Basic Authentication

First-time Players are able to log-in to String simply by signing a message with the wallet that is connected to the game, and verifying their email address.

Basic Authentication can be used where Players use a browser wallet like Metamask, Brave, Wallet Connect, or any wallet where the Player controls the private key.

Verifying the Wallet Address

Player identity is based initially on the wallet the Player has connected to the game. The Game sends Player's wallet address to String via the API and String checks that address ensuring no existing Player is associated with that wallet.

String then sends a Signature Request payload to the Player's wallet. The Player signs the message confirming they control the private key to that address.

Verifying the Email Address

Once the Player's wallet is verified, String needs to verify the Player's email address. The Game can pass String the Player's email from its database, or request it from the Player at this step.

String sends a verification link to the Players provided email address. The Player clicks the link to confirm control of that address.

Creating vs Updating Player Identity

Once the Player's email is verified, String creates a Player identity and returns a unique UID for that Player, which can be used for subsequent API calls.

If the Player using a new wallet verifies an email address associated with a pre-existing wallet, String will update their Player identity to add the new wallet rather than creating a new Player. Thus the system will return to same UID associated with that email address. That Player will subsequently be able to quickly log-in with any wallet associated with their account.