UmeAuthService

An Among Us Friend Code verification relay API. Receives an EOS Token (JWT), proxies it to the Innersloth API, and returns a paired PUID + FriendCode in a single JSON response.

Unlike Niko's au-verify, UmeAuthService is a pure HTTP proxy — players do not need to join a verification server. The game server calls this API during the player login phase.

Getting an API Key

All requests must include a valid ApiKey. Unauthorized requests receive NotAuthorized.

Empostor Built-in Key

If you run the Empostor private server, an Empostor-specific ApiKey is already included in the project (AuthApiConfig.UmeApiKey). Just configure it in config.json — no separate application needed.

Standalone API Key

For other projects needing a dedicated ApiKey, contact HayashiUme:

QQ: 2558527272
Discord: @hayashiume

Verification Flow

Player logs into their Among Us account (EOS authentication)
The game server receives the player's EOS Token (JWT)
The game server calls POST /api/verify with ApiKey and EosToken
UmeAuthService extracts the PUID from the JWT, forwards the token to Innersloth for the FriendCode
Returns { VerifyStatus, ProductUserId, FriendCode }

Each request is atomic — the PUID is extracted from the JWT you provide, and the FriendCode comes from the Innersloth response for that same JWT. Both are paired within a single request context. No cross-request contamination, even under heavy concurrency.

API Endpoint

POST https://auverify.hayashiume.top/api/verify

All requests and responses are JSON.

// Request
{
  "ApiKey": "sk-empostor-globalapikey",
  "EosToken": "eyJhbGciOiJSUzI1NiIs..."
}

// Success (200)
{
  "VerifyStatus": "Verified",
  "ProductUserId": "0002a1b2c3d4e5f6...",
  "FriendCode": "PlayerName#1234"
}

Error Responses

// Invalid ApiKey (401)
{
  "VerifyStatus": "NotAuthorized",
  "Message": "Unknown Api Token"
}

// Missing EosToken (400)
{
  "VerifyStatus": "InternalServerError",
  "Message": "EosToken is required"
}

// Innersloth request failed (502)
{
  "VerifyStatus": "InternalServerError",
  "Message": "Failed to fetch FriendCode from Innersloth"
}

// Internal server error (500)
{
  "VerifyStatus": "InternalServerError",
  "Message": "Detailed error message"
}

Status Flags

public enum VerifyStatus
{
    Verified,
    NotAuthorized,
    InternalServerError
}

Security

JWT cannot be forged: The EOS Token is signed by Epic Online Services. The game client obtains it via EOS SDK CopyIdToken(). Without Epic's signing key, no valid JWT can be constructed.
Atomic PUID + FriendCode pairing: Each HTTP request is isolated. PUID and FriendCode are matched within a single call stack — never by IP.
PUID cross-validation: The game server compares the PUID returned by this API against the PUID extracted from the client's JWT. A mismatch rejects the FriendCode assignment.
ApiKey authentication: Only callers with a valid ApiKey can access this API.

Comparison with Niko au-verify

Feature	UmeAuthService	Niko au-verify
Returns PUID + FriendCode	✅	✅
Requires player to join an AS server	No	Yes
TokenPlatform (guest detection)	No	Yes
UdpPlatform / UdpIp	No	Yes
PlayerName	No	Yes
HashedPuid	No	Yes
Callback notifications	No	Yes
Two-phase verification (HTTP+UDP)	No	Yes
VerifyCode room-code mechanism	No	Yes

UmeAuthService is designed for lightweight, fast, zero-player-action verification. For full guest detection and two-phase verification, use Niko au-verify.

Managing ApiKeys

Edit appsettings.json to manage valid keys:

{
  "Auth": {
    "ApiKeys": [
      "sk-empostor-globalapikey",
      "another-key-here"
    ]
  }
}

Deployment

# Docker
docker build -t umeauthservice .
docker run -d -p 5100:5100 umeauthservice

# Standalone
./UmeAuthService --urls "http://0.0.0.0:5100"

Supported Game Servers

Empostor (AuthApiMode: "Ume"): Native support. Configure UmeApiBaseUrl and UmeApiKey in config.json.
Other servers: Call POST /api/verify with the EosToken.

UmeAuthService v1.0 · 2025