Game API Overview
The Game API supports several features at the appilcation level to offer enhacements to games. The Flash SDK and Unity3D SDK already support the Game API. This guide is useful to those seeking to use these features in another langauge.
Features
- Advanced high scores with many options
- Achievements
- Player created maps
- Simple multiplayer (SMP) Beta
API Basics
All API addresses are the same excluding the hostname, port, and hash. The following is an example.
https://playtomic.y8.com/v1?hash=123
Instead of using different URLs for each request, the post data will specify a section and action that will direct the routing for the API calls. The following is an example of POST data that would be sent.
{"section": "init", "action": "start", "appid": "55082d5de13823c787000003"}
Assuming the appid is correct the above request will respond with an appsession. The appsession is used to generate a hash or a signature to prevent data from being tampered with while being transmitted. The hash is appended to the end of the API address. Excluding the init request and the leaderboard list requests, most other calls require a hash. For calls that don’t require a hash, any value will work but the hash must still be present.
Generating a Hash
The signatures are generated using the SHA-256 algorithm. To get your hash input, combine the json request parameters that will be sent and append the appsession. Then hash the string and tunicate the original hash to 20 characters. The following is a partial example of what will be hashed.
JSON.stringify({"section": "init", "action": "start", "appid": "55082d5de13823c787000003"})+appSession
Encoding
The Game API uses plain text encoding, also know as text/plain mime type. Request data in JSON format is sent raw to avoid the need for a preflight CORS request required by most calls using the application/json mime type. However the response from the Game API will use the application/json mime type for encoding.