs that can be easily intercepted or viewed by unauthorized parties.

  • Integrity: Each token is cryptographically signed to ensure its authenticity and integrity.

  • Expiration: Once expired, tokens cannot be reused and must be refreshed by authenticating again.

  • Scope: Tokens are often limited to specific actions or endpoints, ensuring that a token issued for one purpose cannot be misused for another.

Token Usage in Game Launch

During the game launch process, a token is used in the URL to authenticate the player’s session. Your integration layer should pass this token through to provider systems so that the player’s identity is validated and only authorized players can access the game session.

  • Purpose: The token included in the game launch URL serves to authenticate the session, ensuring that only the player for whom the session was created can access it.

  • Validation: The backend systems validate the token against known criteria, such as correct signatures and valid timestamps, to prevent unauthorized access.

Token Activation for Wallet Operations

Before using the token for wallet transactions, your integration layer must first activate it using the authenticate endpoint under the Wallet section. This step is critical to ensure that the token is valid and authorized for financial transactions.

Token Expiration Settings

Each token has specific expiration settings that must be configured during the integration process:

  • Debit Accept Expire Time (in seconds): This value defines the maximum time allowed for a debit to be accepted.

  • Credit/Rollback Accept Expire Time (in seconds): This value determines the allowed time window for accepting credit or rollback actions related to the debit. If these actions are not performed within the specified time, the token will expire.

It is essential that you provide these expiration values during the integration process to ensure the correct functioning of the system. Please ensure these settings are communicated accurately and kept in sync with provider capabilities to avoid potential issues.

Security Best Practices

  • Do Not Share Tokens: Tokens should never be shared between sessions or players. Each token is unique to a specific session and player.

  • Monitor Token Usage: Continuously monitor token usage and implement mechanisms to detect and prevent abuse in your integration layer.

  • Use Secure Endpoints: Ensure all endpoints handling tokens use HTTPS to protect against man-in-the-middle attacks.

Note

Tokens play a pivotal role in securing gameplay and financial transactions. Proper management, activation, and adherence to security protocols are essential to maintaining a secure gaming environment.