The JWT client lets you register your application and authenticates your user as a player on Playoff without using the Playoff Login System. This enables your application to completely hide playoff from your users, so your application will be able to create players on Playoff and use the API on their behalf. This uses the JWT flow.
The JWT flow lets you create a JWT (JSON Web Token) using your client id, client secret, player_id and scopes in your own backend.
This mainly comprises of the following steps:
Your application backend creates this JWT with your user associated to player_id on Playoff. If the playlyer doens'nt exists for the user you need to create one.
Your application backend then sends this JWT to your fronend be it a web app, mobile app etc.
The Playoff servers validate your request and respond with the JWT. Your application can now use this JWT to use Playoff's API.
As you would have noticed, the user plays no part in this flow and is completely hidden from playoff. The expiry time and refreshing the JWT must be handled by your backend application.
Creating the Client
To create a client, head over to your app and navigate to
Menu > Develop > Clients.
There, add a new client and in the client page, select
- No for the first question (Should API calls be made from the backend?)
Yes for the second (Has own login login system?)
You will need to enter a client name and choose if it is a test client. In a test client, all activity will happen in staging, so that your can safely test your client without worrying about data in production.
The client scopes decide what parts of the API does this client have access to. Be default, the client has access to only Player Runtime routes.
To make things simpler, we have created various SDKs which abstract you from things like refreshing an expired token, attaching it while making requests, etc. You can choose the right SDK based on your preferred language.