STOVE Store Developer Guide alpha

# Game User Access Token validity verification

# Game User Access Token verification process

* To verify that a user has accessed the game in the Game Server, the following process is executed: 
      1) Game User Access Token is obtained from the Game Client 
      2) Validity of Game User Access Token is verified through the Stove Server 
      3) Confirm user

# Game User Access Token verification sequence diagram

# Access Token Type

Token Type Issue Role Valid
Game User Access Token Client Verifies user. 6 hrs(21600000ms)
Refresh Token Client To communicate with the Stove API server, you authenticate with the server. 720 hrs(30 Day)
Server Access Token Server Verifies server to communicate with the Stove API server. 720 hrs(30 Day)

# Game User Access Token

* Refers to the token obtained through the StoveSDK_GetToken() function from the Client to the PC_SDK (hereafter referred to as the Game User Access Token).
* There are two types of tokens obtained through the StoveSDK_GetToken() function.
  * Game User Access Token : An access token that serves as a proof of authorization for security reasons and has a relatively short validity period (6 hours).
    * The Game User Access Token has a validity period of 6 hours (21600000ms) and requires reissuance after the expiration time.

# API Access Token Introduction

* The issued `API Access Token` is used for requests.
* The issued token must be passed in the `authorization` header.
* The validity of an `API Access Token` is 30 days.
* The validity period can be changed per client_id.
* It is recommended to periodically call the "API Access Token issuance API" to renew the token, or to save "expires_in" and call the issuance API to renew the token before expiration.
* When calling the API Access Token Issuance API, if the validity period of the existing token remains, the existing token is passed, and if less than 30% remains, a new token is issued.
* The same server token can be used on multiple servers, and we expect the API call cycle to be different for each server, so even after issuing a new token, the existing token can be used until the existing validity period.

danger

  • Authentication is required for the game server to communicate with the Stove API server, which requires an API Access Token.
  • The API Access Token is valid for 30 days and must be reissued after the expiration date.

# Issue API Access Token

Pre-checklist

  • Issue a key to get an API Access Token.
    • "client_id" and "client_secret" values are required to get an API Access Token.
    • "client_id" and "client_secret" values need to be issued according to the service environment such as "Live" and "Sandbox", and you can contact STOVE technical PM.

# Introduction.

* Issuing and retrieving API access tokens.
    * Token validity time can be set (default : 30 days)
* If 70 percent of the validity time of an existing issued token has passed, a new token will be issued.
    ex) If the validity time is set to 60 seconds, the existing token is retrieved until the token validity time is 20 seconds, and then a new token is issued.
    * All currently issued tokens can be used until the expiration time.

# Basic information

POST /auth/v5/server_token
Host:
   https://api.onstove.com (LIVE)    
   https://api.gate8.com (SB)
Content-Type: application/json
1
2
3
4
5

# Request

Name Type Required Default Value Example Description
Content-Type application/json

# Parameters

Name Type Required Default Value Example Description
client_id String Y com.stove.test.server Ask the technical PM
client_secret String Y alkjsdf8jsf9n3onf78s9dhfjlk398f9hlksdfuihaoisdhf Ask the technical PM
service_id String Y SGP_EVENT Game ID

# Response

# Body

Name Type Required Default Value Example Description
code int Y 0 Response code
message String Y success Response message
response_data Object N Response value

# response_data

Name Type Required Default Value Example Description
access_token String Y sljdflksjd239ofmosdg98yfgoudfgfljsfoj3498klfbsdfgs98dfug;lkj== API Access Token
A string encrypted with AES256
200 bytes or so
token_type String bearer
expires_in Integer Y 2591999 Expiration time in seconds

# Sample

# Request

curl --location --request POST 'https://api.onstove.com/auth/v5/server_token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "client_id": "com.sgp.event.server",
    "client_secret": "4tqFNG5ysyBUa6rk-dS4CQ",
    "service_id": "SGP_EVENT"
}'
1
2
3
4
5
6
7

