Configure a JWT secret and learn the required payload formats for authenticating users in your game.
Use JWT authentication
To use a JWT for your game's authentication:
Go to the Configuration tab of your game.
In the JWT Auth Secret field, either:
Click the refresh icon to generate a secure key (recommended).
Enter a UTF8 key directly to provide your own secret key. The key must be at least 32 characters long (256 bit).
Save your settings.
Your system uses this secret key to sign the JWT token's signature using the HS256 algorithm. Xtremepush uses the same secret to verify the token's authenticity.
Required JWT format
The JWT payload must follow a specific structure for Xtremepush to identify the user and validate the token. The required structure depends on whether your user data is managed in Xtremepush or externally.
User data managed in Xtremepush
When Xtremepush manages user data, use the following JWT payload structure:
{
"account": "34523453",
"expiration": "2024-12-18T15:31:00.983Z"
}Field | Required | Description |
|---|---|---|
| Yes | The unique user ID of the logged-in user for whom the game is being launched. The value must be a string. |
| No | The token's validity period. The value must be in ISO 8601 format. |
User data not managed in Xtremepush
When user data is not managed in Xtremepush, use the following JWT payload structure:
{
"account": "34523453",
"metadata": {
"custom_attribute1": 123,
"custom_attribute2": 233
},
"expiration": "2025-09-15T10:00:00Z"
}Field | Required | Description |
|---|---|---|
| Yes | The unique user ID of the logged-in user. The value must be a string. |
| Yes | The custom attributes and their corresponding values created for your user segments. See Before you create a game campaign for more information. |
| No | The token's validity period. The value must be in ISO 8601 format. |