API Reference

This section contains the API reference for Validate Session Token API and the sample code segments to validate the token.

Validate Session Token API

This API is used to validate the session token.

The following are the details associated with the Validate Token API:



API Request Path


Request Method


Request params (required)

token: <unique_token_with_5_min_expiry> // Passed to the game on-demand
 package_name: <Your_app_package_name> // Replace with your game package name
 secret_api_key: <Your_secret_api_key> // Required for API Authentication 

Note: You can get the secret_api_key (Shield API Key) by following the steps mentioned here.

Expected Response

     is_verified: <True/False>,
     error_code : <error_code>   // Error code if is_verified is False

Important Information

  • This API must be called from the game backend server.
  • The time-out period of the token is 5 minutes.
    • If the BlueStacks backend receives the token for verification after 5 minutes of generation, it will return the ‘token expired’ error code.
  • Each token is only for one-time use and can be verified only once.
    • If the BlueStacks backend receives an already verified token, a ‘Token already verified’ error code will be returned.

Error Codes

The following are the possible error codes you may receive as a response to the API call.

Error Codes Definition
1001 Secret API key is not correct
1002 Token already verified
1003 Token expired
1004 The token does not have enough segments
1005 Any general error in our backend
-100 HTTP connection error
-101 HTTPS response read error
-102 JSON parsing error
-103 Internal BlueStacks error
0 Success

Sample Code Segments

For your reference, we have provided sample code segments to validate the token:

curl --location --request POST "https://cloud.bluestacks.com/app_player/validate_session_token" \
 --form "token=<your_token_here>" \
 --form "secret_api_key=<your_secret_api_key_here>" \
 --form "app_package=<your_app_package_name_here>"
OkHttpClient client = new OkHttpClient().newBuilder()
 MediaType mediaType = MediaType.parse("text/plain");
 RequestBody body = new MultipartBody.Builder().setType(MultipartBody.FORM)
 Request request = new Request.Builder()
   .method("POST", body)
 Response response = client.newCall(request).execute();
import requests

 url = "https://cloud.bluestacks.com/app_player/validate_session_token"

 payload={'token': '<your_token_here>',
 'secret_api_key': '<your_secret_api_key_here>',
 'app_package': '<your_app_package_name_here>'}

 response = requests.request("POST", url, data=payload)

var axios = require('axios');
 var FormData = require('form-data');
 var data = new FormData();
 data.append('token', '<your_token_here>');
 data.append('secret_api_key', '<your_secret_api_key_here>');
 data.append('app_package', '<your_app_package_name_here>');

 var config = {
   method: 'post',
   url: 'https://cloud.bluestacks.com/app_player/validate_session_token',
   data : data

 .then(function (response) {
 .catch(function (error) {
 require_once 'HTTP/Request2.php';
 $request = new HTTP_Request2();
   'follow_redirects' => TRUE
   'token' => '<your_token_here>',
   'secret_api_key' => '<your_secret_api_key_here>',
  'app_package' => '<your_app_package_name_here>'
 try {
   $response = $request->send();
   if ($response->getStatus() == 200) {
     echo $response->getBody();
   else {
     echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
 catch(HTTP_Request2_Exception $e) {
   echo 'Error: ' . $e->getMessage();

Need Help?

Contact us at dev-support@now.gg, and we will be happy to assist you.


Table of Contents

API Reference

Table of Contents

Document Rev. 1.0

Text copied to clipboard
Link copied to clipbord
Questions? Please reach out to us at dev-support@now.gg