Authenticate
Validate a player's launch key and open a session.
⚠️ All Wallet API endpoints must be available only to game provider IP addresses.
POST /authenticate
POST{operator endpoint}/authenticate
Called by NeverEnding when a player launches a game. Your server must validate the key, open a session, and return a bearer token for subsequent calls.
Request
Headers: X-Server-Authorization: hmac_sha256_hash
{
"sessionId": "321e4567-e89b-45d3-b594-41234174249",
"walletId": "777casino-platform",
"operatorId": "777casino-uk",
"game": "firefruit-sevens-classic",
"key": "launch_key"
}
Request Parameters
| Field | Type | Description | |
|---|---|---|---|
| sessionId | string (UUID) | required | Unique session identifier generated for this game session |
| walletId | string | required | Platform wallet identifier, provided by NeverEnding |
| operatorId | string | required | Operator identifier, provided on /generate-launch-url |
| game | string | required | Game identifier |
| key | string | required | Launch key, provided on /generate-launch-url |
Response
✓ 200 OK
{
"playerId": "player_777",
"token": "bearer_token",
"balance": 100.57,
"currency": "eur",
"brandId": "777casino"
}
Response Parameters
| Field | Type | Description |
|---|---|---|
| playerId | string | Operator's unique identifier for the player |
| token | string | Bearer token to be used in the Authorization header for all subsequent wallet API requests |
| balance | number | Current player balance in the player's currency |
| currency | string | ISO 4217 currency code for the player's wallet (e.g. eur, usd) |
| brandId | string | Brand / casino identifier associated with this operator |