Game User Access Token Verification Process
•
To verify that a user has accessed the game in the Game Server, the following process is executed:
◦
Game User Access Token is obtained from the Game Client
◦
Validity of Game User Access Token is verified through the Stove Server
◦
Confirm user
Game User Access Token Verification Sequence Diagram
Access Token Type
Token Type | Issue | Role | Valid |
Game User Access Token | Client | Verifies user. | 6 hrs(21600000ms) |
Refresh Token | Client | To communicate with the Stove API server, you authenticate with the server. | 720 hrs(30 Day) |
Server Access Token | Server | Verifies server to communicate with the Stove API server. | 720 hrs(30 Day) |
Game User Access Token
•
Refers to the token obtained through the StoveSDK_GetToken() function from the Client to the PC_SDK (hereafter referred to as the Game User Access Token).
•
There are two types of tokens obtained through the StoveSDK_GetToken() function.
◦
Game User Access Token : An access token that serves as a proof of authorization for security reasons and has a relatively short validity period (6 hours).
◦
The Game User Access Token has a validity period of 6 hours (21600000ms) and requires reissuance after the expiration time.
API Access Token Introduction
•
The issued `API Access Token` is used for requests.
•
The issued token must be passed in the `authorization` header.
•
The validity of an `API Access Token` is 30 days.
•
The validity period can be changed per client_id.
•
It is recommended to periodically call the "API Access Token issuance API" to renew the token, or to save "expires_in" and call the issuance API to renew the token before expiration.
•
When calling the API Access Token Issuance API, if the validity period of the existing token remains, the existing token is passed, and if less than 30% remains, a new token is issued.
•
The same server token can be used on multiple servers, and we expect the API call cycle to be different for each server, so even after issuing a new token, the existing token can be used until the existing validity period.
Take Note
Authentication is required for the game server to communicate with the Stove API server, which requires an API Access Token.
The API Access Token is valid for 30 days and must be reissued after the expiration date.
(read below for more details)
Issue API Access Token
Pre-checklist
•
Issue a key to get an API Access Token.
◦
"client_id" and "client_secret" values are required to get an API Access Token.
◦
"client_id" and "client_secret" values need to be issued according to the service environment such as "Live" and "Sandbox", and you can contact STOVE Store
Introduction
•
Issuing and retrieving API access tokens.
•
Token validity time is 30 days
•
If 70 percent of the validity time of an existing issued token has passed, a new token will be issued. ex) If the validity time is set to 60 seconds, the existing token is retrieved until the token validity time is 20 seconds, and then a new token is issued.
•
All currently issued tokens can be used until the expiration time.
Basic information
POST /auth/v5/server_token
Host:
https://api.onstove.com (LIVE)
https://api.gate8.com (SB)
Content-Type: application/json
Plain Text
복사
Request
Header
Name | Type | Required | Default Value | Example | Description |
Content-Type | application/json |
Parameters
Name | Type | Required | Default Value | Example | Description |
client_id | String | Y | com.stove.test.server | Ask the technical PM | |
client_secret | String | Y | alkjsdf8jsf9n3onf78s9dhfjlk398f9hlksdfuihaoisdhf | Ask the technical PM | |
service_id | String | Y | SGP_EVENT | Game ID |
Response
Body
Name | Type | Required | Default Value | Example | Description |
code | int | Y | 0 | Response code | |
message | String | Y | success | Response message | |
response_data | Object | N | Response value |
#response_data
Name | Type | Required | Default Value | Example | Description |
access_token | String | Y | sljdflksjd239ofmosdg98yfgoudfgfljsfoj3498klfbsdfgs98dfug;lkj== | ||
token_type | String | bearer | |||
expires_in | Integer | Y | 2591999 | Expiration time in seconds |
Sample
Request
curl --location --request POST 'https://api.onstove.com/auth/v5/server_token' \
--header 'Content-Type: application/json' \
--data-raw '{
"client_id": "com.sgp.event.server",
"client_secret": "4tqFNG5ysyBUa6rk-dS4CQ",
"service_id": "SGP_EVENT"
}'
Plain Text
복사
Response
Content-Type : application/json
{
"code": 0,
"message": "success",
"response_data": {
"access_token": "-LEn5c7a9L-PaLuOYh8qiyBZOLhTJ6U3oesa1USdf9zhYLwrM6gVEPoedM-QqkT8tskTm0u9-1QhoEdrznCHC_nWHBQ46oVnwBdV9I69bihX8Rzntm3Gv-qTVQrYJG5trLAdcgVInhPGJRYy_t944APpkXtaXWzvfd2tvMsFT08",
"token_type": "bearer",
"expires_in": 2591999
}
}
JSON
복사
Response failure examples
{
"code": 40105,
"message": "invalid client"
}
JSON
복사
Return Code
HTTP Status code | Code | Message | Description |
200 | 0 | success | Success |
401 | 40105 | No client found | invalid client |
Game User Access Token Validation
Introduction to Game User Access Token Validation
•
When the client passes the "Game User Access Token" to the Game Server, the Game Server passes it back to the STOVE Platform (Auth Server) for authentication to check if it is a valid token.
