# Authenticate Users

When a player launches a game, THNDR will make a server-to-server request to the Operator to validate the session and authenticate the user.

This ensures that the sessionId provided during game launch is valid and not expired.

#### Endpoint

```url
GET {operatorURL}/thndr/sessions/{sessionToken}
```

#### Path Parameters

* `operatorURL` - Base URL of the Operator’s API.
* `sessionToken` - The session token originally provided by the Operator when launching the game. It should be single-use and expire very quickly.

Expected Response

```json
{
  "userId": "{USER_ID}",
  "displayName": "{DISPLAY_NAME}",
  "sessionId": "{OPTIONAL_SESSION_ID}",
  "currency": "{OPTIONAL_USER_CURRENCY}",
  "subOperatorID": "{OPTIONAL_SUB_OPERATOR_ID}",
}
```

* `userId` - Unique identifier of the player on the Operator’s platform.
* `displayName` - Player’s display name, safe for public display within THNDR games.
* `sessionId` - Must be a valid UUID if provided. If omitted, the API will treat the path parameter `sessionToken` as the session ID.
* `currency` - Player's wallet currency (read more in [Currencies](/integration/server-webhooks/currencies.md)).
* `subOperatorId` - Identifies a specific sub-operator under a main operator, enabling separate tracking and reporting across multiple game portals

#### Error Handling

If the session is invalid, expired, or otherwise not usable, the Operator should return:

```
HTTP/1.1 403 Forbidden
Content-Type: application/json

{
  "errors": [
    {
      "code": "SESSION_EXPIRED",
      "isClientSafe": true
    }
  ]
}
```

#### Signature Verification

Verify the request signature using “sessionId” as the request payload. More in the [Request Signing](/integration/server-webhooks/request-signing.md) section.

Example signed payload:

```
Server secret: DUMMY_SECRET

Payload: 5393f66c-a063-402a-92f8-c4a8326dc29b

x-server-authorization: 35786aeba64b3468b6534245b227d4b175eba257aef3e4c3b1b9f325514448c0
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.thndr.io/integration/launch-game/standard/authenticate-users.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.