Inside Playoff: Authentication process

Posted by Silvia Galessi on 29-Jul-2019 14:37:43


Looking to integrate Playoff into your application?
Your App, software or website have their own authentication system and you don’t want that your users to interact directly with Playoff?
A lot of our customers write to us in order to have more information about the authentication process, especially when they face the scenario mentioned above.
What do you need to do? Don’t worry, It’s easy!

In fact you'll need only to create Clients for that. Let’s see how with following easy steps.

Client credential flow

To create a client, head over to your dashboard and navigate to
Menu > Develop > Clients

There, add a new client and in the client page select:

  • Yes for the first question (Should API calls be made from the backend?)
  • Yes for the second (Has own login login system?)


Once you have created the Client, you will be granted access to:

  • Client Id
  • Client Secret


With these 2 strings you will be able to have access to APIs directly from you App’s backend.

How to use Client Id and Client Secret?

First, a tip 👀:
Client ID and Client Secret give you direct access to your game, this means that you should store these strings in a safe place, inside your backend with other credentials.
Authentication is automagically managed via SDK, but if you prefer using your own code the following snippet will show you the required format of the authentication request:

Now you are authenticated, you can use the token to call every API you’ll need.

To test the client you created works as you expect, for example you can perform an action of your game through the APIs (view all the doc here)


To make things simpler, we have created various SDKs which abstract you from things like refreshing an expired token, attaching it while making requests, etc. You can choose the right SDK based on your preferred language:


Manage Client Permissions

You may have noticed that at the moment of the Client creation, some items were flagged ✅. These items represent the enabled permissions for a Client. Therefore, this offers the possibility of limiting access to the API.

Let’s clarify this concept with an example:

  • Let’s modifying the previously created Client:


  • Try to call "POST Play an Action" again , you will notice that the call fails with status 404 due to the "Game Runtime" permissions that have been removed by the client.

Did you seen how it is simple Playoff's authentication process? Come on start now your free trial and test it!

Still haven't tried Playoff?
Start now your 30-day free trial!

New call-to-action


Read also: Inside Playoff: customize leaderboards to boost engagement



Topics: gamification, insideplayoff, authentication

Playoff's Blog: the limitless Gamification Platform

"Track & Reward Actions wherever they happen"  is the claim of Playoff, our gamification Platform. It allows corporates to implement gamification dynamics and mechanics into projects in a simple and insightful way, also breaking technical barriers.

Playoff works as a rules engine that takes care of all “difficult” mechanisms, like score assigning, actions tracking, players or teams  progresses and leaderboards real-time creation.

Subscribe to Our Mailing List and Stay Updated!