Sport Buff allows end users to view content without being logged in. However, to participate in activities like playing along and appearing on the leaderboard, authentication is required.

Authentication Methods

  1. Backend to Backend Authentication: If the user is already authenticated on your platform, you can log them in transparently by performing a backend-to-backend authentication using our API. This API is protected by a private API key provided to you.
  2. SDK Login Flow: Users can log in through the Sport Buff SDK. This can trigger a login flow where users can create a Sport Buff account using their email via a One-Time Password (OTP).
  3. Anonymous Login: Users can log in anonymously with a temporary identity stored on their device.

Important: API authentication should only be performed from your backend to avoid exposing your API key.

Note: If using SDK login, you can handle the login flow yourself and pass the token to our SDK afterward.

Warning: Anonymous login is not retainable across devices or app installs, as the identity data is stored locally on the device or browser.


Logging the User In via API

To authenticate a user, use the following REST API endpoint to obtain a token:

API Request

{
  "method": "POST",
  "url": "https://api.Account_Name.buffup.net/users",
  "headers": {
    "Content-Type": "application/json",
    "X-API-Key": "API_KEY"
  },
  "body": {
    "opaqueID": "123456",
    "displayName": "ILoveSportBuff",
    "email": "[email protected]",
    "firstName": "John",
    "lastName": "Doe",
    "country": "UK"
  }
}

Request Object Format

{
  "title": "User",
  "type": "object",
  "properties": {
    "opaqueID": {
      "type": "string",
      "description": "A unique ID for this user in your system"
    },
    "displayName": {
      "type": "string",
      "description": "How to display the user (Min 3 characters, Max 25)"
    },
    "email": {
      "type": "string",
      "description": "User's email address"
    },
    "firstName": {
      "type": "string",
      "description": "User's first name"
    },
    "lastName": {
      "type": "string",
      "description": "User's last name"
    },
    "country": {
      "type": "string",
      "description": "Alpha-2 country code (e.g., GB, PL, DE)"
    }
  },
  "required": ["opaqueID"]
}

Response

{
    "refreshToken": "TOKEN",
    "userID": "UUID",
    "expiresAt": "RFC 3339 DATETIME",
    "createdAt": "RFC 3339 DATETIME"
}

Note: The opaqueID is required, while all other values are optional The opaqueID should be a unique value that you have on your backend for this user and this is the only required value in order to provide an identity for this user on our system