Custom Accounts
If your publisher already operates a player account system, FirstLook can connect to it so players sign up and log in to your playtests with their existing publisher account. FirstLook trusts the publisher account as the source of truth for player identity, and, where the publisher account supports it, automatically picks up the player’s already-linked platform accounts so they do not need to re-connect them during signup.
Custom Account integrations are bespoke and set up in partnership with FirstLook. They are typically a fit for publishers running multiple games under a global account service. To discuss one for your publisher, get in touch with the FirstLook team.
OAuth Standard
Section titled “OAuth Standard”FirstLook integrates with a publisher account using the OAuth 2.0 Authorization Code flow, ideally layered with OpenID Connect. The publisher account provider should expose:
- Authorization Code grant, with PKCE using
S256strongly preferred. If PKCE is not supported, FirstLook can fall back to HTTP Basic authentication at the token endpoint using the client credentials. - Standard OIDC endpoints:
authorize,token, anduserinfo. - Scopes: at minimum
openid. Additional scopes are requested as needed to access email, nickname, age, and linked-account data. - Redirect URI: FirstLook owns the redirect URI that the publisher account provider must accept. The exact URI is shown on your FirstLook admin settings page once onboarded.
- Stable subject: a stable
subidentifier in the token or userinfo response, which FirstLook stores on the player record as the publisher-account ID and uses to recognise returning players.
What FirstLook reads from userinfo
Section titled “What FirstLook reads from userinfo”| Field | Purpose |
|---|---|
sub | Required. Stored as the publisher-account ID on the FirstLook player and used to match returning players. |
| Username / nickname | Displayed on the player record. |
| Email (optionally verified) | Pre-fills the email step of signup. Can be returned here or via a companion admin API. |
| Age | Optional. Used for age-eligibility gating on flows that require it. |
| Linked platform accounts | Optional but powerful — see below. |
Sync Existing Linked Platform Accounts
Section titled “Sync Existing Linked Platform Accounts”If the publisher account already knows that a player has linked their Steam, Xbox, PlayStation, Epic, Discord, Google, or Apple accounts, FirstLook can pick those up automatically during signup. The player does not have to re-link each platform in the playtest flow — they simply sign in with their publisher account and the linked platform identities flow into FirstLook.
For each linked platform, FirstLook expects a stable provider ID and a display name. Typical identifiers:
| Platform | Identifier |
|---|---|
| Steam | steam_id |
| Xbox | xbox_live_id |
| PlayStation | psn_id |
| Epic | epic_id |
| Discord | discord_id |
google_id | |
| Apple | apple_id |
The publisher account provider can expose these in one of two ways:
- Inline in the userinfo response — simplest. FirstLook reads the linked-account map directly from the userinfo payload returned after the player authenticates.
- Via a companion admin API — when linked-account data is too sensitive or too large to include in userinfo, FirstLook can obtain a separate access token via the Client Credentials grant and call a server-to-server endpoint (for example,
GET /users/:sub) to retrieve it.
Once picked up, these linked accounts are enriched by FirstLook’s own platform integrations — for example, linked Steam accounts gain country, playtime, and wishlist data via your Steam integration.
Using the FirstLook API
Section titled “Using the FirstLook API”Once publisher-account players exist in FirstLook, your own backend can pull data back out using the same identifier you already issue. FirstLook API Tokens expose /players/search and /players/find endpoints that accept the publisher-account ID as a lookup key, letting you:
- Reconcile FirstLook players with records in your own systems
- Export analytics, ownership, wishlist, and playtime data against your native IDs
- Enrich dashboards, CRM, or community tooling without a second mapping layer
The full API reference is available at api.firstlook.gg/external/swagger-ui. If there is functionality you need that isn’t exposed, reach out and we’ll discuss adding it.
SSO Mode
Section titled “SSO Mode”FirstLook supports a “locked” mode where signup is restricted to the publisher account. Linking players to your playtest with an idp_hint query parameter routes them straight into the publisher account OAuth flow and, when the publisher-supplied data already satisfies the flow’s requirements, skips the standard multi-method signup form entirely:
https://your-playtest.firstlook.gg/signup/your-flow?idp_hint=your-providerCombine SSO Mode with disabling the other signup methods on the flow so the publisher account is the only path in. This is useful when a playtest must be gated to authenticated members of your ecosystem — for example, members of a rewards programme or holders of an active publisher account.
Getting Set Up
Section titled “Getting Set Up”A Custom Account integration is scoped together with the FirstLook team. To prepare, have the following ready:
- The OAuth endpoint URLs for your publisher account provider (
authorize,token,userinfo, plus any admin API). - Client credentials (
client_idandclient_secret) issued for FirstLook. - The scopes required to retrieve email, nickname, age, and linked-account data.
- Registration of FirstLook’s redirect URI on your side (provided by FirstLook).
- A decision on how linked-account data is surfaced — inline in userinfo, or via a server-to-server admin API.
- A decision on whether to run the integration in SSO Mode (publisher account only) or as one option alongside FirstLook’s other signup methods.