> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://docs.wuzzlo.com/llms.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.wuzzlo.com/_mcp/server.

# Authenticate a player session

POST /auth/login
Content-Type: application/json

Wuzzlo to Operator. Verify the Wuzzlo signature, validate the supplied session token, and resolve it to one wallet user. A valid session MUST return success true and body status 200. An unknown or expired session MUST return success false and body status 404.

Reference: https://docs.wuzzlo.com/wuzzlo/wuzzlo-to-operator/authenticate-a-player-session

## OpenAPI Specification

```yaml
openapi: 3.1.0
info:
  title: collection
  version: 1.0.0
paths:
  /auth/login:
    post:
      operationId: authenticateAPlayerSession
      summary: Authenticate a player session
      description: >-
        Wuzzlo to Operator. Verify the Wuzzlo signature, validate the supplied
        session token, and resolve it to one wallet user. A valid session MUST
        return success true and body status 200. An unknown or expired session
        MUST return success false and body status 404.
      tags:
        - wuzzloToOperator
      parameters:
        - name: Signature
          in: header
          description: >-
            Wuzzlo-to-Operator: Base64 RSA-SHA256 PKCS#1 v1.5 signature of the
            exact UTF-8 JSON body, verified with the Wuzzlo public key.
          required: true
          schema:
            type: string
      responses:
        '200':
          description: >-
            Authenticated test user. The response body status MUST be exactly
            200 and success MUST be true.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/OperatorAuthLoginResponse'
        '404':
          description: >-
            No demo wallet user matched any token or fallback. The response body
            status MUST be exactly 404 and success MUST be false.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/OperatorAuthLoginNotFoundResponse'
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/OperatorAuthLoginRequest'
components:
  schemas:
    OperatorAuthLoginRequest:
      type: object
      properties:
        operatorId:
          type: string
        token:
          type: string
          description: Primary operator session token to validate.
        userToken:
          type: string
        sessionToken:
          type: string
          description: Session token alias sent by Wuzzlo.
        operatorToken:
          type: string
        userId:
          type: string
          description: Optional user hint used during certification.
        gameId:
          type: string
        providerName:
          type: string
        platformId:
          type: string
        currency:
          type: string
        clientIp:
          type: string
      required:
        - operatorId
        - token
        - sessionToken
        - gameId
      description: >-
        Session payload sent by Wuzzlo. Token aliases may contain the same value
        for compatibility; token validation is authoritative.
      title: OperatorAuthLoginRequest
    OperatorAuthLoginResponse:
      type: object
      properties:
        success:
          type: boolean
          enum:
            - true
        status:
          type: integer
        userId:
          type: string
        username:
          type: string
        currency:
          type: string
        expiresAtUtc:
          type: string
          format: date-time
      required:
        - success
        - status
        - userId
        - username
        - currency
        - expiresAtUtc
      title: OperatorAuthLoginResponse
    OperatorAuthLoginNotFoundResponse:
      type: object
      properties:
        success:
          type: boolean
          enum:
            - false
        status:
          type: integer
        errorDescription:
          type: string
      required:
        - success
        - status
        - errorDescription
      title: OperatorAuthLoginNotFoundResponse
  securitySchemes:
    WuzzloSignature:
      type: apiKey
      in: header
      name: Signature
      description: >-
        Wuzzlo-to-Operator: Base64 RSA-SHA256 PKCS#1 v1.5 signature of the exact
        UTF-8 JSON body, verified with the Wuzzlo public key.

```

## Examples

### Wuzzlo to Operator_authenticateAPlayerSession_example



**Request**

```json
undefined
```

**Response**

```json
{
  "success": true,
  "status": 200,
  "userId": "1001",
  "username": "1001",
  "currency": "INR",
  "expiresAtUtc": "2026-07-14T12:00:00Z"
}
```