•
In this authentication process, the API Access Token must be included in the header, and if the API Access Token does not exist, it must be issued through the API Access Token Issuance API.
Basic information
POST /member/v3.0/{game_id}/token/verify
Host:
https://api.onstove.com (LIVE)
https://api.gate8.com (SB)
Content-Type: application/json
Plain Text
복사
Request
Header
Name | Type | Required | Default Value | Example | Description |
Authorization | String | Y | - | Bearer {{api_access_token} | |
Content - Type | application/json |
Body
Name | Type | Required | Default Value | Example | Description |
access_token | String | Y | - | {Access Token} |
Response
Body
Name | Type | Required | Default Value | Example | Description |
code | int | Y | 0 | Response code | |
message | String | Y | success | Response message | |
value | Object | N | Response value |
value
Name | Type | Required | Default Value | Example | Description |
member_no | Long | Y | 20005061986 | STOVE Full Member Number | |
guid | Long | N | 200000000397 | A unique membership number for each gameGenerated upon acceptance of the game terms. |
Sample
Request
curl -L -X POST 'https://api.onstove.com/member/v3.0/MVP_SDK_QA/token/verify' \
-H 'Authorization: Bearer Es_ulMUjO7OHmk8WfiPE0-zQAppdPEyye6rRRmrZKkw3sdN38bTYANAsco_0kOHc4EPNPGQHKzV4B080JLd1smLs7YkFwpDOwEKi0aqX_qOa7_LVTl-9jvrWfiYQ-XqiUu7HGScjAWth0_K_CXwsdnvogSf3yE3oRSUvD66obgg' \
-H 'Content-Type: application/json' \
--data-raw '{
"access_token": "eyJhbGciOiJIUzI1NiJ9.eyJleHBpcmVfdGltZSI6MTY2MzkyNDQwNzQxNywibWVtYmVyX25vIjoyMDAwNTA2MTk4NiwiYXBwbGljYXRpb25fbm8iOjEwMDAyfQ.lVXx2gL-7keAs42wFDZLS-coqkSUFIAli3Opq4Is34K7ZgnpnneHJx15ofczp3Ep0ogEggRm5WNOungptQqdZy3WbNcMg-0-6MDv2x1QG-MseSAxS1hNZ5TLeDx6emSdSkAsqcp1f6kqnqRX1Hp8oTqPB-UKMQOzx91ox5cbF5KnmaKcf6VZ7tUtaDvCSxS1Ec3xda7iQCBrtgT8wmbppdkcSV2Z7AQbpP8gVnX9-I0_ZHpXroz6nzujdK8DUCJqD7cW5R5nTwMedW5pndqzzQ"
}'
Plain Text
복사
Response
Content-Type : application/json
{
"code": 0,
"message": "success",
"value": {
"member_no": 20005061986,
"guid": 200000000397
}
}
Plain Text
복사
Response failure examples
{
"code": 40000,
"message": "bad request"
}
Plain Text
복사
Return Code
HTTP Status code | Code | Message | Description |
200 | 0 | Success | Success |
200 | 40000 | bad request | Invalid parameters- Missing token delivery- If you used user_access_token in the authorization header |
401 | 40101 | invalid token | server access token Error |
200 | 41002 | Invalid game id | Invalid game_id- If the gameID in the token is different from the requested gameID |