POST /session/verify

{
  "ott": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "provider_user_id": "123456789"
}

{
  "success": true,
  "request_id": "req_abc123",
  "data": {
    "is_valid": true,
    "game_session_id": "gs_550e8400-e29b-41d4-a716-446655440000",
    "is_pc_cafe": true
  }
}

{
  "success": true,
  "request_id": "req_abc123",
  "data": {
    "is_valid": false,
    "reason": "OTT_EXPIRED"
  }
}

local function verifySession(player)
    local joinData = player:GetJoinData()
    local ott = joinData.LaunchData

    if not ott or ott == "" then
        return nil
    end

    local success, response = pcall(function()
        return HttpService:RequestAsync({
            Url = API_URL .. "/game/session/verify",
            Method = "POST",
            Headers = {
                ["X-Api-Key"] = API_KEY,
                ["Content-Type"] = "application/json",
            },
            Body = HttpService:JSONEncode({
                ott = ott,
                provider_user_id = tostring(player.UserId),
            }),
        })
    end)

    if not success or response.StatusCode ~= 200 then
        return nil
    end

    local body = HttpService:JSONDecode(response.Body)
    return body.data
end