Token Generation
Generate secure JWT tokens for game client authentication
JWT Token Generation
The token is a JWT signed using the private key corresponding to the public key you provided during registration. It must be signed with the RS256 algorithm.
Token Generation Process
- Build the JWT payload as described below
- Sign it using RS256 (RSA with SHA-256) and your private key
- Pass the token as a query parameter to the game iframe URL
JWT Payload Structure
Standard Claims
| Claim | Description |
|---|---|
iss | Operator ID (issued to you during registration) |
sub | Player ID (unique identifier for the player) |
aud | Game Instance ID (from your game configuration) |
iat | Issued at (timestamp in seconds) |
exp | Expiry (within 3 hours of iat) |
Custom Data Object
Include a data object with the following fields:
| Field | Type | Description |
|---|---|---|
balance | float | User balance at session start |
name | string | Player display name |
timestamp | number | Milliseconds timestamp of balance snapshot |
Example JWT Payload
{
"iss": "your-operator-id",
"sub": "player-12345",
"aud": "aviator-usd-standard",
"iat": 1712401234,
"exp": 1712412034,
"data": {
"balance": 1234.56,
"name": "PlayerName",
"timestamp": 1712401234567
}
}Token Security
- Never expose your private key in client-side code
- Generate tokens on your backend server only
- Set appropriate expiry times (maximum 3 hours)
- Validate player session before generating tokens
- Use secure random values for
iatand ensureexpis properly set