Terminology

The process of proving the identity of an entity accessing PUG and obtaining a matching authentication token. The process varies depending on the entity type (users, players, etc.).

Authentication Token

A piece of information attached to every authenticated API request to identify the session. Typically sent in the HTTP Authorization header as a Bearer token. Authentication tokens have limited validity and typically expire 60 minutes after being provisioned.

External ID

A unique identifier provisioned by a team to identify a player. While this will typically be an email address, phone number, or device identifier, PUG treats this as an opaque blob. External IDs must be unique at the team level.

Federated ID

A globally-unique secret identifier provisioned by PUG for a player. These identifiers must be kept secret, as they enable authenticating on behalf of a player (if leaked, they could compromise player accounts).

Player

An entity used to consume an experience developed on top of PUG. Players are uniquely identified by the combination of an external ID and a team, and are provisioned a globally-unique federated ID that can be used with a public API key to authenticate to PUG.

Session

A single connection to PUG that manages a single conversation history.

Team

A group of one or more users that share access to the same resources in PUG using the same permissions.

User / Service Account

An entity that can access PUG for development purposes. Users are either:

Human users - Associated with an email address; can access PUG via SSO or API key (typically developers)

Service accounts - Read-only users with access to PUG; associated with a public API key used to authenticate players

Terminology API Key Authentication (“Login”)Authentication Token External ID Federated ID Player Session Team User / Service Account