REST API & OAuth

al_chung — 2016-03-07T15:47:18-05:00 — #1

I wanted to use the API, and I think I need to first setup the OAuth Client, so I do get the Client ID, but when I review the API doc, to get the game image is https://api.playlyfe.com/v2/runtime/assets/game; it doesn't look like I can put the client id into the query.
Do I miss some steps here?
E.g., what is the request header? Authorization?

rajanrastogi — 2016-03-07T22:36:15-05:00 — #2

Hi @Al_Chung

We have various SDKs that you can use in order to get the access token. You use this access token to make API requests. The access token is sent as a query string and not in the Authorization header.

Here is the list of SDKs that we currently have:
https://dev.playlyfe.com/docs/sdk.html

The SDKs abstract you from the part where you exchange your client ID and secret. This exchange happens differently based on what OAuth flow you follow. For example, if you choose the client credentials flow, the SDK will exchange your client ID and secret for the access token. You can read about the various flow under our integration manuals section here:
https://dev.playlyfe.com/manuals/

If you can share how you intend to make requests to our platform, I can probably be more specific with my answer.

al_chung — 2016-03-08T12:07:52-05:00 — #3

What should I fill in for the OAuth login url?
What should I fill in for the Redirect URIs? http://localhost:3000/code? but I didn't use SDK, so I have no localhost on my machine.
What is the code for client Scopes?

After I properly get the token then I can invoke the Playlyfe API, i.e. https://api.playlyfe.com/v2/admin/players/:player_id?

khs — 2016-03-09T07:05:24-05:00 — #4

@Al_Chung which client type are you trying to use? Are you developing for mobile?

al_chung — 2016-03-09T07:42:02-05:00 — #5

I am using Appery.io a App builder to develop a mobile app. JQuery & Apache Cordova type
the link is here https://appery.io/appbuilder/

peter_john — 2016-03-09T08:19:13-05:00 — #6

Then you need to use the Oauth 2.0 Implicit Grant Flow. Check it out here https://dev.playlyfe.com/manuals/clients/implicit-grant.html.
There is also some awesome tutorial series done by @RajanRastogi here Jet Set Gamify you need to check that out also.

al_chung — 2016-03-09T11:28:58-05:00 — #7

I got an error:
Ghost game: We can't find any game by that name!

It seems this game does exist. Check the URL of the game you want to go to.

al_chung — 2016-03-09T11:37:18-05:00 — #8

for example, to access to Facebook API, I can use this login url

var url = "https://www.facebook.com/dialog/oauth?client_id=" + Facebook_Settings['client_id'] + "&redirect_uri=" + callbackUrl + "&scope=publish_actions&response_type=token";

do you have something similar?

al_chung — 2016-03-09T11:46:30-05:00 — #9

More of my code for your reference

OAuth_Helper.init = function() {
var client_id = OAuth_Settings.client_id;
var redirect_url = OAuth_Settings.redirect_url;
var login_url = OAuth_Settings.login_url;
var scope = OAuth_Settings.scope;

    var url = login_url + "?response_type=token&redirect_uri="+redirect_url+"&client_id="+client_id+"&scope="+scope;
    if (this.isCordovaApp()) {
        ref = window.open(url, '_blank', 'location=yes');
        ref.addEventListener("loadstart", this.saveCodeInLocalStorage);
    }
    else {
        window.open(url, "_self");
    }
};

al_chung — 2016-03-09T11:48:10-05:00 — #10

for the login url, I used
http://playlyfe.com/auth

is it correct?

khs — 2016-03-10T01:23:28-05:00 — #11

No that's just a part of the Login URL. Although you are not using our SDK, I'd recommend that you take a look at the implementation to see the URL endpoints used and techniques involved.

For example, the full Login URL is this:

https://playlyfe.com/auth?response_type=code&client_id="+client_id + "&redirect_uri="+redirect_uri

See the code for the SDK here:

https://github.com/playlyfe/playlyfe-java-sdk/blob/master/src/main/java/com/playlyfe/sdk

And the particular line which builds the login URL:

github.com

playlyfe/playlyfe-java-sdk/blob/8f470de1541ef9faac74b39524477c597311f5b3/src/main/java/com/playlyfe/sdk/Playlyfe.java#L419


private Object parseJson(String content) throws PlaylyfeException {
	if(content.contains("error") && content.contains("error_description")) {
		Map<String, String> errors = (Map<String, String>) gson.fromJson(content, Object.class);
		throw new PlaylyfeException(errors.get("error"), errors.get("error_description"));
	}
	else {
		return gson.fromJson(content, Object.class);
	}
}


public String get_login_url() throws URISyntaxException {
    return "https://playlyfe.com/auth?response_type=code&client_id="+client_id + "&redirect_uri="+redirect_uri;
	 }


	public void exchange_code(String code) throws  IOException, PlaylyfeException {
		this.code = code;
	}
	
	public static class PlaylyfeException extends Exception {
		private String name;

peter_john — 2016-03-10T01:46:13-05:00 — #12

@khs He is using the implicit flow so its going to be this
https://playlyfe.com/auth?response_type=token&client_id="+client_id + "&redirect_uri="+redirect_uri
According to this http://oauthlib.readthedocs.org/en/latest/oauth2/grants/implicit.html

In our Oauth 2.0 Api you don't need to specify the scope as our scopes are already embedded into the client when you create one and you don't need to speciy state also.

So your code will be
var url = login_url + "?response_type=token&redirect_uri="+redirect_url+"&client_id="+client_id;
And please use encodeURIComponent as sometimes your url might get escaped wrongly

al_chung — 2016-03-10T07:54:57-05:00 — #13

I do have some progress now. thanks all.

but I am still a little bit cofuse, after I clicked login, do I suppose to see a popup windows from Playlyfe to ask me to give permission to signin? right now, it just jump to my after signed in page.

and on my detail_page,I invoke the API for player profile, is this the right format?
'https://api.playlyfe.com/v2/runtime/player?access_token=ZWQ5YmU1YzItNTM0NS00ZGZjLWJkMzMtMWZlM2Y4ZTJiYzdj&token_type=Bearer

I don't see anything return to me.

so I tried to do some menu testing, and I found the following error message:

{
"status":404,
"uri":"https://api.playlyfe.com/v2/runtime/player",
"response":{
"error":"player_removed",
"error_description":"The player account was removed by it's owner"
}
}

To invoke the API for player profile, is this the right format?
'https://api.playlyfe.com/v2/runtime/player#access_token=ZWQ5YmU1YzItNTM0NS00ZGZjLWJkMzMtMWZlM2Y4ZTJiYzdj&token_type=Bearer

al_chung — 2016-03-10T07:56:17-05:00 — #14

Oh, one more question, are there any logout REST API that I could call? I can't find it from the API doc. Thanks!

peter_john — 2016-03-17T01:13:03-04:00 — #15

There is no logout REST API as of now. You just need to delete or remove the token on your side and that should do it.
And I think the popup didn't open because I think you were already logged in or something maybe you should try this in a private window.
Our developer documentation page dev.playlyfe.com uses our js sdk and follows the implicit flow. You can actually logout and head over to the api docs and login from there and you will see a popup window.