Welcome back everybody to a new Splinterlands Statistics blog!

Today marks one of the biggest architectural changes I’ve made to the application so far. Honestly, this update was both exciting and terrifying to work on because nearly every important flow inside the app has been touched in some way.

After a long discussion with the Splinterlands team over the past week, going back and forth on the best direction forward, I decided it was time to move away from the old long lived session tokens.

Even though the legacy token system worked for roughly 75% of users, I didn’t feel comfortable continuing to build on something that the team themselves consider a legacy implementation. Their recommendation was clear: those tokens should really only exist inside their own ecosystem and applications.

So with this update, the app officially moves over to JWT authentication.

This change is much bigger than simply replacing one token with another. It also pushed me to completely rethink how the worker system syncs accounts in the background.

The old worker was built around fixed 30 minute sleep cycles. It worked, but it wasn’t very elegant or efficient. With the new architecture, the application now uses a queue based syncing approach that processes accounts dynamically.

What Should You Do?

Now it'll pick up where it left off for season balance data.

For you, not much changes! Just head to the app (https://spl-stats.com/users), log in, and re-auth all, everything continues from where you left off. The token is mainly needed for your session history, balance data, and battle history. Public data, like your portfolio, is still fetched without any token. So the key?

Just stay logged in and the app does the rest.

Note the exiration date can be seen in the user screen as well

Don’t Forget: Token Expiry

There is one caveat. If you’re tracking battle history, that’s dependent on the token. If the token expires and you don’t renew it promptly, you could lose some battle data.

The app will warn you—about two days before expiry—so you can re-authenticate ahead of time.

Just keep that in mind: if you let it slide too long, there’s a risk of gaps in your battle history. Stay on top of it, and you’ll be golden!

For who is into it lets dive into the change a bit more deeper....

JWT Migration

The biggest backend change is the move from persistent SPL tokens to short lived JWT tokens.

Whenever a monitored account authenticates through Keychain, the application now stores:

• jwt_token
• jwt_expiration_dt

The JWT is encrypted and stored securely using the existing encryption setup. All authenticated requests now use:

Authorization: Bearer <jwtToken>

One huge advantage here is that token validation is now basically free.

Previously the app had to verify tokens through additional API calls. Now the application can simply compare the expiration timestamp locally without contacting the API at all.

That reduces unnecessary requests and makes the whole process significantly cleaner.

Queue Based Worker Sync

This part required a massive refactor internally.

The worker no longer sleeps for 30 minutes between runs. Instead, it now checks every 60 seconds for accounts that are due for syncing.

Each account tracks its own lastWorkerSyncAt value. If the account has not been processed in the last 30 minutes and the JWT is still valid, it gets picked up automatically by the queue.

After syncing, the worker updates the timestamp and moves on.

This gives a few major benefits:

• More reliable syncing
• Faster recovery after re authentication
• Cleaner worker management
• Less wasted processing
• Better scalability for larger account counts

When a user re authenticates, the worker timestamp immediately resets which means the account gets picked up again almost instantly instead of waiting for the next global cycle.

Authenticated vs Public API Separation

Another major cleanup was splitting authenticated and public Splinterlands API calls into separate modules.

Previously everything lived together which made the architecture harder to maintain over time.

Now:

• spl-authenticated-api.ts contains JWT protected endpoints
• spl-api.ts only contains public endpoints

This separation makes the project structure much easier to reason about and avoids accidentally mixing authenticated requests with public ones.

It also prepares the codebase much better for future scaling and maintenance.

Re Authenticate All

One feature I really wanted to improve was handling expired accounts.
The app now supports bulk re authentication.
On the Users page, users can now re authenticate all invalid accounts with a single button press.

The multi account dashboard also includes a persistent re authenticate option that automatically checks token status and refreshes expired accounts through Keychain.
This should make account maintenance far less annoying for people running many accounts simultaneously.

Database Changes

To support all of this, the database schema was extended with two new fields:

Field	Purpose
jwt_expires_at	Stores JWT expiration locally
last_worker_sync_at	Tracks worker processing time

These two fields are basically the foundation of the new worker architecture.

Removed Features

As part of the cleanup, I also removed the old CSV import functionality from the admin panel.
The feature was rarely used and added unnecessary maintenance overhead during this refactor.

🙌 Support the Project

Building these tools takes a lot of time and also infra cost.

I want to keep everything free so if you want to support:
✅ Upvote this post – it really helps!
👉 Vote for My SPS Validator Node
💬 Drop a comment or idea – weird edge cases welcome

🧩 Open Source & Self Hosting

Everything is open source.

If you do not trust it:
👉 check the code Github Repo
👉 run it yourself More info in release page
👉 modify it

Final Thoughts

I’ll be honest, this update was scary to push live.

Almost every important system inside the application changed in some way. Authentication, workers, syncing, API handling, database structure… nearly everything was touched.

But long term, this is absolutely the healthier direction for the project.
More secure. More scalable. More maintainable.
That said, with a refactor this large there is always the possibility that some edge cases slipped through testing.

So if you encounter any weird bugs, syncing issues, authentication problems, or unexpected behavior, definitely let me know so I can investigate quickly.

Beaker signing off ⚔️

Do you also want to be part of this amazing play to earn game consider using my refferal link.