Verification of experiments (REST API)

You can execute the verification of experiments on the game server-side by using Game of Whales. In order to do this, you are just enough of using a value from experiment.signature property.

The signature is an experiment's data encrypted by using a secret key. The key can be taken from Payload Key field on Game Settings page. Game of Whales uses AES-256-CTR encryption algorithm with "hex" output encoding.

Signature structure

The signature the following attributes:

Example:

{
       "id": "5d6d1a2817788365b73fab36",
       "key": "exp_cr",
       "groupKey": "B",
       "payload": "{\"btnColor\": \"grean\", \"btnSize\": \"big\"}",
       "user": "10000000-0000-0000-0000-201908090004",
       "now": 1567512256963
}

Use case

The use case of using signature is as follows:

1. A client (your game’s code) receives the data about the experiment from Game of Whales server.

2. Before applying the experiment settings, the client sends a request to your game server for approving this action on server-side and passes the open data about the experiment and experiment.signature.

3. The server decrypts the signature by using the secret key. The secret key can be taken in your game settings page on Game Of Whales service.

4. Server-side validation is processing: it's compared the open data about the experiment with the data from decrypted experiment.signature.

5. If point 4 is successful, the experiment settings can be applied to the player.

This case can be applied only if you want the validation process to be made on server-side.

Example of decryption on the server-side

(for nodejs)

	decrypt = (encrypted, secretKey) => {
	            const crypto = require('crypto'),
	                decipher = crypto.createDecipher("AES-256-CTR", secretKey);
            
	            let decrypted = decipher.update(encrypted, 'hex', 'utf8');
	            decrypted += decipher.final('utf8');
          
	            return decrypted;

	        };