Introduction
Welcome to the LootLocker Admin API Documentation.
We do our best to keep this documentation up to date, but if you find any issues, please reach out to us at hello@lootlocker.io.
Authentication
Initial Authentication Request
curl -X POST "https://api.lootlocker.io/admin/v1/session" \
-d "{\"email\": \"hector@lootlocker.io\", \"password\": \"super_secret_password\"}"
The initial login request is simple in that it just requires the users email and password sent in a POST request.
The response can vary depending if the user has Two-Factor Authentication enabled or not. See examples for more detail.
If the user has Two-Factor Authentication enabled, the mfa_key, sent back has en expiry time of 5 minutes. If the user does not manage to input the MFA token during this time, you should present them with the login form again.
Example response with Two-Factor Authentication enabled.
{
"success": true,
"mfa_key": "c1b7e16b5ea72c0b2ea2d383f6a329a4483bd763"
}
Example response without Two-Factor Authentication enabled.
{
"success": true,
"auth_token": "2068c2a0c56bca8d058a311f727d89f7233ccf24",
"user": {
"name": "Andreas Stokholm",
"email": "andreas@lootlocker.io",
"signed_up": 1606730113,
"organisations": [
{
"id": 2,
"name": "LootLocker",
"games": [
{
"id": 1,
"is_demo": false,
"name": "Rabbidt",
"badge_url": null,
"logo_url": null,
"development": {
"id": 2,
"is_demo": false,
"name": "Rabbidt",
"badge_url": null,
"logo_url": null
}
},
{
"id": 3,
"is_demo": false,
"name": "Kingfall",
"badge_url": null,
"logo_url": null,
"development": {
"id": 4,
"is_demo": false,
"name": "Kingfall",
"badge_url": null,
"logo_url": null
}
}
]
}
]
}
}
In case of an error, the response will have the success property set to false, and there will be an error property with a human readable error message.
Two-Factor Authentication Code Verification
curl -X POST "https://api.lootlocker.io/admin/v1/2fa" \
-H "Content-Type: application/json"
-d "{\"mfa_key\": \"c1b7e16b5ea72c0b2ea2d383f6a329a4483bd763\", \"secret\": 123456}"
When the user has Two-Factor Authentication enabled, you need to request a code from the user, using the Google Authenticator standard.
To submit the code, you need to send the mfa_key you got in the Initial Authentication Request, along with the secret you got from the user.
This request requires a JSON request body, and thus it the Content-Type header set to application/json.
The successful response from this endpoint is the same as what you will get from the Initial Authentication Request, if Two-Factor Authentication is not enabled for the user.
In case the user is using a recovery token, you will not handle anything differently, but you can not limit the input to 6 characters since the recovery code is 27 characters long.
Example of a successful verification
{
"success": true,
"auth_token": "2068c2a0c56bca8d058a311f727d89f7233ccf24",
"user": {
"name": "Andreas Stokholm",
"email": "andreas@lootlocker.io",
"signed_up": 1606730113,
"organisations": [
{
"id": 2,
"name": "LootLocker",
"games": [
{
"id": 1,
"is_demo": false,
"name": "Rabbidt",
"badge_url": null,
"logo_url": null,
"development": {
"id": 2,
"is_demo": false,
"name": "Rabbidt",
"badge_url": null,
"logo_url": null
}
},
{
"id": 3,
"is_demo": false,
"name": "Kingfall",
"badge_url": null,
"logo_url": null,
"development": {
"id": 4,
"is_demo": false,
"name": "Kingfall",
"badge_url": null,
"logo_url": null
}
}
]
}
]
}
}
In case of an error, the response will have the success property set to false, and there will be an error property with a human readable error message.
Subsequent requests
# Example of a subsequent call using header for auth token
curl -X GET "https://api.lootlocker.io/admin/v1/games" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
Your subsequent requests should have a header property called x-auth-token, with the auth_token you got from either the Initial Authentication Request or the Two-Factor Authentication Code Verification request.
Games
Get All Games to the Current User
curl -X GET "https://api.lootlocker.io/admin/v1/games" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
To get all games, you have to send a request to /admin/games. From here a JSON object will be returned containing simple information about a game.
Example response
{
"success": true,
"games": [
{
"id": 1,
"name": "SquirrelChaser",
"sandbox_mode": true,
"logo_url": null,
"badge_url": null,
"development": {
"id": 2,
"name": "SquirrelChaser",
"sandbox_mode": true,
"logo_url": null,
"badge_url": null
}
}
]
}
Creating A Game
curl -X POST "https://api.lootlocker.io/admin/v1/game" \
-H "x-auth-token: c72d54b4d7675de27e8e03e5e0015a4f1c456f1a" \
-H "Content-Type: application/json" \
-d "{\"name\": \"My Game\", \"organisation_id\": 1, \"genre\": 1}"
To create a game, you must send a POST request to /admin/game with the game information.
