Handling game tokens
All Rivet API clients accept a token parameter upon initialization. This token is used to identify:
- What game & namespace the lobby or game client belongs to and
- What your API client is allowed to do.
For example:
import { RivetClient } from "@rivet-gg/api";
const RIVET = new RivetClient({ token: process.env.RIVET_TOKEN });
This document will talk about handling public, matchmaker lobby, and development tokens for your game.
Server-side lobby tokens
All lobby servers running on Rivet are automatically provided a unique lobby token in the RIVET_TOKEN environment variable. No extra work is required.
Make sure that your lobby token is never leaked. It has permission to perform sensitive actions.
Public namespace tokens
If you are building an HTML5 game, skip to tokenless authentication for web.
To connect to your game, you need to generate a public namespace token. Do that by navigating to Developer > My Game > API > Create Public Token.
This token needs to be included with the game client.
Tokenless authentication for web
Rivet can authenticate web browsers without any tokens by what domain API requests are sent from. In this case, no token needs to be provided at all to the API client.
See here for more details.
Development tokens
When developing your game locally, you can still use the Rivet API by using development tokens. These act as real tokens whenever possible and return mock responses when needed.
See here for more details.