Version: en

Creating the Ticket Authorization Tokens

warning

This documentatin is now deprecated. If you are using Matchmaker Self Serve though UDash contact us directly to get access to the new documentation

In this tutorial, we will focus on creating the ticket endpoint authorization tokens needed. There are two types of tokens we need to create, the Service Token and the Delegate Tokens.

For the purposes of this tutorial, we will be using Postman to create the tokens.

Flow Overview#

Basic Matchmaking Flow

Prerequisites#

Creating the Service Token#

The service token is created using the client_id and client_secret provided during onboarding.

We use the service token to create the Delegate Tokens.

To create a service token, let's create a POST request on Postman on the following endpoint: https://api.prd.identity.corp.unity3d.com/oauth2/token.

Body#

{
"grant_type": "client_credentials",
"client_id": "{your-client-id-here}",
"client_secret": "{your-client-secret-here}",
"scope": "identity.delegate-token"
}

Response#

{
"access_token": "{service token}",
"scope": "identity.delegate-token",
"token_type": "bearer",
"expires_in": 3599
}
note

The {service token} should be cached on the game service and never shared with the game clients.

Creating the Delegate Tokens#

The delegate token is created using the service token created earlier. Delegate tokens have two scopes, matchmaking, and matchmaking.read.

  • The matchmaking scope provides all-access to the Matchmaking service (Read, Write, Delete)
  • The matchmaking.read scope (player access token) provides read-only-access to the Matchmaking service.

Creating the All-Access (matchmaking) Delegate Token#

The all-access delegate token is created using the service token created in the previous step.

The all-access delegate token is used by the game service to create/delete tickets on behalf of game clients.

To create an all-access delegate token, let's create a POST request on Postman on the following endpoint: https://api.prd.identity.corp.unity3d.com/oauth2/delegate-token.

Header#

Key: Authorization Value: Bearer {service token}

Body#

{
"user_id": "{game-service-id}",
"scope": "matchmaking"
}

Response#

{
"access_token": "{all-access delegate-token}",
"expires_in": 3599
}
note

The {game-service-id} can be any unique id to identify the Game Service using the all-access delegate token.

Creating the Read-Only-Access (matchmaking.read) Delegate Token#

The read-only-access delegate token is created using the service token created in the previous step.

The read-only-access delegate token is used by the game clients to poll for ticket status.

To create a read-only-access delegate token, let's create a POST request on Postman on the following endpoint: https://api.prd.identity.corp.unity3d.com/oauth2/delegate-token.

Header#

Key: Authorization Value: Bearer {service token}

Body#

{
"user_id": "{player_id}",
"scope": "matchmaking.read"
}

Response#

{
"access_token": "{read-only-access delegate-token}",
"expires_in": 3599
}
note

The {player_id} can be any unique id to identify the client.

What's Next?#