Verify token¶
Uses the token, Player ID, and Device ID from PlayerInfo returned after a successful login from the app client to validate the user's token on the app server.
The Verify token API operates through Server-to-Server communication, where the app server calls the Hive authentication server directly. If the app does not allow duplicate logins, you can manage validated tokens or implement session management using the app's own session key.
Request URL¶
| Production URL | https://auth.qpyou.cn/v2/game/token/get-token |
|---|---|
| Distributed environment URL | https://auth.globalwithhive.com/v2/game/token/get-token |
| Sandbox URL | https://sandbox-auth.qpyou.cn/v2/game/token/get-token |
| HTTP Method | POST |
| Content-Type | application/json |
| Data Format | JSON |
Note
The Hive authentication server is configured in a distributed environment to prepare for failures or unstable network communication.
If a failure occurs while communicating with the authentication server host, or if the timeout defined on the app server is exceeded, the app server must directly call the distributed environment URL (Fallback URL).
Request header¶
| Field name | Description | Type | Required |
|---|---|---|---|
| Authorization | User token returned after a successful game client login (PlayerInfo.token) | String | Y |
| X-Access-Token | User Token returned after a successful game client login OAuth 2.0 Access Token for player identity verification | String | Y |
| ISCRYPT | Whether data is encrypted (0 = not encrypted; always pass 0) | Integer | Y |
Request body¶
| Field name | Description | Type | Required |
|---|---|---|---|
| appid | App ID | String | Y |
| did | Device ID returned after successful login | String | Y |
| player_id | Authentication Player ID returned after successful login | BigInteger | Y |
| include_fields | Additional field list Field list for requesting additional information in the response | Array | N |
Note
You can optionally return additional information through the include_fields parameter. When requesting token verification, the response includes the corresponding information under data based on the field values specified in the include_fields array.
Additional field list¶
| Field name | Description | Type |
|---|---|---|
| is_blocked | Whether use is restricted (true - restricted, false - normal) | Boolean |
| is_device_registered | Whether device management is used (true - used, false - not used) | Boolean |
| join_timestamp | player_id registration date (Unix Timestamp) | Long |
| china_pi_no | China real-name verification number. Returns null if real-name verification has not been completed | String / null |
Response body¶
| Field name | Description | Type |
|---|---|---|
| result_code | Response code, 0=validation succeeded | Integer |
| result_msg | Result message | String |
| token_validation | JWT validation result (JWT validation error) | Object |
| token_validation.result_code | JWT validation result code | Integer |
| token_validation.result_msg | JWT validation result message | String |
| data | Object containing the information specified in include_fields in the request | Object |
Response code¶
| Code value | Description |
|---|---|
| 0 | Success |
| 2300 | Refunded user subject to repayment |
| 4000 | Invalid parameter |
| 4001 | Request JSON error |
| 2499 | JWT validation failed (see token_validation) |
| 5000 | DB error |
| 6000 | Invalid appid |
| 6001 | IdP token error |
| 7000 | Invalid token |
| 7001 | No token value in header |
| 9999 | Unknown error |
Request example¶
{
"appid": "com.com2us.hivesdk.normal.freefull.apple.global.ios.universal",
"did": "255764404509548",
"player_id": 10000000000
}
include_fields¶
{
"appid": "com.com2us.hivesdk.normal.freefull.apple.global.ios.universal",
"did": "255764404509548",
"player_id": 10000000000,
"include_fields": ["is_blocked", "is_device_registered", "join_timestamp", "china_pi_no"]
}
Response example¶
Success¶
{
"result_code": 0,
"result_msg": "SUCCESS",
"token_validation": {
"result_code": 0,
"result_msg": "success"
}
}
JWT validation failure¶
{
"result_code": 2499,
"result_msg": "JWT validation failed. See token_validation for details.",
"token_validation": {
"result_code": 2408,
"result_msg": "The access token is expired. Please refresh your token."
}
}
include_fields¶
{
"result_code": 0,
"result_msg": "SUCCESS",
"token_validation": {
"result_code": 0,
"result_msg": "success"
},
"data": {
"is_blocked": false,
"is_device_registered": false,
"join_timestamp": 1495594605,
"china_pi_no": null
}
}
Note
When JWT validation fails, you can check detailed error information in the token_validation field. For details, see JWT validation error codes.