To make API requests to the base zeuz API, you must first log in to zeuz. You also need to authenticate every API request you make after login by attaching a sign-hash to the request; the sign-hash is your API request’s authentication credentials.
You generate the sign-hash using data zeuz returns to your login function.
You must set up both the login and sign-hash generation in scripts. You can generate the sign-hash in the same script as the login, or in the same script as your API request, depending on how you choose to set it up.
The steps and example code snippets below show you what must be in your sign-hash generation script. They cover task 4. Generate a sign-hash to attach to your API requests, listed in API authentication overview.
See Example code for a full working example that covers the following two tasks listed in API authentication overview: 3. Log in to zeuz and generate a session key and 4. Generate a sign-hash to attach to your API requests.
Warning: You may not need a sign-hash generation script.
See Do I need a sign-hash generation script? below.
Info: Do I need a sign-hash generation script?
Before you start, see the API introduction to check whether you can access the zeuz API using one of the wrappers provided in the SDK download or the SDK in Go. If you can use a wrapper or the SDK in Go you don’t need to write your own authentication scripts.
You must access the zeuz base API directly if:
You develop your game in a language other than Unity, Unreal, or Go, or
You want to use the zeuz API to build tools around your game, for example to integrate your game into your CI/CD pipeline.
The following image summarises the sign-hash generation flow, using the function names and variable names from the example code.
Image: sign-hash generation flow.
Before you begin to generate a sign-hash, ensure that you have:
Read the introductory information about the zeuz API.
See API introduction.
Read the summary of the zeuz base API authentication process, so you know what you need to set up.
Created a script to log in to zeuz and generate a session key.
See API login for details.
You use the session key from your login script, together with a new nonce and a new timestamp, to generate another hashed password called the sign-hash.
You then attach the sign-hash to your API requests until the session key expires (24 hours from the time the session key is created).
The following example C++ code:
- Generates a sign-hash
- Sends a JSON packet to the
auth_checkAPI endpoint, and
- Parses the return value for an
If the login session is valid, you can continue and send further API requests. If it’s invalid you need to perform a new login.
Example snippet in C++:
Now that you’ve generated a sign-hash, you can attach it to your API requests. See Example 4 in Example code for an illustration of this.
See Design considerations for some approaches you can take to work around the session key expiry limitation.
2021-aug-09 Page updated with editorial review: added sign-hash generation flow image.
2021-may-12 Page added with editorial review.