API authorization

A client credentials flow is used for oAuth 2.0 authorization. All authorized requests require passing a Bearer code. To retrieve your bearer code you have to send a request with grant type client_credentials.

Acquiring an access token:

curl https://id.kinguin.net/auth/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=client_credentials' \
  -d 'client_id=${CLIENT_ID}' \
  -d 'client_secret=${CLIENT_SECRET}'

response:

{
  "access_token":"MWE5NjJiNjkzNzU2NTU5ZjVhNjUzOTk3MmExOGUxMThiYWQ3YjA0NzY1MzBkNDRkMTczOWYzOWY3MzEyYjI0Nw",
  "expires_in":3600, # seconds
  "token_type":"bearer",
  "scope":null,
}

API requests limitations

The system enforces a 2000 requests per minute (RPM) limit for API calls. This means that a maximum of 2000 HTTP requests can be processed within a 60-second period, specifically for the following HTTP methods: POST, PUT, DELETE, and PATCH.

Configuration Details:

• Period: 60 seconds
• Requests per Period: 2000
• Allowed HTTP Methods: POST, PUT, DELETE, PATCH
• Host: "gateway.kinguin.net"

If the limit is exceeded, any further requests may be rejected or delayed. In such cases, an HTTP 429 - Too Many Requests error will be returned.

To ensure continuous operation of the system, applications using the API must avoid exceeding this rate limit.

Create merchant account

1. Once your Kinguin account is created go to “Sell on kinguin” It is placed in the footer on the bottom of the page in the middle section below “Partnership” This will upgrade your customer account to merchant account

2. Click on “Start selling”

3. Click again on “Start Selling” / Proceed with “Start Selling”

4. Fill in the form and progress till finished

Once your merchant account is verified and approved, you can move to merchant account by clicking on organge switch in the right upper corner next to "Account" tab

Create sandbox merchant account

To obtain sandbox merchant’s account where you can test the platform functionalities please create a customer account on sandbox (link). After that, please reach out to us and send the email address with the following message to: [email protected]:

New client creation

1. Go to the Kinguin website (here for sandbox) and select the Developer section

2. Create a new client

   a. Click the CONNECT button b. Enter a name for your client (don't worry, you'll be able to edit it later)

   

   c. If you don't have 2FA enabled, you will be redirected to the appropriate page. 2FA is required

   

   d. Add 2FA e.g. through Google Authenticator. To do this, you need to download the application and toggle the switch on the right side

   Google Authenticator - Apps on Google Play

   Google Authenticator

   Scan the QR code from the Google Authenticator app. Successfully scanning the code will add the application to the list along with 6-digit codes. Example:

   

e. Enter the 6-digit verification code

f. Save your recovery codes

g. You should see the selected switch button for the Google Authenticator option

h. Again, go to the Developer section, click the "CONNECT" button, then enter the client name

i. Click the "NEXT" button and enter the validation code from the Google Authenticator app. The lifespan is 1 hour, so for the next hour, you won't be prompted again to provide the verification code in the process of adding a new client

j. After entering the correct validation code, you should see a summary page. Remember to copy the secret. It's crucial because it won't be displayed again, and the only available option will be to reset it, changing it to a new one in your applications. Use the "Copy" button

k. If you have saved the secret in a secure place, click the "DONE" button to go to the clients list

Edit client

1. Click on the icon with three vertical dots located on the right side of the clients list. Then choose the "Edit Client" option

2. You can now change the client's name. This change does not affect the operation of your application

3. Save by clicking the "SAVE" button, then click the "BACK" button to return to the list of clients

Reset the Secret Key

If you have forgotten the Secret Key, you need to go through the reset process. This change will generate a new Secret Key that you must replace in your application's code.

1. Click on the icon with three vertical dots located on the right side of the client's list. Then choose the "Reset" option

2. Confirm that you are aware of the consequences associated with resetting the Secret Key by clicking the "YES" button

3. Click the "YES" button and enter the validation code from the Google Authenticator app. The lifespan is 1 hour, so for the next hour, you won't be prompted again to provide the verification code in the process of resetting the secret key

4. After entering the correct validation code, you should see a summary page. Copy the key - it's crucial because it won't be displayed again, and the only available option will be to reset it again, changing it to a new one in your applications.

5. Click the "DONE" button to go to the client's list

Client delete

If you no longer need your client, you can permanently delete it.

1. Click on the icon with three vertical dots located on the right side of the client's list. Then choose the "Delete" option

2. Confirm that you are aware of the consequences associated with deleting the Secret Key by clicking the "YES" button

3. Click the "YES" button and enter the validation code from the Google Authenticator app. The lifespan is 1 hour, so for the next hour, you won't be prompted again to provide the verification code in the process of deleting the secret key

4. After entering the correct validation code, you will be redirected to the client's list