Skip to main content
The Operator API authenticates every request using a static API key passed in the Authorization header.

Format

Authorization: ApiKey ps_<your_api_key>
The PlayStarters team provides the key during onboarding. Keep it secret.

Example

curl https://api.playstarters.io/operator/providers \
  -H "Authorization: ApiKey ps_YOUR_API_KEY"

Authentication errors

HTTP StatusCause
401 UnauthorizedThe Authorization header is missing, malformed, or the key is invalid.
403 ForbiddenThe key is valid but not authorized for the requested resource.
Never commit API keys to source control or expose them in client-side code. Load them from environment variables or a secrets manager (AWS Secrets Manager, HashiCorp Vault, etc.).
Authentication for the Seamless Wallet API (calls from PlayStarters to your backend) uses a different scheme — a Bearer token shared during setup. See the Wallet Overview.
What should your wallet return if the Bearer token is invalid?
Return HTTP 401 Unauthorized. Playstarters will treat this as a fatal error and will not retry.
If the API key is missing, invalid, or belongs to an inactive site, the API returns HTTP 401 Unauthorized.
Naming conventions:
  • Operator API (your calls → Playstarters):
    uses camelCase (gameId, playerId, etc.)
  • Seamless Wallet API (Playstarters calls → you):
    also uses camelCase (playerId, requestId, parentTransactionId, etc.)
Naming conventions:
  • Operator API (your calls → Playstarters):
    uses camelCase (gameId, playerId, etc.)
  • Seamless Wallet API (Playstarters calls → you): also uses camelCase (playerId, requestId, parentTransactionId, etc.)