Authentication overview
Elympics currently offers 3 methods of authentication for players:
- Telegram - meant for games launched as Telegram Mini Apps, authenticating the player based on
initData
provided by Telegram, - Ethereum - allowing Ethereum wallet owners to authenticate themselves by signing a nonce,
- guest - creating temporary, limited accounts for guests identifying themselves with a randomly generated client secret.
Each method return a JWT token to be used in HTTP Bearer authentication when accessing Elympics endpoints.
Additionally, publishers are authenticated using API keys. Accessing an endpoint requires putting such a key in a custom HTTP request header: Elympics-Publisher-API-Key
.
Telegram Mini App authentication
To authorize the player inside Telegram, Elympics uses Telegram’s initData (detailed here: https://docs.telegram-mini-apps.com/platform/init-data) and Bot id(s) for Telegram Bot(s) where Mini App was registered.
Therefore, Elympics will need:
- Telegram Bot Id(s) – in order to verify user’s authorization
Publisher (you) will need:
- Elympics Publisher Api Key (request via private message) (can be provided after sending bot id(s))
Flow description
- User opens Mini App.
- Use endpoint Telegram Auth V3. Make sure to add an HTTP Header
Elympics-Publisher-API-Key
with your API key. - Upon successful authorization, you will receive player’s JWT token that can be used in other Elympics endpoints.