Game Loom
  1. Getting started
Game Loom
  • Game Loom
    • 👋 Welcome to Game Loom
  • Getting started
    • Introduction
    • 👤 Authentication
  • User Registration
    • Introduction
    • Single user registration
      POST
    • Bulk Register Users
      POST
  • Notifications
    • Overview
    • Receiving Event Notifications via Webhooks
    • Get All notifications for specific user
      GET
  • Rewards
    • Overview
    • Points
      • Record user point event
      • Get user points
      • Get Specific user point
    • Levels
      • Record user level event
      • Get user levels
      • Get Specific user level
    • Badges
      • Award badge to user
      • Get user badges
      • Get Specific user badge
  • Challenges (Gamification elements)
    • Introduction
    • Leaderboard
      • Get available leaderboards for user
      • Submit score to a leaderboard
      • Get user's leaderboard participation history
      • Get leaderboard details
      • Get leaderboard ranking
      • Get user's record for a leaderboard
      • Get user's entry history for a leaderboard
    • Survey
      • Overview
      • Get available surveys for user
      • Start a new survey participation
      • Get detailed user participation
      • Get user's survey participation history
      • Abandon survey participation
      • Save individual answer to survey question
      • Submit completed survey
      • Submit Survey with answers (One-Step Submission)
    • Open Challenge
      • Overview
      • Get available open challenges for user
      • Complete an open challenge
      • Get user's open challenge participation history
      • Get user open challenge by ID
    • Schemas
      • Survey Schame
  1. Getting started

👤 Authentication

1. Authentication & Authorization#

To interact with the Game Loom API, your backend system must authenticate its requests. We use an API Key-based authentication mechanism.
Game Loom uses backend-to-backend authentication, which means you should never expose the API Key or make API calls directly from the client side

Obtaining Your API Key#

1.
Login to the Admin Dashboard: An administrator from your company, with an active account on our platform, needs to log in to the Game Loom Admin Dashboard.
2.
Navigate to API Credentials: Once logged in, navigate to the designated "Settings".
3.
Generate API Key:
In this section, you will find an option to generate your API Key for production access.
Important: Once an API Key is generated and displayed, it will be your only opportunity to copy and securely store it. For security reasons, if you revisit this section later, the full API key may be obfuscated (partially hidden), and you will not be able to retrieve it again. If you lose your API Key, you will need to generate a new one, which may involve revoking the old one.
API-Key
API key section in Settings page
API Keys are valid for 4 months from the date of creation.
Store your API Key securely and treat it like a password.

Using the API Key#

All API requests must include the API Key in the X-API-Key HTTP header.

Example Request Header:#

Host: api.98s.studio/ 
X-API-Key: YOUR_GENERATED_API_KEY
Content-Type: application/json

API Key Validity & Rotation#

Validity Period: API Keys are valid for 4 months from the date of generation.
Regeneration: It is crucial to establish a process on your end to regenerate and update your API Key before it expires to ensure uninterrupted service. You can generate a new key from the Admin Dashboard following the same steps outlined earlier.
Recommendation: We recommend regenerating your API Key at least a week before its expiration date to allow for a smooth transition.

Security Best Practices#

Confidentiality: Treat your API Key like a password. It should be kept confidential and stored securely.
Server-Side Storage: The API Key should only be stored and used on your backend server. Never expose it in client-side code (e.g., JavaScript in a web browser) or commit it to version control systems.
Access Control: Limit access to the API Key within your organization to only those systems and personnel that require it.
Regeneration if Compromised: If you suspect your API Key has been compromised, generate a new one immediately from the Admin Dashboard and update your integration. This will invalidate the old key.
Modified at 2025-12-20 23:01:23
Previous
Introduction
Next
Introduction
Built with