Documentation of Dynepic's playPORTAL APIs for COPPA Compliant, kid-safe experiences.
Clone or download
Latest commit d75b933 Sep 4, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
_layouts Update docs to playPORTAL Feb 1, 2018
assets/css removing main.scss as it is not needed for overrides Sep 4, 2017
examples readme cleanup Aug 23, 2018
readmeAssets readme cleanup Aug 23, 2018
.gitignore initial documentation check-in Sep 4, 2017
APIEndpoints.md update graphics and links to swaggerhub Feb 2, 2018
ApplicationData.md update graphics and links to swaggerhub Feb 2, 2018
BrandGuidelines.md renamed glyph to playportal May 22, 2018
Configure-Postman-for-playPORTAL.pdf Update docs to playPORTAL Feb 1, 2018
CreateAnApplication.md New API documentation, Postman collection, etc. Dec 26, 2017
OAuth2Libraries.md readme cleanup Aug 23, 2018
OAuthFlowDetails.md readme cleanup Aug 23, 2018
README.md readme changes Sep 4, 2018
SSOButtonImage.png added playportal button image May 20, 2018
_config.yml Customizing title of GitHub pages version Sep 4, 2017
playPORTAL-APIs.postman_collection.json Update docs to playPORTAL Feb 1, 2018
playPORTAL-APIs.postman_environment.json Update docs to playPORTAL Feb 1, 2018
playPORTAL-SSO.md readme cleanup Aug 23, 2018
playPORTALWhiteGlyph.png renamed glyph to playportal May 22, 2018
sequence.txt update graphics and links to swaggerhub Feb 2, 2018
sso-flow-adult.svg Update docs to playPORTAL Feb 1, 2018
sso-flow-child.svg Update docs to playPORTAL Feb 1, 2018
sso-flow-zero-data-auth-code.svg update graphics and links to swaggerhub Feb 2, 2018
sso-flow-zero-data-implicit.svg update graphics and links to swaggerhub Feb 2, 2018

README.md

playPORTAL StudioTM provides a service to app developers for managing users of all ages and the data associated with the app and the app users, while providing compliance with required COPPA laws and guidelines.

playPORTAL REST API

Getting Started


Step 1:

Create playPORTAL Partner Account


Step 2:

Register your App with playPORTAL

  • After confirmation, log in to the playPORTAL Studio
  • In the left navigation bar click on the Apps tab.
  • In the Apps panel, click on the "+ Add App" button.
  • Add an icon, name & description for your app.
  • For "Environment" leave "Sandbox" selected.
  • Click "Add App"

Step 3:

Generate your Client ID and Client Secret

  • Tap "Client IDs & Secrets"
  • Tap "Generate Client ID"
  • The values generated will be used later.

Step 4:

Add a "Registered Redirect URI"

  • Tap "Registered Redirect URIs"
  • Tap "+ Add Redirect URI"
  • Enter your redirect uri (e.g. - localhost:3000/redirect) in to the prompt and click "Submit".

Step 5:

Choose Scopes

  • Tap "Scopes"

  • Add all of the scopes your app will need.

    Scope Description
    Profile Retrieve profile information about an playPORTAL user
    Smart Seacrh) Search for other playPORTAL users who use your application
    Friends List Get a users' list of friends & their profiles
    Lightning Database Securely store the user data your app needs
    Leaderboards Create custom leaderboards for your app
    Push Notifications Send personalized push notifications directly to your users

Step 6:

Choose OAuth2 Flow

Flow When to Use Notes
Web Server Application Your application uses a web server and can prevent the ClientSecret from being visible to the public.
Client-Side JavaScript Application Your site is a single-page application. The JavaScript that manages the OAuth2 flow is client-side JavaScript. For security, the domains must be pre-registered in the partner dashboard
Mobile Application You Application is deployed to a device, such as a phone, iPad, or Tablet. Applicaton flow supports a code challenge per the Proof Key for Code Exchange spec.
Client-Side Javascript Application Flow
  • Client-side applications do not store and manage a client secret. Since the code for these applications is primarily JavaScript and fully loaded in a web browser, the OAuth flow omits the client secret when exchanging the authentication code for a token.
  • playPORTAL verifies the domain used to invoke the Social Sign-On has been registered in the playPORTAL partner dashboard.
Mobile Application Flow
  • Mobile applications do not store and manage a client secret. Instead, the mobile application sends a code challenge to the playPORTAL authorization server which is later returned with the auth code.

Step 7:

Integrate an OAuth library to interface with playPORTAL. Use the configuration settings below:

Configuration Item Production Test
Authorization URL https://sso.playportal.io/oauth/signin https://sso.gogplayportal.com/oauth/signin
Token URL https://sso.playportal.io/oauth/token https://sso.gogplayportal.com/oauth/token
Client ID Generated in playPORTAL Studio Generated in playPORTAL Studio
Client Secret Generated in playPORTAL Studio
Note: not required for client-side or mobile applications
Generated in playPORTAL Studio
Callback URL Your production callback URL Your test callback URL
  • Provide the token in the Authorization header of any request to playPORTAL APIs, such as the Profile API to retrieve information about the current user. Requests should include the access token as a Bearer Token in the Authorization header. Authorization: Bearer ACCESS_TOKEN

  • You can read the OAuth implementation details and review the structure of the JWT on the OAuth Flow Details page.


Step 8:

Build your application!


More