The body of the request have to be in JSON format, and you must supply a Content-Type: application/json header with the request.
Valid fields:
| Field | Type | Info | Required |
|---|---|---|---|
| name | string | Max length: 100 | required |
| organisation_id | integer | ID of the organisation to create the game under | required |
| genre | integer | ID of the genre the game is | not required |
To get the genres, see the List Genres API call.
This call will return a full game object, as documented in Get detailed information about a game.
Get Detailed Information About a Game
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
Using the /admin/game/{game_id} endpoint, you can fetch additional information about a game, there will be one game object, holding all information relevant to the game requested. Currently this will hold the following:
| Field | Type | Value |
|---|---|---|
| id | integer | Game id |
| name | string | Game name |
| game_key | string | The games API key |
| sandbox_mode | boolean | If the game is in sandbox mode or not |
| created_at | string | The date the game was created in ISO8601 format |
| updated_at | string | The date the game was last updated in ISO8601 format |
Example Response
{
"success": true,
"game": {
"id": 1,
"name": "SNOW Test",
"game_key": "ka3ad899dc00258r42eb761f7654cc40f03cb271",
"sandbox_mode": true,
"created_at": "2015-01-26T14:01:51+0000",
"updated_at": "2015-01-26T14:01:51+0000"
}
}
Updating Information About a Game
curl -X PATCH "https://api.lootlocker.io/admin/v1/game/{game_id}" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-H "Content-Type: application/json" \
-d "{\"name\": \"SNOW Test 2\"}"
Updating game information happens at the /admin/game/{game_id} endpoint, with a PATCH request.
It is important to note that updating these values does not affect data at Steam, PSN or any other platforms.
Fields you are allowed to update are:
| Field | Type | Info |
|---|---|---|
| name | string | Max length: 100 |
| game_key | string | SHA1 hash, length: 40 |
| sandbox_mode | boolean |
Any other fields sent will simply be ignored.
The body of the request have to be in JSON format, and you must supply a Content-Type: application/json header with the request.
The response from this request will return a full game object as explained in Get detailed information about a game.
Deleting games
curl -X DELETE "https://api.lootlocker.io/admin/v1/game/{game_id}" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
Deleting a game is done by hitting the /admin/game/{game_id} endpoint with a DELETE request. This is not completely permanent, but there is no API method for undoing this action.
Example Response
{
"success": true
}
List Genres
curl -X GET "https://api.lootlocker.io/admin/v1/genres" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
List the genres LootLocker knows about using this api call.
Example Response
{
"success": true,
"genres": [
{
"id": 1,
"name": "Other"
},
{
"id": 2,
"name": "Action / Adventure"
},
{
"id": 3,
"name": "Arcade"
}
]
}
Players
Searching For Players
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/players?query=76561198023004363" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
To search for players, see the example, and add your query in the query url parameter.
The query can be any unique identifier for the player. See the below table for parameters searched.
This endpoint uses pagination. Each page returns 500 rows, and you can send along a offset parameter in the url, to offset the result with that amount of rows. So if you want page two, send an offset of 500.
Example Response
{
"success": true,
"offset": 0,
"players": [
{
"id": 24,
"steamId": "76561198103370330",
"psn_account_id": null,
"banned": 0,
"public": 1
}
]
}
| Platform | Identifier Name | Example |
|---|---|---|
| Steam | SteamID | STEAM_0:0:27334821 |
| Steam | SteamID64 | 76561198023004363 |
| Steam | Profile URL | http://steamcommunity.com/profiles/asuraO |
| PlayStation Network | account_id | 4223061641298765499 |
Get Player Information
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/player/7" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
To get detailed information for a player, see the example, using the players ID (obtainable from the Searching For Players endpoint).
Example Response
{
"success": true,
"players": [
{
"id": 24,
"steamId": "76561198103370330",
"psn_account_id": null,
"last_seen": "2016-06-10 01:34:37",
"creation_date": "2015-04-03 00:18:48",
"banned": false,
"public": true
}
]
}
Get Player Score
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/player/7/score" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
To get the players current score and level, see the example.
Example Response
{
"success": true,
"score": 60991,
"last_level_up": "2016-05-18 20:35:37"
}
Add Player Score
curl -X POST "https://api.lootlocker.io/admin/v1/game/{game_id}/players/7/score" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-H "Content-Type: application/json" \
-d "{\"score\": 100}"
You can add XP to a players account using the example. This will add the XP and trigger all the same events as when the player is gaining XP through normal ways, meaning that rewards will be granted and they will level up.
