Skip to main content
POST /v1/game/session/verify Verifies an issued by the PlayWave launcher. On success, starts billing and creates a game session.

Request

Headers

X-Api-Key
string
required
Per-game API Key.
Content-Type
string
required
application/json

Body

ott
string
required
UUID extracted from LaunchData.
provider_user_id
string
required
Roblox Player UserId converted to string.
{
  "ott": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "provider_user_id": "123456789"
}

Response

Success — 200

{
  "success": true,
  "request_id": "req_abc123",
  "data": {
    "is_valid": true,
    "game_session_id": "gs_550e8400-e29b-41d4-a716-446655440000",
    "is_pc_cafe": true
  }
}
is_valid
boolean
required
Whether verification succeeded.
game_session_id
string
required
Game session ID — use for heartbeat and session end calls.
is_pc_cafe
boolean
required
Whether the user is at a verified PC cafe.

Verification failure — 200

Business logic failures also return HTTP 200. Always branch on the is_valid value. 
{
  "success": true,
  "request_id": "req_abc123",
  "data": {
    "is_valid": false,
    "reason": "OTT_EXPIRED"
  }
}
reasonDescription
OTT_EXPIREDOTT expired (over 1 min since issuance)
OTT_ALREADY_USEDOTT already consumed
GAME_MISMATCHOTT game / API Key game mismatch
NOT_CHARGEABLEBilling not possible (insufficient , etc.)

Errors

HTTPCodeDescription
400BAD_REQUESTMissing required fields or format error
401INVALID_API_KEYInvalid API Key

Luau example

local function verifySession(player)
    local joinData = player:GetJoinData()
    local ott = joinData.LaunchData

    if not ott or ott == "" then
        return nil
    end

    local success, response = pcall(function()
        return HttpService:RequestAsync({
            Url = API_URL .. "/game/session/verify",
            Method = "POST",
            Headers = {
                ["X-Api-Key"] = API_KEY,
                ["Content-Type"] = "application/json",
            },
            Body = HttpService:JSONEncode({
                ott = ott,
                provider_user_id = tostring(player.UserId),
            }),
        })
    end)

    if not success or response.StatusCode ~= 200 then
        return nil
    end

    local body = HttpService:JSONDecode(response.Body)
    return body.data
end