Authenticate Users

When a player launches a game, THNDR will make a server-to-server request to the Operator to validate the session and authenticate the user.

This ensures that the sessionId provided during game launch is valid and not expired.

Endpoint

GET {operatorURL}/thndr/sessions/{sessionId}

Path Parameters

  • operatorURL - Base URL of the Operator’s API.

  • sessionId - The session ID originally provided by the Operator when launching the game. It should be single-use and expire very quickly.

Expected Response

{
  "userId": "{USER_ID}",
  "displayName": "{DISPLAY_NAME}"
}

  • userId - Unique identifier of the player on the Operator’s platform.

  • displayName - Player’s display name, safe for public display within THNDR games.

Error Handling

If the session is invalid, expired, or otherwise not usable, the Operator should return:

HTTP/1.1 403 Forbidden
Content-Type: application/json

{
  "errors": [
    {
      "code": "SESSION_EXPIRED",
      "isClientSafe": true
    }
  ]
}

Signature Verification

Verify the request signature using “sessionId” as the request payload. More in the Request Signing section.

PreviousGame APINextCustom

Last updated