Studio guide

Distribute beta keys, track redemptions, and (optionally) correlate them to in-game sessions via the SDK. This guide covers the full flow, from creating a batch to interpreting the dashboard. The per-tester FAQ lives at What testers see; the SDK contract at SDK correlation.

What Tester Keys does for you

1. Distribute keys paste your own (Steam / Epic / itch / GOG) OR have Playloop mint server-validated pl-betakey-… keys for closed betas.
2. Track redemptions every claim shows up in your dashboard with the tester's chosen handle, country (from edge geo), and timestamp.
3. Correlate to gameplay if your game integrates the SDK's linkTestercall, redeemed keys auto-tag the tester's sessions with their handle. You see WHICH tester played WHAT.
4. Anti-scam guarantee every redemption page carries a non-disable-able scam warning. If anyone tries to charge a tester for a key from your batch, you get notified.

Quickstart, your first batch

1. Create the batch

Two entry points, same form:

• /playtest (global, across every game) , click New batch.
• /games/[slug]/playtest (scoped to one game) , click Hand out a batch.

You'll choose:

Name

Just a label for your dashboard. e.g. "v0.5 closed beta", "GDC giveaway".

Distribution target

Where the recipient redeems. Drives the platform-specific instructions on the redemption page. Steam, Epic, itch, GOG, Keymailer, Woovit, Playloop-gated, or Custom.

Where do the keys come from?

"I have my own keys" (you paste them) or "Generate keys for me" (Playloop mints them; only useful if your game validates them via the SDK).

How are testers reaching the page?

One shareable link (giveaway) or individual email invites.

Identifying info

handle-only (just a tester nickname; email optional), handle+email (require email), or no-identity (totally anonymous).

Instructions

Markdown shown on the redemption page. Optional, defaults to platform-appropriate text.

2. Add keys

Uploaded keys: paste them one per line into the import box on the create-batch form, or call POST /api/playtest/batches/<id>/keys/import with { codes: ["AAA", "BBB", ...] }.

Generated keys: enter how many you want; we mint them with format pl-betakey-XXXXXXXX-XXXXXXXX-XXXXXXXX. Only useful if your game can validate them, call POST /api/v1/playtest/validate at game launch with { gameId, code } to check.

Duplicates are deduped on a sha256 fingerprint. If you re-upload a key that's already in another batch (even from months ago), it's flagged in the response and not double-imported.

3. Distribute

Public link: copy the “Share this link” URL from the batch detail page. Anyone with the link can redeem.

Individual invites: POST /api/playtest/batches/<id>/invites with { invites: [{ email, personalNote? }, ...] }. Each recipient gets their own one-shot link.

4. Watch redemptions roll in

The batch detail page shows:

• Donut chart: redeemed / available / revoked
• Recent redemptions table: handle, country, when
• Share link (public batches) + invites list (1:1 batches)

SDK correlation

Optional but powerful. Your game can call client.linkTester(token)to bind a redeemed key to the device. From that point on, every telemetry event tagged with that device's deviceId also gets the tester's handle attached server-side, you'll see them in dashboards as “RedFox42” instead of an opaque device id.

The integration is intentionally tiny, typically a single text input in your main menu + 5 lines of SDK code. Studios that don't want this layer skip the prompt; keys still work as plain Steam / Epic / itch keys.

Full contract: SDK correlation.

Anti-scam policy

Hardcoded. Non-configurable. Don't ask:

• Every redemption page has a top-of-page warning: "Playloop NEVER charges for keys."
• The post-claim success page repeats the warning above the key reveal.
• The confirmation email repeats it again above the key code, plus a "report" link in the footer.

The 3x repetition is intentional. A tester who skimmed the first warning sees it twice more in the next two minutes; the “report scam” link is one click away from each.

What happens when a tester reports a scam

The moment a tester clicks “Submit report” from /scam-report with your batch's redemption URL, three side channels fire in parallel:

1. Security inbox email a triage message to security@playloop.gg with the redemption URL, payment-demand text, reporter contact (if provided), IP, and country.
2. You get a bell-row notification in your topbar deep-linking back to /playtest filtered to the affected game.
3. You get an email with subject “Scam report against your <batch> playtest batch” a security signal that bypasses your tester invites notification preference. You can't mute it; that's the point. The email doesn't include any tester-supplied text (we don't want to forward potentially malicious content), it just tells you a report came in and links you to the batch.

We never auto-suspend studios.Almost every report is either a reseller acting without your knowledge or a misunderstanding. The system flags patterns, not individual studios; your good-faith track record is what protects you. If we need anything from you, we'll reply to the email directly.

Both emails AND the bell-row are non-fatal, if the email provider is down or the write hiccups, the report still lands in the audit log and we can recover from there.

Limits

Keys per import call

10,000

Keys per generate call

5,000

Invites per batch-invites call

500

Total batches per studio

none

Total keys per batch

none

What's NOT yet shipped

• Dashboard rollup card on /dashboard
• Per-game playtest analytics tab + funnel + per-tester table
• Campaign-style per-key drilldown
• Geo / country flag for likely-shared keys (country IS captured at redemption; the rollup lands later)
• Branded redemption page
• CSV bulk import
• Exports (CSV / JSON)
• MCP tools