**SDK Code**

```python Wuzzlo to Operator_authenticateAPlayerSession_example
import requests

url = "https://api.example.com/auth/login"

headers = {
    "Signature": "<apiKey>",
    "Content-Type": "application/json"
}

response = requests.post(url, headers=headers)

print(response.json())
```

```javascript Wuzzlo to Operator_authenticateAPlayerSession_example
const url = 'https://api.example.com/auth/login';
const options = {
  method: 'POST',
  headers: {Signature: '<apiKey>', 'Content-Type': 'application/json'},
  body: undefined
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go Wuzzlo to Operator_authenticateAPlayerSession_example
package main

import (
	"fmt"
	"net/http"
	"io"
)

func main() {

	url := "https://api.example.com/auth/login"

	req, _ := http.NewRequest("POST", url, nil)

	req.Header.Add("Signature", "<apiKey>")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby Wuzzlo to Operator_authenticateAPlayerSession_example
require 'uri'
require 'net/http'

url = URI("https://api.example.com/auth/login")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Signature"] = '<apiKey>'
request["Content-Type"] = 'application/json'

response = http.request(request)
puts response.read_body
```

```java Wuzzlo to Operator_authenticateAPlayerSession_example
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.post("https://api.example.com/auth/login")
  .header("Signature", "<apiKey>")
  .header("Content-Type", "application/json")
  .asString();
```

```php Wuzzlo to Operator_authenticateAPlayerSession_example
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('POST', 'https://api.example.com/auth/login', [
  'headers' => [
    'Content-Type' => 'application/json',
    'Signature' => '<apiKey>',
  ],
]);

echo $response->getBody();
```

```csharp Wuzzlo to Operator_authenticateAPlayerSession_example
using RestSharp;

var client = new RestClient("https://api.example.com/auth/login");
var request = new RestRequest(Method.POST);
request.AddHeader("Signature", "<apiKey>");
request.AddHeader("Content-Type", "application/json");
IRestResponse response = client.Execute(request);
```

```swift Wuzzlo to Operator_authenticateAPlayerSession_example
import Foundation

let headers = [
  "Signature": "<apiKey>",
  "Content-Type": "application/json"
]

let request = NSMutableURLRequest(url: NSURL(string: "https://api.example.com/auth/login")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```

### Explicit seeded user



**Request**

```json
{
  "operatorId": "tesla",
  "token": "session-token",
  "sessionToken": "session-token",
  "gameId": "9001",
  "userId": "1001",
  "providerName": "DC",
  "platformId": "desktop",
  "currency": "INR",
  "clientIp": "127.0.0.1"
}
```

**Response**

```json
{
  "success": true,
  "status": 200,
  "userId": "1001",
  "username": "1001",
  "currency": "INR",
  "expiresAtUtc": "2026-07-14T12:00:00Z"
}
```

**SDK Code**

```python Explicit seeded user
import requests

url = "https://api.example.com/auth/login"

payload = {
    "operatorId": "tesla",
    "token": "session-token",
    "sessionToken": "session-token",
    "gameId": "9001",
    "userId": "1001",
    "providerName": "DC",
    "platformId": "desktop",
    "currency": "INR",
    "clientIp": "127.0.0.1"
}
headers = {
    "Signature": "<apiKey>",
    "Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.json())
```

```javascript Explicit seeded user
const url = 'https://api.example.com/auth/login';
const options = {
  method: 'POST',
  headers: {Signature: '<apiKey>', 'Content-Type': 'application/json'},
  body: '{"operatorId":"tesla","token":"session-token","sessionToken":"session-token","gameId":"9001","userId":"1001","providerName":"DC","platformId":"desktop","currency":"INR","clientIp":"127.0.0.1"}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go Explicit seeded user
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://api.example.com/auth/login"

	payload := strings.NewReader("{\n  \"operatorId\": \"tesla\",\n  \"token\": \"session-token\",\n  \"sessionToken\": \"session-token\",\n  \"gameId\": \"9001\",\n  \"userId\": \"1001\",\n  \"providerName\": \"DC\",\n  \"platformId\": \"desktop\",\n  \"currency\": \"INR\",\n  \"clientIp\": \"127.0.0.1\"\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("Signature", "<apiKey>")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby Explicit seeded user
require 'uri'
require 'net/http'

url = URI("https://api.example.com/auth/login")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Signature"] = '<apiKey>'
request["Content-Type"] = 'application/json'
request.body = "{\n  \"operatorId\": \"tesla\",\n  \"token\": \"session-token\",\n  \"sessionToken\": \"session-token\",\n  \"gameId\": \"9001\",\n  \"userId\": \"1001\",\n  \"providerName\": \"DC\",\n  \"platformId\": \"desktop\",\n  \"currency\": \"INR\",\n  \"clientIp\": \"127.0.0.1\"\n}"

response = http.request(request)
puts response.read_body
```

```java Explicit seeded user
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.post("https://api.example.com/auth/login")
  .header("Signature", "<apiKey>")
  .header("Content-Type", "application/json")
  .body("{\n  \"operatorId\": \"tesla\",\n  \"token\": \"session-token\",\n  \"sessionToken\": \"session-token\",\n  \"gameId\": \"9001\",\n  \"userId\": \"1001\",\n  \"providerName\": \"DC\",\n  \"platformId\": \"desktop\",\n  \"currency\": \"INR\",\n  \"clientIp\": \"127.0.0.1\"\n}")
  .asString();
```

