6. Initialization

6.0.1. Verify the signature of initial data

When user logged in to the platform, the platform will redirect the user to the Login callback URL with the login information appended to the query string. Game server should verify these information before accepting the user's request.

Signature verification must be performed on the server, for app_secret shouldn't be exposed to the client.

  • HTTP method
  • HTTP query string
parameter name type description
login_key int64 random number acted as salt, provided by the platform
app_id string(60) the game id provided by the platform
user_id int64 the user id provided by the platform
sign string(60) signature for validating the data
  • Example

The https://your.game.host/ in the above example refers to the Login callback URL game developers provided.

  • Signature verification

The signature is a lower-cased hexadecimal string of the MD5 value of a query string composed of the app_secret,login_key, app_id, and user_id in the specified order. The values of the query string have to be urlencoded first.

  • PHP example:
$sign_data = [
  'app_secret' => 'WAKOOL-APPSECRET-TEST001',
  'login_key' => '1000000',
  'app_id' => 'WAKOOL-APPID-TEST001',
  'user_id' => '100000001'

 * constructing signature:
$sign = md5(http_build_query($sign_data));

The 4 parameters have to be in the order demonstrated in the example code above when constructing the query string and the values have to be urlencoded.

If you have difficulties verifying the signature, check to see if the order of the four parameters are correct.

  • Java example:
String app_secret = "WAKOOL-APPSECRET-TEST001";
String login_key = "1000000";
String app_id = "WAKOOL-APPID-TEST001";
String user_id = "100000001";

 * constructing signature:
StringBuilder sb = new StringBuilder();
String cs = "UTF-8";
sb.append(java.net.URLEncoder.encode("app_secret", cs)).append('=')
  .append(java.net.URLEncoder.encode(app_secret, cs)).append('&')
  .append(java.net.URLEncoder.encode("login_key", cs)).append('=')
  .append(java.net.URLEncoder.encode(login_key, cs)).append('&')
  .append(java.net.URLEncoder.encode("app_id", cs)).append('=')
  .append(java.net.URLEncoder.encode(app_id, cs)).append('&')
  .append(java.net.URLEncoder.encode("user_id", cs)).append('=')
  .append(java.net.URLEncoder.encode(user_id, cs));

String sign = org.apache.commons.codec.digest.DigestUtils.md5Hex(sb.toString());
  • Python example:
    from urllib.parse import urlencode
except ImportError:
    from urllib import urlencode
import hashlib

app_secret = 'WAKOOL-APPSECRET-TEST001'
login_key = '1000000'
app_id = 'WAKOOL-APPID-TEST001'
user_id = '100000001'

# constructing signature:
query = urlencode([('app_secret', app_secret), ('login_key', login_key), ('app_id', app_id), ('user_id', user_id)])
m = hashlib.md5()
sign = m.hexdigest()
  • Node.js example:
const sign_data = {
    app_secret: 'WAKOOL-APPSECRET-TEST001',
    login_key: '1000000',
    app_id: 'WAKOOL-APPID-TEST001',
    user_id: '100000001',

 * constructing signature:

const sign_string = new URLSearchParams(sign_data).toString();
const crypto = require('crypto')
const sign = crypto.createHash('md5').update(sign_string).digest('hex');

6.0.2. Importing SDK

The SDK is written in Javascript, simply insert the following code into your game page.

  m){m=RegExp('[?&]'+a+'=([^&]*)').exec(w.location.search);return m&&
  decodeURIComponent(m[1].replace(/\+/g,' '))};s='app_id';l=l||j('wakool_'

6.0.3. Manually initialize SDK

※In most cases this step is unnecessary, as the SDK is initialized in the page from Login callback URL where it obtains the required data from the query string of the current URL automatically. On rare occasions the Login callback URL is not the final game URL, or the parameters' name conflicted with the game's own, here's how to manually provide the parameters the SDK needs:

window.wakoolSetup = {
  'sign': '{SIGN}',
  'app_id': '{APP_ID}'

Here the game obtained the {SIGN} and {APP_ID} from Login callback URL, and manually passed them back to the SDK on another page where the original query string were lost.

6.0.4. SDK loaded callback

Define the function wakoolAsyncInit which will be called upon the DOMContentLoaded event being handled by the SDK. The initialized instance of the SDK wakool is passed in as the function argument. Within this function, game developers may register event listeners in order to be notified when platform events happened.

See Events for a complete list of events.

Game developers are advised to register listeners for purchase event and pause/resume event

In most cases Login function is called here.

window.wakoolAsyncInit = function(wakool) {

  // Register SDK event listeners...

  wakool.addEventListener(wakool.EVENT_BROWSER_PURCHASE_VERIFY_VALID, function(event){
    //   …Purchase success…
    console.log('Purchase success! Wakool Order ID:', event.data.order_id);

  // Call wakool.login() function here
    if(result) {
      /** …Login success… */
      console.log('Login success! Now Wakool SDK is fully functional.', result);

  // Store the SDK instance <wakool> to the window object for later uses.
  window.wakool = wakool;
  // please keep this line:
  return wakool;

Last line of the callback function should be kept.

results matching ""

    No results matching ""