Authentication overview

Elympics currently offers 3 methods of authentication for players:

• Telegram - meant for games launched as Telegram Mini Apps, authenticating the player based on initData provided by Telegram,
• Ethereum - allowing Ethereum wallet owners to authenticate themselves by signing a nonce,
• guest - creating temporary, limited accounts for guests identifying themselves with a randomly generated client secret.

Each method return a JWT token to be used in HTTP Bearer authentication when accessing Elympics endpoints.

Additionally, publishers are authenticated using API keys. Accessing an endpoint requires putting such a key in a custom HTTP request header: Elympics-Publisher-API-Key.

Telegram Mini App authentication

To authorize the player inside Telegram, Elympics uses Telegram’s initData (detailed here: https://docs.telegram-mini-apps.com/platform/init-data) and Bot id(s) for Telegram Bot(s) where Mini App was registered.

Therefore, Elympics will need:

• Telegram Bot Id(s) – in order to verify user’s authorization

Publisher (you) will need:

• Elympics Publisher Api Key (request via private message) (can be provided after sending bot id(s))

Flow description

1. User opens Mini App.
2. Use endpoint Telegram Auth V3. Make sure to add an HTTP Header Elympics-Publisher-API-Key with your API key.
3. Upon successful authorization, you will receive player’s JWT token that can be used in other Elympics endpoints.