Verify auth token
POST /api/verify validates an auth code returned by POST /api/loginAuth and returns the user data attached to that active auth code.
This endpoint reads authCode from the JSON request body. It does not use an Authorization: Bearer header.
curl https://prod.bluesphere.live/api/verify \
-H "Content-Type: application/json" \
-d '{
"authCode": "base64url_signed_auth_code"
}'
Request body
- Name
authCode- Type
- string
- Description
Auth code returned by
POST /api/loginAuth. It must be unexpired, signed by the backend key, and still match the user's current stored auth code.
Success response
200 success
{
"success": true,
"accountId": 123456,
"onlineId": "BlueSphereUser",
"discordId": "123456789012345678",
"userId": "clx7h8k9m0000qwer1234abcd",
"currentGame": "Grand Theft Auto V",
"currentGameVersion": "1.53"
}
- Name
accountId- Type
- number
- Description
Numeric BlueSphere account identifier.
- Name
onlineId- Type
- string
- Description
Public online username for the account.
- Name
discordId- Type
- string | null
- Description
Linked Discord user ID, or
nullwhen no Discord ID is present.
- Name
userId- Type
- string
- Description
Internal BlueSphere user record ID.
- Name
currentGame- Type
- string | null
- Description
Current game title without the version, or
null.
- Name
currentGameVersion- Type
- string | null
- Description
Current game version, or
null.
Error responses
400 missing authCode
{
"error": "Authorization code is required"
}
401 invalid or expired
{
"error": "Invalid or expired authorization code"
}
401 not active for a user
{
"error": "Invalid authorization code"
}
500 server error
{
"error": "Internal server error"
}
401 can mean the auth code signature or expiry check failed, or the code is structurally valid but no longer matches the current stored auth code for a user.