Skip to content

Token

This section describes methods available for generating an authentication token for end-users within the betting platform.

Token basics

Tokens can be created for both authorized and non-authorized users.

If the user is not authorized, the token is created with an empty player_id. Non-authorized users can still see betting, but can't place bets.

Tokens never expire, so session lifecycle management must be handled on your side.

Foreign params

When generating a token, you can specify foreign_params — custom values that will be injected into every callback. Clients usually inject session information (e.g., session ID) into this field to identify the user session on their side.

Typical session flow

Create token

Generate a token for each user session. For more details, refer to the Token API section.

Receive heartbeats

While the user interacts with the SPA, heartbeat callbacks are periodically sent for each active session.

For more details, refer to the Heartbeat documentation.

Expire a session

When you decide a session is no longer valid, simply return the auth_credentials_expired error code in response to the /bet/place callback, but continue serving other requests.

On the frontend, at this moment you should renew the session and refresh the token.

For more details, refer to the Bet API documentation.

API

Swagger