Pley Authentication

A toolkit (in the Pley SDK) that helps you with authenticating and identifying users.

Authentication is a required feature for most games:
1) The game must recognize the users.
2) Check if they have permission to play.
3) Make sure their previous progress is delivered to them.

Pley's solution for authentication is called AuthKit.
Looking for implementation documentation? Read the authentication how-to here!

Before talking about Authkit, it is important to understand that users playing your game on the web aren't always registered users. Pley is an ultra-accessible platform meaning a player can access any game on the Pley platform at any time from any browser. Your game can be played by users that aren't logged in or even signed up to the Pley platform. This is where AuthKit comes in; it helps you verify and authenticate users on the Pley platform when required. It does so by hooking up to your backend and providing access to Pley's backend to verify any user logged in on the platform.


AuthKit is Pley's tool to identify, verify, and authenticate users on the Pley platform who is trying to play your games. It integrates with your back-end and provides access to Pley's backend to verify any logged-in users on the platform.


Authentication is Unique!

How authentication is solved is often unique, with each game having its own technology to solve it. AuthKit is lightweight β€” it can be adapted to integrate Pley with the exact authentication of your game.

User's ID Journey

Before we look at a user's ID journey on Pley, it is better to define two pieces of information first:

  • Game User ID: This is a unique, permanent ID that identifies the user currently playing your game. The Game User ID is primarily used to authenticate a user when dealing with sensitive processes (for example when buying an item).
  • Play Token: This is a unique token generated every time a user starts a new session for your game (similar to a session ID). This token is only valid for a limited time (~30 minutes). The Play Token is primarily used to verify that a player is a Pley player and to obtain their Game User ID.

With that out of the way, let's look at the user's ID journey:

User's ID journey.

User's ID journey.


Play Token & Session Token

The Session Token, formerly called Play Token, is a temporary authentication token used on Pley to identify user sessions. If you use an older version of the Pley SDK, it'll be called "Play Token" - but they are the same.

It starts with a request submitted from your game client to the Pley SDK using AuthKit. The SDK provides a Session Token to your game client. Your client would then send it to your backend which in turn would send it over to our server (Pley JSON API) that verifies it. If it checks out, it sends back the Game User ID to your backend. At that point, you can store the Game User ID on your backend for further use and send an "authentication completed" flag to the client.


Implementation: Getting & Sending Session Token

For the implementation of Pley's authentication and how to fetch/send Pley session tokens, read this how-to guide.