Server Provider Authentication Guide
This guide explains how server hosting providers can authenticate Hytale dedicated servers using accounts with the sessions.unlimited_servers entitlement.
Prerequisites
Game Server Providers need to reach out to Hytale Support in order to register as a Game Server Provider. Please select "Game Server Provider" as the ticket topic.
You must provide:
| Requirement | What to Send | Validation Criteria |
|---|---|---|
| Hytale Account | Email address or UUID | Account must own a Standard license or higher |
| Domain Match | Your company store URL | Account email domain must match the store domain |
| Company Registration | Link to government registry or official registration document | Company name must match legal entity on website |
| Website Proof | Direct URL to your website | Company name must match registration exactly |
| Contact Emails | Abuse, Technical, and Administrative contact emails | All contacts must use company domain with 24h SLA |
TL;DR
For GSPs and server network operators wanting automatic 0-click server authentication for 100+ servers:
- Get entitled - Contact Hytale Support with your company details
- Obtain tokens once - Use the Device Code Flow to authenticate
- Create sessions - Call /my-account/get-profiles then /game-session/new
- Pass tokens to servers - Start each server with session and identity tokens
- Refresh before expiry - Game sessions expire in 1 hour
OAuth Endpoints
All endpoints follow standard OAuth 2.0 specifications (RFC 6749, RFC 8628).
| Endpoint | URL |
|---|---|
| Authorization | https://oauth.accounts.hytale.com/oauth2/auth |
| Token | https://oauth.accounts.hytale.com/oauth2/token |
| Device Authorization | https://oauth.accounts.hytale.com/oauth2/device/auth |
Authentication Methods
Method A: Server Console Commands
For servers with console access:
> /auth login device
Visit: https://accounts.hytale.com/device
Enter code: ABCD-1234
Waiting for authorization...
> Authentication successful! Mode: OAUTH_DEVICEMethod B: Device Code Flow (RFC 8628)
For automated or headless setups:
Step 1: Request Device Code
curl -X POST "https://oauth.accounts.hytale.com/oauth2/device/auth" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=hytale-server" \
-d "scope=openid offline auth:server"Step 2: Poll for Token
curl -X POST "https://oauth.accounts.hytale.com/oauth2/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=hytale-server" \
-d "grant_type=urn:ietf:params:oauth:grant-type:device_code" \
-d "device_code=GmRhmhcxhwAzkoEqiMEg_DnyEysNkuNhszIySk9eS"Method C: Token Passthrough
Pass tokens via environment variables or CLI options:
export HYTALE_SERVER_SESSION_TOKEN="eyJhbGciOiJFZERTQSIs..."
export HYTALE_SERVER_IDENTITY_TOKEN="eyJhbGciOiJFZERTQSIs..."
./hytale-serverToken Lifecycle
| Token Type | TTL | Notes |
|---|---|---|
| OAuth Access Token | 1 hour | Used to create game sessions |
| OAuth Refresh Token | 30 days | Used to obtain new access tokens |
| Game Session | 1 hour | Auto-refreshed 5 minutes before expiry |
Need Hosting?
XGamingServer provides Hytale server hosting with automatic authentication, DDoS protection, and 24/7 support. Perfect for GSPs and players alike.
Get Hytale Hosting