UniREST Solution 3.5

⌘K
  2. Home
  4. Docs
  6. UniREST Solution 3.5
  8. Getting Started
  10. How Communication Works
  12. Tokens

Tokens

What a Token is

A Token is a simple string of random characters. Tokens are typically used in the REST systems to authorize the calling of APIs: once a user has logged in with their credentials, the login API replies with a Token, a unique string directly linked to the user account. From that moment, the call of all the other APIs requires that Token in order to work. Without the Token, an API doesn’t reply.

The use of a Token is not mandatory. In fact, an API could use the user ID. So, why involve the use of a random string instead of the user ID? Because the user ID is “sensitive data”, a piece of information that is stored in a database, that may connect different tables, and that can potentially open a way to steal other data. The Token, instead, is a random string, that in a well-done REST system changes constantly (for example, for every user login). So it exists just for a limited time and has no connection to other parts of the database.

Why are the Tokens important?

Tokens are a method of determining if a communication is valid or if it is a cheating attempt. If an intruder intercepts a communication, understands its meaning and tries to reuse it, without a security system he would be able to alter the game’s resources.

By using tokens, communications only become valid for a short time and, if reused, they are rejected. For example, if you change the Writing Token every time a writing operation is performed, the writing requests became practically unique: they can be made only once! Reusing a “write” request would not work, because the request becomes invalid immediately after being used.

UniREST Tokens

When a new user is added to the users database table, the UniREST Server application creates a record containing the user credentials, some generic info, and initializes 3 different Tokens:

  • the Read Token, related to reading operations;
  • the Write Token, related to writing operations;
  • the Login Token, related to a user’s login session.

Every time a user logs in, the 3 Tokens are generated. This means, that these Tokens change every time the user performs a login operation into your Unity project.

However, the Tokens have no effect on the UniREST System. Without any specific intervention by the developer, they are just 3 random strings that change for every user’s login.

How to use the Tokens

The UniREST System already has a high level of security offered by the built-in encrypted communication. However, you can remarkably increase the security by managing the UniREST Tokens system.

All the methods for Tokens management are inside the UniRESTClient.Async.TokenManager class (see the Token Management chapter).