Example Response
{
"success": true,
"score": 61091,
"last_level_up": "2016-05-18 20:35:37"
}
Reset Player Score
curl -X DELETE "https://api.lootlocker.io/admin/v1/game/{game_id}/players/7/score" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
You can reset a players XP and Level using this endpoint. Beware that this will not reset previous rewards from leveling up, and other XP events.
Example Response
{
"success": true,
"score": 0,
"last_level_up": "2016-05-18 20:35:37"
}
Get Player Steam Profile Info
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/steam/76561198023004363" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This is a proxy method for getting information on steam users.
Example Response
{
"success": true,
"player": {
"name": "MrQ",
"avatar": "https://steamcdn-a.akamaihd.net/steamcommunity/public/images/avatars/50/502b0dd96b2163bbe4dcd3714800a8694e2254ea_full.jpg",
"profile_url": "http://steamcommunity.com/id/stkhlm/"
}
}
Get Player Inventory
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/player/7/inventory" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This endpoint will let you get the players inventory, along with a few other pieces of information, such as if an item is refundable or not.
Example Response
{
"success": true,
"inventory": [
{
"id": "944",
"player_id": "24",
"asset_id": "16",
"game_id": "2",
"asset_variation_id": "28",
"reserved": "0",
"source": null,
"updated_at": "2015-03-10 19:10:55",
"variation_name": "poppermost-founder",
"refundable": false
},
{
"id": "945",
"player_id": "24",
"asset_id": "47",
"game_id": "2",
"asset_variation_id": "98",
"reserved": "1",
"source": null,
"updated_at": "2015-03-10 19:10:55",
"variation_name": "poppermost-13-tophat-founder",
"refundable": true
}
]
}
Refund Player Purchase
curl -X DELETE "https://api.lootlocker.io/admin/v1/game/{game_id}/player/7/inventory/5713" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This endpoint will issue a return of a an item to a player.
The return can only be done if the item is refundable (meaning it's been purchased with soft currency, through the Game API). When refunding, the players account balance will be refunded, and the asset will disappear from their inventory.
Example Response
{
"success": true,
"inventory": [
{
"id": "944",
"player_id": "24",
"asset_id": "16",
"game_id": "2",
"asset_variation_id": "28",
"reserved": "0",
"source": null,
"updated_at": "2015-03-10 19:10:55",
"variation_name": "poppermost-founder",
"refundable": false
}
]
}
Get Currencies To Player
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/player/7/currencies" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This endpoint will return the currencies a player has and the balances they have for each currency.
Example Response
{
"success": true,
"currencies": [
{
"name": "Credits",
"balance": "15952"
}
]
}
Get Orders To Player
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/player/7/orders" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This endpoint returns a players orders and the products in them.
{
"success": true,
"orders": [
{
"id": "8077496",
"player_id": "7",
"game_id": "2",
"status": "2",
"created_at": "2016-06-26 12:28:52",
"updated_at": "2016-06-26 12:28:52",
"deleted_at": null,
"status_name": "succeeded",
"type": "asset_grant",
"value": "0",
"items": [
{
"id": "8777231",
"player_id": "7",
"asset_id": "988",
"game_id": "2",
"asset_variation_id": null,
"reserved": "0",
"source": "reward_trigger"
}
]
},
{
"id": "8077495",
"player_id": "7",
"game_id": "2",
"status": "2",
"created_at": "2016-06-26 07:28:37",
"updated_at": "2016-06-26 07:28:38",
"deleted_at": null,
"status_name": "succeeded",
"type": "asset_grant",
"value": "0",
"items": [
{
"id": "8777230",
"player_id": "7",
"asset_id": "984",
"game_id": "2",
"asset_variation_id": null,
"reserved": "0",
"source": "reward_trigger"
}
]
}
]
}
Set A Players Profile Private
curl -X DELETE "https://api.lootlocker.io/admin/v1/game/{game_id}/player/public" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
Players profiles are by default public.
A public profile means that the players inventories will be displayed on steam, and they will be able to use the market and trading features. The same goes for future 3rd party implementations. They will all respect the privacy setting.
Example Response
{
"success": true
}
Set A Players Profile Public
curl -X POST "https://api.lootlocker.io/admin/v1/game/{game_id}/player/public" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This endpoint sets a players profile to public.
Example Response
{
"success": true
}
Reset A Players Profile
curl -X DELETE "https://api.lootlocker.io/admin/v1/game/{game_id}/player" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This endpoint drops all references to the player, and effectively deletes the players account. It only works on the staging environment.
