Authentication

This page explains how to authenticate requests to and from Riddec API

Every request to the Launcher API and to the Partners API must contain header x-signature header containing Base64-encoded HMAC-SHA256 hash of the request body.

How to get request signature

Get secret key.
Initialize HMAC-SHA265 hasher with secret key.
Hash body of the request using created hasher.
Encode hash bytes into HEX encoding.

Resulting hash should be included in x-signature header in POST method requests and in signature query parameter in GET method requests.

Example HMAC signature

import crypto from 'node:crypto';
import axios from 'axios';

const secret = 'your-secret-token';
const requestBody = '{"mode":"demo","game":"cosmoloot","timestamp":123}';

// Value: f8db3a74894e23e1dc94f6a5afd8199d940f81c8244badf05edd1181868d87fd
const signature = crypto
  .createHmac('sha256', secret)
  .update(requestBody)
  .digest('hex');

await axios.post(
  'https://riddecgames.com/gateway/api/launcher/standard/your-integration-id/v1/launch',
  requestBody,
  { headers: { 'x-signature': signature } }
);

Timestamp

Unix timestamp is required and provided as a JSON property in all POST requests and as query parameter in GET request to session launch endpoint when launching session in REAL mode.

Requests are rejected after 60 seconds since provided timestamp.

PreviousSocial Tournaments NextError Policy

Last updated 1 day ago

hashtagHow to get request signature

hashtagTimestamp

How to get request signature

Timestamp