Skip to content
Gameye Gameye Gameye Docs

Authentication

All endpoints in the Gameye Session API require authentication. This guide explains how to properly authenticate your requests.

Bearer Token Authentication

Section titled “Bearer Token Authentication”

The Gameye Session API uses Bearer Token Authentication, which means you need to include an API token in the header of every request.

How to Use Your Token

Section titled “How to Use Your Token”

Add your token to the Authorization header in this format:

Authorization: Bearer YOUR_TOKEN_HERE

Example

Section titled “Example”
GET /session HTTP/1.1
Host: api.gameye.io
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Obtaining a Token

Section titled “Obtaining a Token”

Create or retrieve an API token in the Gameye Admin Panel:

  1. Sign in to the Admin Panel.
  2. Open Users and find the account that will own the token (use the search bar if needed).
  3. Open the row Actions menu (⋮) and choose Edit.
  4. On the Update User page, scroll to API Tokens:
    • New token: click + Add Token, set a name and scopes, then create the token. Copy the value immediately — the full token is only shown at creation time.
    • Existing token: click the eye icon next to the masked token to reveal it.
  5. Store the token securely (environment variables or a secret manager).

For scope selection, disabling or deleting tokens, and security practices, see API tokens.

Token Security

Section titled “Token Security”

Here are some best practices for keeping your token secure:

  • Never share your token in public repositories or client-side code
  • Use environment variables to store your token in your applications
  • Consider rotating your token periodically
  • Use the sandbox environment for testing

Authentication Errors

Section titled “Authentication Errors”

If authentication fails, you’ll receive a 401 Unauthorized response with details about the error. Common reasons for authentication failure include:

  • Missing token
  • Invalid token format
  • Expired token
  • Token doesn’t have permission for the requested resource

Example Error Response

Section titled “Example Error Response”
{
  "statusCode": 401,
  "code": "UNAUTHORIZED",
  "message": "Authentication failed",
  "details": "Invalid bearer token",
  "path": "/session",
  "identifier": "abc123",
  "timestamp": "2023-04-01T12:00:00Z"
}

Next Steps

Section titled “Next Steps”

Once you’ve set up authentication, you can: