The Sessions API allows you to track player activity and engagement by managing session lifecycle. All session endpoints require authentication.

Base URL

All session endpoints are prefixed with /api/game/session/.

Authentication

All session endpoints require a valid JWT token in the Authorization header: 
Authorization: Bearer <your-jwt-token>

Start Session

Begin tracking a new player session. Endpoint: POST /api/game/session/start Headers: 
Authorization: Bearer <your-jwt-token>
Response: 
{
  "statusCode": 200,
  "data": {
    "sessionId": "session-uuid",
    "startTime": "2024-01-01T12:00:00Z",
    "playerId": "player-id"
  }
}

Heartbeat

Keep the session alive and update the last activity timestamp. Endpoint: POST /api/game/session/heartbeat Headers: 
Authorization: Bearer <your-jwt-token>
Response: 
{
  "statusCode": 200,
  "data": {
    "sessionId": "session-uuid",
    "lastActivity": "2024-01-01T12:30:00Z",
    "playerId": "player-id"
  }
}

End Session

Stop tracking the current session. Endpoint: POST /api/game/session/stop Headers: 
Authorization: Bearer <your-jwt-token>
Response: 
{
  "statusCode": 200,
  "data": {
    "sessionId": "session-uuid",
    "startTime": "2024-01-01T12:00:00Z",
    "endTime": "2024-01-01T13:00:00Z",
    "duration": 3600,
    "playerId": "player-id"
  }
}

Session Management Best Practices

  1. Start Session: Call when the player begins playing your game
  2. Heartbeat: Call periodically (every 5-10 minutes) to keep the session active
  3. End Session: Call when the player stops playing or closes the game

Error Responses

Unauthorized

{
  "statusCode": 401,
  "error": {
    "message": "Unauthorized"
  }
}

Session Already Active

{
  "statusCode": 400,
  "error": {
    "message": "Session already active"
  }
}

No Active Session

{
  "statusCode": 400,
  "error": {
    "message": "No active session found"
  }
}