API authentication

Depending on how you use the API, you might have to set up API authentication. If you develop your game in Unity, Unreal, or Go, you can use the wrappers or SDK in Go provided in the zeuz SDK to access some of the functionality of the zeuz base API and you don’t need to set up and use API authentication. See the API introduction for details.

If you want to access some of the functionality not available through the wrappers or SDK in Go, or if you don’t use any of these development tools or languages, you can access the zeuz base API directly. To do this, you need to set up API authentication.

Overview - How to set up and use API authentication

The zeuz base API uses the JSON-over-HTTP protocol and Hash-based Message Authentication Code HMAC authentication.

Authentication flow

To log in to zeuz and send API requests using the zeuz base API, you need to authenticate API requests. The following image shows a summary of the authentication flow:

Image: zeuz base API authentication flow.

Image: zeuz base API authentication flow.

To set up and use authentication for the zeuz base API, complete the following tasks:

1. Make sure you have access to a Developer profile linked to your zeuz account

  • You use either your Developer details or an API key to send API requests, depending on the endpoint’s authorization level.

    See Authorization for details.

  • You use a Developer profile to create an API key.

    If you don’t have access to a zeuz Developer profile linked to your zeuz account, create one.

    See Developers for details.

2. Generate an API key (if you need one)

  • If you want to call the zeuz base API from your game or from an external service (for example, to manage your payloads), generate an API key. We recommend that you generate a separate API key for each task you want to perform.

    See API keys for details.

3. Log in to zeuz and generate a session key

  • Write a script to log in to zeuz.

    See the API login documentation for guidance.

    Note: In your script, you must generate several hashed values to produce a session key that is valid for 24 hours.

    You use the session key to generate another hashed password called a “sign-hash” that you use to authenticate your API requests.

4. Generate a sign-hash to attach to your API requests

  • Write a script to use the session key you generated in 3. Log in to zeuz and generate a session key, above, and generate another hashed password called a “sign-hash”.

    Note: This sign-hash is your API request’s authentication credentials.

    See Sign-hash generation for details.

    See Example code for a full working example that covers 3. Log in to zeuz and generate a session key and 4. Generate a sign-hash to attach to your API requests.

5. Attach the sign-hash to your API requests

  • See Example code for a full working example that covers this.

6. Regenerate a sign-hash as often as your setup requires

  • Ensure that you regenerate a sign-hash as often as needed, so that your API requests don’t fail.

    See Design considerations and Error handling pages for advice on dealing with the 24 hour session key expiry.


2021-aug-09 Page updated with editorial review: added authentication flow image.

2021-may-12 Page added with editorial review.


Last edited on: October 13, 2021 (149a70bd)