Skip to main content

Authentication API

Authentication guide for the Intraverse platform APIs.

Overview

The Intraverse platform uses different authentication methods depending on the API:

  • Public APIs: No authentication required
  • Game Key Authentication: For game-related operations
  • JWT Token Authentication: For user-specific operations

Authentication Methods

Public APIs

Many endpoints are public and require no authentication:

  • All Tournament APIs (/api/v2/tournament/...)
  • All Drop APIs (/api/v2/drop/...)

Game Key Authentication

Game-specific operations require a game key in the header:

x-game-key: your-game-key-here

Server Key Authentication

Server-specific operations require a Server key in the header:

x-game-server-key: your-game-key-here

JWT Token Authentication

User-specific operations require a JWT token:

Authorization: Bearer user-jwt-token-here

Used by:

  • Get User Score API (GET /api/v2/game-point/game-client/{roundId})

Usage Examples

Public API (no authentication)

const response = await fetch("https://api.intraverse.io/api/v2/tournament/game/my-game?size=10");
const result = await response.json();

Game Key Authentication

const response = await fetch("https://api.intraverse.io/api/v2/game-point/", {
  method: "POST",
  headers: {
    "x-game-key": "your-game-key-here",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    roundId: "round-123",
    userId: "user-456",
    score: 1500,
    roomId: "room-abc",
  }),
});

JWT Token Authentication

const response = await fetch("https://api.intraverse.io/api/v2/game-point/game-client/round-123", {
  headers: {
    Authorization: `Bearer ${userJwtToken}`,
  },
});

Error Codes

CodeDescription
401Unauthorized - Invalid or missing authentication
400Bad Request - Invalid request parameters
404Not Found - Resource not found

Security Best Practices

Game Key Security

  • Never expose game keys in client-side code
  • Use environment variables to store game keys securely
  • Rotate keys regularly for enhanced security

JWT Token Security

  • Validate tokens before using
  • Handle token expiration gracefully
  • Use secure storage for tokens (avoid localStorage for sensitive data)
  • Implement proper logout when tokens expire

General Security

  • Use HTTPS for all API communications
  • Validate inputs before sending requests
  • Handle errors properly to avoid exposing sensitive information

Next Steps