👨‍🚀Account Authorization

Prerequisite

Ultiverse's implementation is based upon OAuth 2.0

During you initial setup you will need to contact us with the following information:

Application Basic Information:
- App Name
- App Description
- App Logo
- App Website Link
What permission you need the user to obtain. The required permission are listed below with each API call.
The redirect URI to send the user back after completing authentication/authorization

In return, We will assign a client ID and client secret for your implementation

Starting Authorization

To authenticate a user, redirect the user to

https://auth.ultiverse.io/?clientId=client_id&state=you_state&redirect_url=redirect_url

if you include the state parameter, it will be passed back to the redirect URI after the user has confirmed or denied access. Note we only support authorization code grant type.

if the user grants access, they will be redirect back to you at:

https://redirect_url?code=authorizaiton_code&state=you_state

if the user authorizes access to the game wallet, they well be redirect back to you with wallet JWT at

https://redirect_url?code=authorizaiton_code&state=you_state&wallet_access_token=xxxxxx

Note that the response is provided in the URL fragment, so it will need to be accessed client-side and passed back to your server if you need to do server-side requests.

Once you have the user's authorization code, you can get user access token with your client id and client secret.(Request should be HTTP POST request presented as form data)

Get User Access Token

POST https://openapi.ultiverse.io/api/v1/oauth/token

Headers

Name

Type

Description

Content-Type*

application/x-www-form-urlencoded

Request Body

Name

Type

Description

code*

your_authorization_code

client_id*

your_client_id

client_secret*

String

your_client_secret

grant_type*

String

authorization_code

{
    "accessToken": "b47fc6f78208fdde995b0f00d420d0746f9ba04a",
    "authorizationCode": "a67e901c9ac86c55995a13168e9c315221af627b",
    "accessTokenExpiresAt": "2023-05-10T21:48:57.919Z",
    "refreshToken": "2374dbc6d2eed64206934e1af372f06d2517ba3f",
    "refreshTokenExpiresAt": "2023-05-24T17:48:57.919Z",
    "scope": "read",
    "user": {
        "uid": "100004455454",
        "authorizationCode": "a67e901c9ac86c55995a13168e9c315221af627b"
    }
}

Refresh Access Token

If access token is expired, you can retrieve a new access token using refresh_token

Get User Access Token

POST https://openapi.ultiverse.io/api/v1/oauth/token

Headers

Name

Type

Description

Content-Type*

application/x-www-form-urlencoded

Request Body

Name

Type

Description

refresh_token*

your_refresh_token

client_id*

your_client_id

client_secret*

String

your_client_secret

grant_type*

String

refresh_token

{
    "accessToken": "b47fc6f78208fdde995b0f00d420d0746f9ba04a",
    "authorizationCode": "a67e901c9ac86c55995a13168e9c315221af627b",
    "accessTokenExpiresAt": "2023-05-10T21:48:57.919Z",
    "refreshToken": "2374dbc6d2eed64206934e1af372f06d2517ba3f",
    "refreshTokenExpiresAt": "2023-05-24T17:48:57.919Z",
    "scope": "read",
    "user": {
        "uid": "100004455454",
        "authorizationCode": "a67e901c9ac86c55995a13168e9c315221af627b"
    }
}

Retrieving the User's Resources

Once you get user's access token, all API requests are authorized in the same way. Ultiverse uses the RFC standard Authorization: Bearer <access_token>interface.

An example request is show below

curl --location 'https://openapi.ultiverse.io/api/v1/users/:uid' \
--header 'Authorization: Bearer <access_token>'

PreviousGetting Started NextGetting User Profile

Last updated 2 years ago