```php Explicit seeded user
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('POST', 'https://api.example.com/auth/login', [
  'body' => '{
  "operatorId": "tesla",
  "token": "session-token",
  "sessionToken": "session-token",
  "gameId": "9001",
  "userId": "1001",
  "providerName": "DC",
  "platformId": "desktop",
  "currency": "INR",
  "clientIp": "127.0.0.1"
}',
  'headers' => [
    'Content-Type' => 'application/json',
    'Signature' => '<apiKey>',
  ],
]);

echo $response->getBody();
```

```csharp Explicit seeded user
using RestSharp;

var client = new RestClient("https://api.example.com/auth/login");
var request = new RestRequest(Method.POST);
request.AddHeader("Signature", "<apiKey>");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "{\n  \"operatorId\": \"tesla\",\n  \"token\": \"session-token\",\n  \"sessionToken\": \"session-token\",\n  \"gameId\": \"9001\",\n  \"userId\": \"1001\",\n  \"providerName\": \"DC\",\n  \"platformId\": \"desktop\",\n  \"currency\": \"INR\",\n  \"clientIp\": \"127.0.0.1\"\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
```

```swift Explicit seeded user
import Foundation

let headers = [
  "Signature": "<apiKey>",
  "Content-Type": "application/json"
]
let parameters = [
  "operatorId": "tesla",
  "token": "session-token",
  "sessionToken": "session-token",
  "gameId": "9001",
  "userId": "1001",
  "providerName": "DC",
  "platformId": "desktop",
  "currency": "INR",
  "clientIp": "127.0.0.1"
] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://api.example.com/auth/login")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```

### Empty payload falls back to seeded user 1001



**Request**

```json
{
  "operatorId": "string",
  "token": "string",
  "sessionToken": "string",
  "gameId": "string"
}
```

**Response**

```json
{
  "success": true,
  "status": 200,
  "userId": "1001",
  "username": "1001",
  "currency": "INR",
  "expiresAtUtc": "2026-07-14T12:00:00Z"
}
```

**SDK Code**

```python Empty payload falls back to seeded user 1001
import requests

url = "https://api.example.com/auth/login"

payload = {
    "operatorId": "string",
    "token": "string",
    "sessionToken": "string",
    "gameId": "string"
}
headers = {
    "Signature": "<apiKey>",
    "Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.json())
```

```javascript Empty payload falls back to seeded user 1001
const url = 'https://api.example.com/auth/login';
const options = {
  method: 'POST',
  headers: {Signature: '<apiKey>', 'Content-Type': 'application/json'},
  body: '{"operatorId":"string","token":"string","sessionToken":"string","gameId":"string"}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go Empty payload falls back to seeded user 1001
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://api.example.com/auth/login"

	payload := strings.NewReader("{\n  \"operatorId\": \"string\",\n  \"token\": \"string\",\n  \"sessionToken\": \"string\",\n  \"gameId\": \"string\"\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("Signature", "<apiKey>")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby Empty payload falls back to seeded user 1001
require 'uri'
require 'net/http'

url = URI("https://api.example.com/auth/login")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Signature"] = '<apiKey>'
request["Content-Type"] = 'application/json'
request.body = "{\n  \"operatorId\": \"string\",\n  \"token\": \"string\",\n  \"sessionToken\": \"string\",\n  \"gameId\": \"string\"\n}"

response = http.request(request)
puts response.read_body
```

```java Empty payload falls back to seeded user 1001
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.post("https://api.example.com/auth/login")
  .header("Signature", "<apiKey>")
  .header("Content-Type", "application/json")
  .body("{\n  \"operatorId\": \"string\",\n  \"token\": \"string\",\n  \"sessionToken\": \"string\",\n  \"gameId\": \"string\"\n}")
  .asString();
```

```php Empty payload falls back to seeded user 1001
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('POST', 'https://api.example.com/auth/login', [
  'body' => '{
  "operatorId": "string",
  "token": "string",
  "sessionToken": "string",
  "gameId": "string"
}',
  'headers' => [
    'Content-Type' => 'application/json',
    'Signature' => '<apiKey>',
  ],
]);

echo $response->getBody();
```

```csharp Empty payload falls back to seeded user 1001
using RestSharp;

var client = new RestClient("https://api.example.com/auth/login");
var request = new RestRequest(Method.POST);
request.AddHeader("Signature", "<apiKey>");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "{\n  \"operatorId\": \"string\",\n  \"token\": \"string\",\n  \"sessionToken\": \"string\",\n  \"gameId\": \"string\"\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
```

```swift Empty payload falls back to seeded user 1001
import Foundation

let headers = [
  "Signature": "<apiKey>",
  "Content-Type": "application/json"
]
let parameters = [
  "operatorId": "string",
  "token": "string",
  "sessionToken": "string",
  "gameId": "string"
] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://api.example.com/auth/login")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```