API Authentication

API Authentication


All of the Fractal API features should be implemented on the game's server side. Interacting with the API from the game side is not permitted as it exposes your API secret.

Before you use any API feature, you first need to authenticate your server with the Fractal API and obtain a token that will be used in all of your requests.

To recieve a bearer token, you need to send a request to the /auth/oauth/token (opens in a new tab) POST endpoint. The request body should contain a JSON with the following attributes:

client_idYour project's client id.
client_secretYour project's client secret.

To get authentication token you need client_id and client_secret issued from Fstudio (opens in a new tab). If you dont have an account yet, follow our Getting Started Guide to create one.

curl --request POST \
     --url 'https://auth-api.fractal.is/auth/oauth/token' \
     --header 'content-type: application/json' \
     --data '{

Successful Request response should contain a JSON with the following attributes:

access_tokenThe bearer token to use in your API requests.
token_typeThe type of token you received.

Once you have received a valid token, you can use it to make authenticated requests to our API.

Keeping Your Token Alive

The token you received is valid for 20 hours. Since you will be calling all Fractal features from your game server, we recommend you to keep your token alive by verifying a token validity perodically and requesting a new one when needed.