Phoenix Games

Token Generation

Generate JWT tokens for game sessions

JWT Token Generation

When a player opens a game, your backend generates a JWT token containing the player's identity and current balance. The token is signed with RS256 (RSA-SHA256) using your private key - the same key pair you registered with Phoenix.

JWT Payload

{
  "iss": "674313a46a5c39392ce82995",
  "sub": "player_12345",
  "aud": "6818d6a417bc778023664625",
  "iat": 1712401234,
  "exp": 1712412034,
  "data": {
    "balance": 1234.56,
    "name": "PlayerName",
    "timestamp": 1712401234567
  }
}
ClaimDescription
issYour Operator ID (received during registration)
subPlayer ID - must match the player_id you use in webhook responses
audGame Instance ID (received when game instances are configured)
iatIssued at, Unix seconds
expExpiry, Unix seconds. Maximum 3 hours after iat
data.balancePlayer's current balance as a float (e.g., 1234.56 not cents)
data.namePlayer display name shown in-game
data.timestampBalance snapshot time, Unix milliseconds (UTC)

Signing Examples

Node.js

const jwt = require('jsonwebtoken');
const fs = require('fs');

const PRIVATE_KEY = fs.readFileSync('private_key.pem');

function generateGameToken(operatorId, playerId, instanceId, balance, playerName) {
  const now = Math.floor(Date.now() / 1000);
  return jwt.sign({
    iss: operatorId,
    sub: playerId,
    aud: instanceId,
    iat: now,
    exp: now + 3 * 3600,
    data: {
      balance: balance,
      name: playerName,
      timestamp: Date.now()
    }
  }, PRIVATE_KEY, { algorithm: 'RS256' });
}

Python

import jwt
import time

def generate_game_token(operator_id, player_id, instance_id, balance, player_name):
    now = int(time.time())
    payload = {
        "iss": operator_id,
        "sub": player_id,
        "aud": instance_id,
        "iat": now,
        "exp": now + 3 * 3600,
        "data": {
            "balance": balance,
            "name": player_name,
            "timestamp": int(time.time() * 1000)
        }
    }
    with open("private_key.pem", "rb") as f:
        private_key = f.read()
    return jwt.encode(payload, private_key, algorithm="RS256")

Using the Token

Pass the token as a query parameter when loading the game iframe:

https://games.phoenixbet.io/{game_id}?token={jwt_token}&instanceId={instance_id}

Notes

  • Generate tokens server-side only. Never expose your private key to the client.
  • The balance in the token is a snapshot. Phoenix will call /player-balance to get the current value during gameplay.
  • If the token is expired or has an invalid signature, the game will not load.

Overview

Backend integration with Phoenix Games

Security

Request signing and verification