Quick start

Working auth in about five minutes: create an app, drop in the SDK, paste two values, call three methods.

Your client only holds public values, the app id and public key. No secret ships in your app.

1. Create an app

In the dashboard, click New App and open it. Copy the App ID and public key from the Overview tab. The private signing key never leaves the server.

2. Generate a key

Open the Keys tab and click Generate. Choose a duration (one day to lifetime, or custom) and a count. Copy one to test with.

Keys work two ways: a username and password account that redeems the key, or the key alone with no account.

3. Add the SDK

Grab the SDK from the sidebar (AtlasAuth.cs, or atlasauth.h and atlasauth.cpp) and add it to your project. Paste your two values.

C#

var client = new AtlasAuth.AtlasClient(
    appId: "YOUR-APP-ID",
    spkiPublicKeyBase64: "YOUR-PUBLIC-KEY");

C++

atlas::Client client("YOUR-APP-ID", "YOUR-PUBLIC-KEY");

4. Log in

Call Init, then Login, then start the heartbeat. The heartbeat polls the server and kicks the user when their key expires, their session is killed, the app goes to maintenance, or they are banned.

C#

await client.Init();

if (!await client.Login(username, password))
{
    Console.WriteLine(client.LastError);
    return;
}

client.StartHeartbeat(reason =>
{
    Console.WriteLine($"Session ended: {reason}");
    Environment.Exit(0);
});

C++

client.init();

if (!client.login(username, password))
{
    std::cout << client.lastError() << "\n";
    return 1;
}

client.startHeartbeat([](std::string reason)
{
    std::cout << "Session ended: " << reason << "\n";
    std::exit(0);
});

Each call generates a nonce, verifies the server signature, and checks the HWID, so a spoofed server cannot fake a login.

Next

• C# SDK and C++ SDK: every method, errors, the HWID seed, a full sample.
• HTTP API: the raw endpoints, without an SDK.
• Security model: how signing blocks spoofing.