# Response

Content-Type : application/json

{
    "code": 0,
    "message": "success",
    "response_data": {
        "access_token": "-LEn5c7a9L-PaLuOYh8qiyBZOLhTJ6U3oesa1USdf9zhYLwrM6gVEPoedM-QqkT8tskTm0u9-1QhoEdrznCHC_nWHBQ46oVnwBdV9I69bihX8Rzntm3Gv-qTVQrYJG5trLAdcgVInhPGJRYy_t944APpkXtaXWzvfd2tvMsFT08",
        "token_type": "bearer",
        "expires_in": 2591999
    }
}
1
2
3
4
5
6
7
8
9

Response failure examples

{
    "code": 40105,
    "message": "invalid client"
}
1
2
3
4

# Return Code

HTTP Status code Code Message Description
200 0 success Success
401 40105 No client found invalid client

# Game User Access Token Validation

# Introduction to Game User Access Token Validation

* When the client passes the "Game User Access Token" to the Game Server, the Game Server passes it back to the STOVE Platform (Auth Server) for authentication to check if it is a valid token.
* In this authentication process, the API Access Token must be included in the header, and if the API Access Token does not exist, it must be issued through the API Access Token Issuance API.

# Basic information

POST /member/v3.0/{game_id}/token/verify
Host:
   https://api.onstove.com (LIVE)    
   https://api.gate8.com (SB)
Content-Type: application/json
1
2
3
4
5

# Request

# Header

Name Type Required Default Value Example Description
Authorization String Y - Bearer {{api_access_token} API Access Token
Content - Type application/json

# Body

Name Type Required Default Value Example Description
access_token String Y - {Access Token} The user access token issued by the user's authentication.

# Response

# Body

Name Type Required Default Value Example Description
code int Y 0 Response code
message String Y success Response message
value Object N Response value

# value

Name Type Required Default Value Example Description
member_no Long Y 20005061986 STOVE Full Member Number
guid Long N 200000000397 A unique membership number for each game
Generated upon acceptance of the game terms.

# Sample

# Request

curl -L -X POST 'https://api.onstove.com/member/v3.0/MVP_SDK_QA/token/verify' \
-H 'Authorization: Bearer Es_ulMUjO7OHmk8WfiPE0-zQAppdPEyye6rRRmrZKkw3sdN38bTYANAsco_0kOHc4EPNPGQHKzV4B080JLd1smLs7YkFwpDOwEKi0aqX_qOa7_LVTl-9jvrWfiYQ-XqiUu7HGScjAWth0_K_CXwsdnvogSf3yE3oRSUvD66obgg' \
-H 'Content-Type: application/json' \
--data-raw '{
    "access_token": "eyJhbGciOiJIUzI1NiJ9.eyJleHBpcmVfdGltZSI6MTY2MzkyNDQwNzQxNywibWVtYmVyX25vIjoyMDAwNTA2MTk4NiwiYXBwbGljYXRpb25fbm8iOjEwMDAyfQ.lVXx2gL-7keAs42wFDZLS-coqkSUFIAli3Opq4Is34K7ZgnpnneHJx15ofczp3Ep0ogEggRm5WNOungptQqdZy3WbNcMg-0-6MDv2x1QG-MseSAxS1hNZ5TLeDx6emSdSkAsqcp1f6kqnqRX1Hp8oTqPB-UKMQOzx91ox5cbF5KnmaKcf6VZ7tUtaDvCSxS1Ec3xda7iQCBrtgT8wmbppdkcSV2Z7AQbpP8gVnX9-I0_ZHpXroz6nzujdK8DUCJqD7cW5R5nTwMedW5pndqzzQ"
}'
1
2
3
4
5
6

# Response

Content-Type : application/json

{
    "code": 0,
    "message": "success",
    "value": {
        "member_no": 20005061986,
        "guid": 200000000397
    }
}
1
2
3
4
5
6
7
8

Response failure examples

{
    "code": 40000,
    "message": "bad request"
}
1
2
3
4

# Return Code

HTTP Status code Code Message Description
200 0 Success 성공
200 40000 bad request Invalid parameters
- Missing token delivery
- If you used user_access_token in the authorization header
401 40101 invalid token server access token Error
200 41002 Invalid game id Invalid game_id
- If the gameID in the token is different from the requested gameID
Last Updated: 1/31/2024, 5:45:28 AM

Payment validation (BULK processing)