This Handler allows the user to create a new account. This only requires a username because we use passwordless accounts. We also send the machineID of the current device used. This allows us to potentially verify lost accounts. If the username is unique the server generates a DeviceSecret which is equivalent to a password to this account.

The Device secret is just a very long string of (cryptographically secure) random characters.

The Request url must contain the following query parameters

• "u" : Contains the desired username. Base64 encoded.
• "m" : Contains a machine ID generated by the users device

If the username wasn't already taken responds with a DeviceSecret.

This is only used internally by the client to create a SessionID. The client can log into an account by sending the username and the DeviceSecret. The server will then respond with a SessionID. This SessionID is used to authenticate the user for all other requests.

The Request url must contain the following query parameters

• "u" : Contains the username
• "ds" : Contains the DeviceSecret

If the username and DeviceSecret are correct the server responds with a SessionID.

Because Session ID's expire after a while this endpoint is used to make sure that the SessionID is still valid. If the SessionID is valid the server responds with a 1. If the SessionID is invalid the server responds with a 0.

The Request url must contain the following query parameters

• "u" : Contains the username
• "s" : Contains the SessionID

1 if the SessionID is valid. 0 if the SessionID is invalid.

Whenever the player finishes a map the client will send the score to the server. For this the server only needs to know the sessionID, the mapID and the score. If the highscore got submitted successfully the server responds with a 1. If the request is malformed or the database rejected the submission the server may respond with "db rejected", "bad" or "no sid". Internally The server will invalidate the current buffer of highscore results for that map. Next time a client requests the highscore for that map the server will query the database again.

The Request url must contain the following query parameters

• "s" : Contains the SessionID
• "m" : Contains the mapID
• "sc" : Contains the score

1 if the highscore got submitted successfully. "db rejected" if the database rejected the submission. "bad" if the request is malformed. "no sid" if the SessionID is missing.

Returns the list of highscores for a specific map. This doesn't require authentification. Highscores are cached until a new highscore is submitted for that map. If the current cache got invalidated this request handler will generate a new Highscore list form the database.

The Request url must contain the following query parameters

• "m" : Contains the mapID

If the mapID is valid the server responds with a list of highscores. if not the server will not respond with anything. The Entries consist of a username and a score separated by a "&" character. The entries are separated by a "|" character. The usernames are base64 encoded.

To allow users to take their accounts with them onto other devices without passwords our server supports a "pairing" feature. This allows the user to pair a new device with their account by entering a code on the new device. The user can then use the same account on multiple devices. This is done by sending a request to this handler.

To make sure this request is authorized we both require the Session ID and DeviceSecret. The server will then generate a Pairing code which consists of 8 characters and is valid for 5 minutes. The user can then enter this code on the new device.

The Request url must contain the following query parameters

• "s" : Contains the SessionID
• "ds" : Contains the DeviceSecret

8 character pairing code if successful. nothing if not.

This handler is used to request the list of currently available maps. This allows the server to update the list of maps without having to update the client. Also enables sesional maps.

This handler doesn't require any query parameters.

The server responds with a list of maps. Each map is separated by a "&" character. The map consists of the following information:

• ID
• Name
• Price
• if the map is enabled as a 1 or 0
• The actual map file data string
• The minimum score to recieve money
• The Target score for the map
• The amount of money you get for reaching the target score All of this information is separated by a "|" character.

This is the matching handler for the PairEnable handler. The user enters the pairing code on the new device and the server will then pair the new device with the account.

The Request url must contain the following query parameters

• "pk" : Contains the pairing code

if the pairing code is valid the server responds with a DeviceSecret and username encoded in base64 and separated by a "|" character.

This handler is used to load the progress of the user. This includes the current money, the current unlocked map and the current score. But the server doesn't really know that because the progress is transmitted as a json string. The client is responsible for parsing the json string and parsing the data.

The Request url must contain the following query parameters

• "s" : Contains the SessionID

The server responds with a json string containing the progress data. if not sucessful the server doesn't respond but indicates errors with the status code. 404 if no progress was found. 403 if the sessionID is invalid or missing

This handler is for saving the progress of the user. The client is responsible for generating the json string. The server will then save the json string to the database. The data is limited to 4096 characters to prevent abuse.

The Request url must contain the following query parameters

• "s" : Contains the SessionID The request body must contain the json string. The Content-Type header must be set to "application/json"

The server will not respond but will return a status code of 200 if the request was successful and 403 if the sessionID is invalid or missing.