GameCenter Web Api

<back to all web services


Authorizes a device if the supplied credentials are valid.

Make sure this is only called over an encrypted (SSL) tunnel!

Returns a device token that must be sent on all subsequent API "Authenticate" calls.

Passwords collected from the user must never be stored. But this returned DeviceToken may be stored on the device permanently. The DeviceToken should be stored encrypted, but sent to the API in the clear.

It is unlikely that the DeviceToken will be reset or invalidated, but is possible in some rare scenarios. Ensure the client may recollect the Password from the user (remember, Password must not be stored) in these cases.

The following routes are available for this service:
NameParameterData TypeRequiredDescription
UsernamebodystringYesUsername, usually an email address
PasswordbodystringYesPassword should be sent unencrypted—but make sure it is never saved and that this the tunnel is encrypted with SSL before sending!

To override the Content-type in your clients HTTP Accept Header, append the .other suffix or ?format=other


The following are sample HTTP requests and responses. The placeholders shown need to be replaced with actual values.

POST /max/reply/AuthorizeDevice HTTP/1.1 
Content-Type: text/max
Content-Length: length