API Key

An API Key is required to create a Session in the API, so that you can access the more advanced functions of the API. API Keys are free, you simply need to request one.

Requesting An API Key

Requesting a key is very simple. To request an API Key, follow these instructions:

Log in to your account ("account").
In the preferences, answer the question about you being a developer as Yes and hit save.
You should now have an API Keys tab. Click it.
Request an API key.

API Key Permissions

API Key Permissions allow you to request access to a user's data while you are logged in as them. The following is a list of permissions currently available:

Private Details

You can access the public details of any object in the system without any special privileges. However, many objects have private details. For example, Users have email addresses, Designers have payment preferences, and the details of Receipts are almost entirely private. Having view permissions on these objects allow you access those private details.

Permissions

view_my_account: Allows you to view the private details of a User account, such as their email address.
edit_my_account: Allows you to manipulate a User's account information.
view_my_games: Allows you to view the private details of Games controlled by this user.
edit_my_games: Allows you to manipulate the Games controlled by this user.
view_my_files: Allows you to view the private details of Files and Folders controlled by this user.
edit_my_files: Allows you to manipulate the Files and Folders controlled by this user.
view_my_reciepts: Allows you to view the private details of the Receipts created by this user.
view_my_carts: Allows you to view the private details of the Carts and Wishlists controlled by this user.
edit_my_carts: Allows you to manipulate the Carts and Wishlists controlled by this user.
view_my_reviews: Allows you to view the private details of the Reviews created by this user.
edit_my_reviews: Allows you to manipulate the Reviews created by this user.
view_my_designers: Allows you to view the private details of the Designers controlled by this user.
edit_my_designers: Allows you to manipulate the Designers controlled by this user.

Making a Single-Sign-On Request

To make an SSO request you'll redirect the user's web browser to The Game Crafter site at this URL:

 https://www.thegamecrafter.com/sso

NOTE: If you are writing a native desktop or mobile app then you'll need to open a panel with a web browser control in it, and direct them to the above URL.

You'll need to include a number of parameters in the request:

api_key_id

This is your API Key that you requested at the beginning of this document.

permission

A permission such as view_my_account as described in the permission list above. You may add permission to the URL multiple times, once for each permission requested.

postback_uri

The URI where you'd like the user to be returned after they have logged in and authorized your request.

NOTE: If you're writing a native app use native instead of a uri here. After the user has been logged in they'll be redirected to this URL:

 https://www.thegamecrafter.com/sso/success?sso_id=xxx

You can then read the fragment from the end of the URL to continue.

Therefore the URL you redirect the user to will look something like this:

 https://www.thegamecrafter.com/sso?api_key_id=xxx&permission=view_my_account&permission=view_my_files&postback_uri=http://example.com/postback.php

One way or another the result of this request should be that you'd get an sso_id. Using the above example, you'd get a postback like this:

 http://example.com/postback.php?sso_id=xxx

With your sso_id you can now request a Session on behalf of the user. See the POST /session/sso/xxx method in Session for details.

Developer Documentation

Intro
Changes