curl -X POST \
  'https://{YOUR_AUTHENTICATE_PLAYER_ENDPOINT}' \
  -H 'Content-Type: application/json' \
  -H 'x-publisher-token: <x-publisher-token>' \
  -H 'signature: <signature>' \
  -d '{
    "authMethod": "otp",
    "date": "2025-10-21T14:17:27.329Z",
    "appId": "NA",
    "playerLocation": {
      "countryCode2": "US",
      "state": "FL"
    },
    "otp": {
      "playerCode": "974018",
      "accessToken": "9ac888fa33412197b"
    },
    "os": "ios",
    "sessionId": "2e55b3fc-31ef-6dd7-8161-8aeb376b3a23"
  }'

{
  "status": "valid",
  "playerProfileImage": "",
  "publisherPlayerId": "986222719",
  "playerName": "Mary Littlelamb",
  "sessionMetadata": {
    "abTest": "group1",
    "locale": "en-US"
  }
}

Player Authentication

Authenticate Player Callback

This is a callback API. Appcharge calls this endpoint on your server when specific events occur.

Notifies your system to authenticate a player in your web store.

Appcharge calls this endpoint when a player attempts to log in to your web store using one of the configured login methods. Your server identifies the player and responds with either the player data or an authentication error.

If the response indicates a successful authentication, the player is logged in to the web store.

POST

{YOUR_AUTHENTICATE_PLAYER_ENDPOINT}

curl -X POST \
  'https://{YOUR_AUTHENTICATE_PLAYER_ENDPOINT}' \
  -H 'Content-Type: application/json' \
  -H 'x-publisher-token: <x-publisher-token>' \
  -H 'signature: <signature>' \
  -d '{
    "authMethod": "otp",
    "date": "2025-10-21T14:17:27.329Z",
    "appId": "NA",
    "playerLocation": {
      "countryCode2": "US",
      "state": "FL"
    },
    "otp": {
      "playerCode": "974018",
      "accessToken": "9ac888fa33412197b"
    },
    "os": "ios",
    "sessionId": "2e55b3fc-31ef-6dd7-8161-8aeb376b3a23"
  }'

{
  "status": "valid",
  "playerProfileImage": "",
  "publisherPlayerId": "986222719",
  "playerName": "Mary Littlelamb",
  "sessionMetadata": {
    "abTest": "group1",
    "locale": "en-US"
  }
}

curl -X POST \
  'https://{YOUR_AUTHENTICATE_PLAYER_ENDPOINT}' \
  -H 'Content-Type: application/json' \
  -H 'x-publisher-token: <x-publisher-token>' \
  -H 'signature: <signature>' \
  -d '{
    "authMethod": "otp",
    "date": "2025-10-21T14:17:27.329Z",
    "appId": "NA",
    "playerLocation": {
      "countryCode2": "US",
      "state": "FL"
    },
    "otp": {
      "playerCode": "974018",
      "accessToken": "9ac888fa33412197b"
    },
    "os": "ios",
    "sessionId": "2e55b3fc-31ef-6dd7-8161-8aeb376b3a23"
  }'

{
  "status": "valid",
  "playerProfileImage": "",
  "publisherPlayerId": "986222719",
  "playerName": "Mary Littlelamb",
  "sessionMetadata": {
    "abTest": "group1",
    "locale": "en-US"
  }
}

Headers

x-publisher-token

string

Publisher token.

signature

string

The signed payload.

Body

application/json

authMethod

enum<string>

Authentication method the player used.

Note: If the player logged in using either Pre-Authenticated Login or Game Redirect Login, Appcharge sends the value otp.

Available options:

facebook,

apple,

google,

userToken,

userPassword,

otp

Example:

"facebook"

token

string | null

Authentication token. Used for SSO Login and Player ID Login.

Example:

"sdfddtt7"

date

string<date-time>

UTC time when the player tried to log in.

Example:

"2024-07-21T14:17:27.329Z"

appId

string

App ID in the Publisher Dashboard. Used for the SSO Login method. If no app ID is available, Appcharge sends "NA".

Example:

"611392880818819"

userName

string | null

Username the player entered when logging in to the web store.

Example:

"expertgamer1979"

password

string | null

Password the player entered when logging in to the web store.

Example:

"732hf8820pk!"

otp

object | null

Additional authentication tokens provided by your game.

Note: This field is sent only if the player logged in using Pre-Authenticated Login or Game Redirect Login.

Show child attributes

enum<string>

Operating system the player used to log in.

Available options:

ios,

android,

web

Example:

"android"

utmSource

string

Source of the traffic. This is where the player came from before reaching the store.

Example:

"Facebook"

utmMedium

string

Marketing channel used to bring in the traffic.

Example:

"email"

utmCampaign

string

Marketing campaign identifier associated with the traffic.

Example:

"spring_sale."

sessionId

string

Session ID.

Example:

"2e55b3fc-31ef-6dd7-8161-8aeb376b3a23"

playerLocation

object

Location of the player.

Show child attributes

Response

status

enum<string>

required

The status of the player authentication. If you pass a value other than valid, the API fails.

Available options:

valid

Example:

"valid"

publisherPlayerId

string

required

Player ID.

Example:

"vip2247691"

playerName

string

required

Player name.

Example:

"Jim Cardashian"

playerProfileImage

string

Player profile image. If no image is available, an empty string must be provided. In this case, a default image is displayed.

Example:

"https://scontent-iad4-1.xx.fbcdn.net/v/t6.30597-1/84628273_176159830277856_972693363922829312_n.jpg?stp=c379.0.1290.1290a_cp0_dst-jpg_s50x50_tt6&ccb=1-7"

sessionMetadata

object

An object for passing data related to the player's session. It is returned in the Grant Award Callback, and if enabled, the Personalization API.

Example:

{ "abTest": "group1", "locale": "en-US" }

Introduction Initiate Game Auth Callback

⌘I

Overview

What's New

Web Store

Checkout

Media

Events Center

Translations

Authenticate Player Callback

Headers

Body

Response