An end-user that uses String to pay with a credit or debit card within your Game is a "Player." All transactions require a Player to be "logged-in" prior to requesting a quote and submitting a transaction on behalf of that Player.
Read through this page for more detail on logging in Players through our Basic Authentication or use Integrated Authentication for a more immersive experience. Navigate to our Returning Players page to make things easy on your repeat customers. For visual aids, review our Auth UX Diagrams mapping out log-in scenarios.
String's Player identity system is designed to minimize user friction wherever possible. Players do not have to create a separate "account" to use String. Rather, our API "logs-in" the Player by a simple two-step identity authentication process that includes:
- Verifying the Player's wallet address, to confirm they control the private key,; and
- Verifying the Player's email to confirm they have access to that email account.
Once a Player's wallet and email are initially verified, String creates a Player identity and returns a unique UID for that Player, which can be used for subsequent API calls.
One Player, One Identity
String creates a new Player identity whenever it receives both a wallet address and an email address that are not associated with an existing Player. Player identity may include multiple wallets, email address, and payment methods. String will always check whether an existing Player identity should be updated with a new wallet rather than creating a new identity.
A returning Player will be able to transact through String as long as their wallet is connected to the Platform and their session remains active. If the Player's session expires, they simply need to sign a new Signature Request payload sent to their wallet to log back in. A returning user will only have to re-verify their email as a security measure, for example if they are using a new device, or we detect unusual behavior.
All String transactions first require a logged-in Player in order for the game to request a quote and initiate the transaction. String utilizes one of two methods of identity verification:
Basic Authentication: String verifies the Player identity directly. Best used in games using browser wallets like MetaMask or through Wallet Connect. String sends a Signature Request payload to the wallet the Player has connected to the game. Once the Player signs that request, String sends the Player an email verification link to confirm access to that account. See our Basic Authentication page for more detail or head to the String Checkout Demo to try it out yourself.
Integrated Authentication: the Game verifies the Player's identity on their behalf. Best used in games with in-game custodial or smart contract wallets where the Game helps manage the Player's private key. The Game signs the Signature Request on behalf of the Player without sending an additional prompt to the UI. Once that request is signed Games may utilize email delegation to sign on behalf of the Player if they have previously validated their email address. See our Integrated Authentication page for more detail.
Updated 7 months ago