User GuideGamification GuideDeveloper GuideAPI Reference
User Guide
Xtremepush.com
Start typing to search…

JWT Authentication Details

Configure a JWT secret and learn the required payload formats for authenticating users in your game

Use JWT Authentication

To use a JWT for your game’s authentication, do the following:

  1. Go to the Configuration tab of your game.
  2. In the JWT Auth Secret field, you can either:
    • Provide your own secret key by entering a UTF8 key directly
    • Generate a secure key by clicking the refresh icon.
  3. Save your settings.

This secret key will be used by your system to sign the JWT token's signature using the HS256 algorithm. Xtremepush will use this same secret to verify the token's authenticity.

Required JWT format

The JWT payload must adhere to the following structure for proper user identification and token validation by Xtremepush. The required structure changes depending on whether your user data is managed in Xtremepush or externally.

User Data Managed in Xtremepush

When user data is managed in Xtremepush, the required JWT payload is structured as follows:

{  
  "account": "34523453",  
  "expiration": "2024-12-18T15:31:00.983Z"  
}
  • Account (required): It must contain the unique User ID of the logged-in user for whom the game is being launched. The value for this field must be a string.
  • Expiration (optional): If included, it defines the validity period of the token. The value must be in ISO 8601 format.

User Data not managed in Xtremepush

When user data is not managed in Xtremepush, the required JWT payload is structured as follows:

{  
  "account": "UNIQUE_USER_ID_STRING",  
  "custom attribute": "custom_value",  
  "expiration": "2025-09-15T10:00:00Z",  
}
  • Account (required): This must contain the unique User ID of the logged-in user. The value must be a string.
  • Custom_attribute (required): This represents the custom attribute and its corresponding value you created for your user segments. See Before you Create a Game Campaign for more information.
  • Expiration (optional): Defines the token's validity period in ISO 8601 format.

Add this to last bullet point in launch your game- If you’re aiming to segment your campaign and your segmentation data is stored outside Xtremepush, then ensure you use the JWT authentication method to add the token.

Updated 4 days ago