Skip to content

๐Ÿ“ข BCG Authentication

๐Ÿ“ Overview

The Broadcast Gateway (BCG) service now requires authentication using app keys. All client applications must include their whitelisted app key in every request to ensure only authorized services can send broadcast messages.

๐Ÿ” Authentication Requirements

Required Header

All requests must include:

X-Application: <your-app-key>

Example (Correct)

curl --location 'https://bcg-service-nxtpp.platformservices-dev.aws.private/BroadcastGateway/v2/send' --header 'Content-Type: application/json' --header 'X-Application: your-whitelisted-app-key' --data '{
  "accountId": 715224053,
  "programme": "NA",
  "initiative": "NA",
  "messages": [
    {
      "messageId": "931efbfb-171b-4e42-92df-f08a758656b6-abc",
      "expiryDate": "2025-12-12T22:22:19.266Z",
      "payload": {
        "urn": "sbg:messaging:priceBoost",
        "params": {
          "promoName": "Booster Token"
        }
      },
      "preferredAppKey": "9Fs5bFQ2XfGSPgep",
      "preferences": [
        {
          "channels": [
            {
              "channel": "ON_SITE",
              "displayType": "FULL_SCREEN"
            }
          ]
        }
      ],
      "priority": 1
    }
  ],
  "context": {
    "decisionModelVariantName": "sbc",
    "decisionModelName": "sbcDecisionModel"
  }
}'

๐Ÿงพ Response Codes

Scenario Status Code Description

โœ… Valid app key 200 OK Request processed successfully

โŒ Missing X-Application 401 No app key provided header Unauthorized

โŒ Invalid / not-whitelisted 403 App key not authorized app key Forbidden

๐Ÿ”‘ How to Get Your App Key

For Service Teams

  1. Generate a unique app key for your service.
  2. Submit the app key to the Callisto team (Email us at SST.Callisto@paddypowerbetfair.com)
  3. Wait for confirmation that the key has been whitelisted.
  4. Start adding the key to your X-Application header.

๐Ÿ“˜ Request Examples

โœ… Successful Request (200)

curl -X POST 'https://bcg-service-nxtpp.platformservices-dev.aws.private/BroadcastGateway/v2/send' -H 'X-Application: prod_service_a_abc123' -H 'Content-Type: application/json' -d '{"messages": [...]}'

โŒ Missing Header (401)

# Missing X-Application header โ†’ 401 Unauthorized
curl -X POST 'https://bcg-service-nxtpp.platformservices-dev.aws.private/BroadcastGateway/v2/send' -H 'Content-Type: application/json' -d '{"messages": [...]}'

โŒ Invalid Key (403)

# Invalid app key โ†’ 403 Forbidden
curl -X POST 'https://bcg-service-nxtpp.platformservices-dev.aws.private/BroadcastGateway/v2/send' -H 'X-Application: invalid_key_123' -H 'Content-Type: application/json' -d '{"messages": [...]}'

๐Ÿ› ๏ธ Troubleshooting

Common Issues

  • 401 Unauthorized: Ensure the X-Application header is present.

  • 403 Forbidden: Verify your app key has been whitelisted by the Callisto team.

  • 400 Bad Request: Check that the request body is properly structured and valid.

๐Ÿ’ฌ Support

To whitelist the appKeys, please raise a request on email to Callisto Squad at SST.Callisto@paddypowerbetfair.com

App key registration ask_personalisation

Technical / integration issues ask_personalisation