LogoLogo
  • Welcome!
  • MOBILE SDK
    • iOS
      • SnapOdds Operator
        • Installation
        • Initialization
        • Snapping Games
        • Customization
        • API documentation
      • SnapOdds Sport Media
        • Installation
        • Initialization
        • Snapping Games and Presenting Odds
        • Customization
        • API documentation
    • Android
      • SnapOdds Operator
        • Installation
        • Initialization
        • Permissions
        • Snapping Games
        • Customization
        • API documentation
      • SnapOdds Sport Media
        • Installation
        • Initialization
        • Permissions
        • Snapping Games and Presenting Odds
        • Customization
        • API documentation
    • React Native
      • iOS Installation
      • Android Installation
      • SnapOdds Operator
        • Initialization
        • Snapping Games
        • Customization
      • SnapOdds Sport Media
        • Initialization
        • Snapping Games and Presenting Odds
        • Customization
  • Web SDK
    • JavaScript
      • SnapOdds Operator
        • Installation
        • Access Token Handling
        • Snapping Games
        • Customization
        • API documentation
      • SnapOdds Sport Media
        • Installation
        • Access Token Handling
        • Snapping Games and Presenting Odds
        • Customization
        • API documentation
      • Implementation Errors
  • Integration Guide
    • SnapOdds as Button
    • SnapOdds as Banner
Powered by GitBook
On this page
  • Grants an access token to an anonymous user.
  • Fetch AccessToken Example

Was this helpful?

Export as PDF
  1. Web SDK
  2. JavaScript
  3. SnapOdds Sport Media

Access Token Handling

Covers the handling of tokens for authentication purposes.

The SnapOdds SDK requires a valid access token to be provided in order to communicate with the Snapscreen API, which uses the OAuth 2.0 authentication mechanism.

Our customers are provided with a Client ID and Secret which must be used to retrieve the access token from the API endpoint described below:

Grants an access token to an anonymous user.

POST https://api.us.snapscreen.com/oauth/token

Request Body

Name
Type
Description

client_id*

String

The client identifier specific to the customer.

client_secret*

String

The client secret.

grant_type*

String

The requested access grant type, should be set to "anonymous".

device_fingerprint

String

Unique device fingerprint.

{
  access_token: string,
  token_type: string,
  refresh_token: string,
  expires_in: number (long),
  scope: string
}
{
  error: string,
  error_description: string
}
{
  error: string,
  error_description: string
}
{
  error: string,
  error_description: string
}
{
  error: string,
  error_description: string
}

Below is an example of the HTTP request using curl to receive an access token:

curl -d "client_id=YourClientId&client_secret=YourClientSecret&grant_type=anonymous"  https://api.us.snapscreen.com/oauth/token

Having the access token retrieval system implemented on the client side is unsafe and strongly discouraged, as credentials are available in plain text and could easily be stolen. Therefore SnapOdds recommends implementation of this logic on the server side.

For the implementation to function, a REST API endpoint must be provided from which the client can request the access token. On the server side, the access token will be fetched from the Snapscreen API, stored in the current HTTP session, and then returned to the browser.

Fetch AccessToken Example

Enclosed below is a snippet of a basic implementation of the access token provider. 

function fetchAccessTokenFromApi() {
  return fetch('/token', { mode: 'cors', cache: 'no-cache' })
    .then((response) => response.json());
}

PreviousInstallationNextSnapping Games and Presenting Odds

Last updated 2 years ago

Was this helpful?

To further improve security, we also recommend using the technique to protect this resource. If you have other security protection mechanisms available in your Web Application, then we highly recommend using them as well.

Let us assume a REST API endpoint has been created using the path '/token'. The next required step is to direct this endpoint to the SnapOdds SDK in the form of an access token provider, which is function that when executed will return a of the whole access token returned from the Snapscreen API.

Note: The access token provider must return a standard (not any equivalent like or other custom promise libraries like ). The SDK is built as angular element and relies on for change detection, so only browser native async methods are recognized.

CSRF token
Promise
Promise
AngularJS $q
Kris Kowal's Q
zone.js