Inside Playoff: Authentication process

Looking to integrate Playoff into your application?
Your App, software or website have their own authentication system and you don’t want that your users to interact directly with Playoff?
A lot of our customers write to us in order to have more information about the authentication process, especially when they face the scenario mentioned above.
What do you need to do? Don’t worry, It’s easy!

In fact you'll need only to create Clients for that. Let’s see how with following easy steps.

Client credential flow

To create a client, head over to your dashboard and navigate to
Menu > Develop > Clients

There, add a new client and in the client page select:

  • Yes for the first question (Should API calls be made from the backend?)
  • Yes for the second (Has own login login system?)

Once you have created the Client, you will be granted access to:

  • Client Id
  • Client Secret

With these 2 strings you will be able to have access to APIs directly from you App’s backend.

How to use Client Id and Client Secret?

First, a tip 👀:
Client ID and Client Secret give you direct access to your game, this means that you should store these strings in a safe place, inside your backend with other credentials.
Authentication is automagically managed via SDK, but if you prefer using your own code the following snippet will show you the required format of the authentication request:

Now you are authenticated, you can use the token to call every API you’ll need.

To test the client you created works as you expect, for example you can perform an action of your game through the APIs (view all the doc  here)


To make things simpler, we have created various SDKs which abstract you from things like refreshing an expired token, attaching it while making requests, etc. You can choose the right SDK based on your preferred language:


Manage Client Permissions

You may have noticed that at the moment of the Client creation, some items were flagged ✅. These items represent the enabled permissions for a Client. Therefore, this offers the possibility of limiting access to the API.

Let’s clarify this concept with an example:

  • Let’s modifying the previously created Client:

  • Try to call “POST Play an Action” again , you will notice that the call fails with status 404 due to the “Game Runtime” permissions that have been removed by the client.

Did you seen how it is simple Playoff’s authentication process? Come on start now your free trial and test it!

Still haven’t tried Playoff?
Start now your 30-day free trial!

Please follow and like us: