Implementing Authentication

A toolkit (in the Pley SDK) that helps you with authenticating and identifying users.

AuthKit is Pley's tool to identify, verify, and authenticate users on the Pley platform who is trying to play your games. It integrates with your back-end and provides access to Pley's backend to verify any logged-in users on the platform.

This article is just the how-to to implement Pley Authentication into your game.
Read more about Pley Authentication here.

1) Fetch the Pley Session Token.
2) Send the Session Token to your backend.
3) Backend verifies the Session Token with the Pley server through an HTTP request.
4) Pley returns the game_user_id. The user is now verified.

Note that Session Tokens expire after 30 minutes on Pley. If you are doing any verifications, it is recommended to fetch a new Session Token and verify it.

Getting and Sending Play Token


API References

You can find the methods called in the references for Unity SDK AuthKit and for the C SDK AuthKit.

Getting and sending Play Token from the SDK is simple.

// Remember to initialize the SDK first. 

// Request a Play Token ID from the SDK:
private string GetPleyPlayToken()
	return Pley.AuthKit.GetPlayToken();

// Now that we have the Play Token ID, we send it over to your backend so the backend can send a request to Pley's server.
private void SendTokenToBackend()
	// Your backend's server send request

Getting the Game User ID using the Play Token


HTTP API References

You can find the references for the Pley HTTP API by clicking here.

Before we get the Game User ID, it is recommended that you verify the Play Token with the Pley server first. To do that, simply create an HTTP request using cURL, from your backend:

curl -X POST \ \
  -H 'Authorization: Bearer your-api-token' \
  -H 'Content-Type: application/json' \
  -d '{
    "play_token": "users-play-token"

Your backend will receive a JSON response back.

  "data": {
    "game_user": {
      "game_user_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
      "username": "Tornado92"
    "game_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

Note that while this JSON contains the Game User ID, it also includes the username. Pley supports usernames, but note that Guest users does not have a username. It is recommended to avoid using usernames in your game, even though it is provided.

Secondly, you can check the status code for this response. As customary we use 200 for a valid response (i.e. verified Play Token) and a 400 as a bad request (i.e. corrupt Play Token)


We've included the Game ID within the response JSON so you can identify a specific game. This can be useful if you have multiple games hooked to the same backend service and need verification. This is also used by us to authenticate you as a developer when a request is sent.

Verification Frequency

How often you need to verify a user depends on the communication between your game and the backend. If your communication with the backend is stateless (i.e. communicating with an HTTP API without sessions) we recommend you either verify with each call or at least with very sensitive calls (i.e. calls that will modify your database).
If your communication with the backend is stateful (for example using WebSocket) then you can verify once at the beginning of said communications.


Play Token ID Expires

As mentioned above, Play Tokens expire after a while automatically (every 30 minutes). We recommend you request the Play Token when you're doing any verifications just in case.


SDK Game User ID

The Game User ID is available from within the SDK. However, the method call isn't meant to be used for verification as the resulting Game User ID can be easily tampered with. The purpose of this method call is to help in error reporting for example.

What’s Next