Example Response
{
"success": true
}
List Players Persistent Storage
curl -X GET "https://api.lootlocker.io/admin/v1/game/1234/player/5678/storage" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
If you want to list a players persistent player storage, this call will return it for you.
There are three properties on player persistent storage:
Example Response
{
"success": true,
"storage": [
{
"key": "totalDeaths",
"value": "171",
"is_public": false
}
]
}
| Property | Data Type | Explanation |
|---|---|---|
| key | string | The key of the persistent storage entry |
| value | string | The value of the persistent storage entry |
| is_public | boolean | A boolean denoting if other players can read this persisten storage entry |
Update Players Persistent Storage
curl -X PATCH "https://api.lootlocker.io/admin/v1/game/1234/player/5678/storage" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-d "{\"payload\":[{\"key\":\"totalDeaths\",\"value\":\"171\",\"is_public\":true}]}"
When updating a players persistent storage, the format is the same as the output when listing, inside the storage property.
Note the payload outer property. You can omit that if your use case does not require a JSON object at the root level.
Example Response
{
"success": true,
"storage": [
{
"key": "totalDeaths",
"value": "171",
"is_public": true
}
]
}
Delete Players Persistent Storage
curl -X DELETE "https://api.lootlocker.io/admin/v1/game/1234/player/5678/storage?key=user.key" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
Calling this endpoint will delete an entry associated with the supplied key from a players persistent storage.
Example Response
{
"success": true,
"storage": [
{
"key": "totalDeaths",
"value": "171",
"is_public": true
}
]
}
Assets
Getting all assets to a game
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/assets" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
To get all assets to a game, call /admin/game/{game_id}/assets and you will get an array back with simple information about a games assets.
This call can be sped up by utilizing pagination for large datasets. By adding a page parameter to the end of the url, you will be requesting chunks of 100 assets per page. When you get an empty response, you've fetched all assets.
Example Response
{
"success": true,
"assets": [
{
"id": 1,
"active": true,
"purchasable": false,
"tradable": false,
"marketable": false,
"name": "Head",
"context": "Head",
"last_changed": "2016-08-07T05:08:01+0000",
"price": 0,
"sales_price": 0,
"filters": [],
"thumbnail": null,
"variations": [
{
"id": "1",
"asset_id": "1",
"name": "Default",
"primary_color": null,
"secondary_color": null,
"created_at": "2015-02-20 21:53:34",
"updated_at": "2015-02-20 21:53:34",
"deleted_at": null
}
]
},
{
"id": 3,
"active": true,
"purchasable": true,
"tradable": false,
"marketable": false,
"name": "Credits",
"context": "Credits",
"last_changed": "2016-08-07T05:08:01+0000",
"price": 1000,
"sales_price": 0,
"filters": [],
"thumbnail": null,
"variations": []
}
]
}
You can also search for assets using this endpoint. The search term will match asset names and context names. The parameter for searching is a GET style url parameter named search. Eg: https://api.lootlocker.io/admin/v1/game/{game_id}/assets?search=rocket.
This list will contain:
| Field | Type | Value |
|---|---|---|
| id | integer | Id of the asset |
| active | boolean | If the asset is currently active or not |
| name | string | The asset's name |
| last_changed | string | The last date the asset was changed in ISO8601 format |
| price | integer | The price of the asset in cents |
| sales_price | integer | The sales price of the asset. If non-null, the asset is on sale |
Getting a list of assets to a game
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/assets/1,2,3,4,916" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This call will return the same response format as getting all assets to a game will, but only data for the specific assets id's you've supplied in the url.
Get detailed asset information
curl -X GET "https://api.lootlocker.io/admin/v1/asset/1" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This call will return a lot of information about an asset, and should only be used when listing detailed asset information.
Example Response
{
"success": true,
"asset": {
"id": 5,
"active": true,
"purchasable": true,
"name": "Sven",
"last_changed": "2016-08-07T05:08:01+0000",
"price": 39,
"sales_price": 0,
"on_steam": true,
"languages": {
"1": {
"id": 1,
"name": "US English"
}
},
"context_id": 4,
"global": null,
"featured": null,
"activation_errors": [],
"min_game_version_id": 0,
"rarity": null,
"popular": false,
"popularity_score": 0,
"unique_instance": false,
"external_identifiers": null,
"contexts": [
{
"id": 1,
"name": "Head"
},
{
"id": 2,
"name": "Flashlight"
},
{
"id": 58,
"name": "Feature Unlocks"
}
],
"background_color": "",
"name_color": "089AEF",
"tradable": false,
"marketable": false,
"market_name": "Test 1",
"market_hash_name": "Test 1",
"market_fee": "0.30",
"links": [],
"link_types": {
"1": {
"id": 1,
"name": "Steam Square",
"type": 0
},
"2": {
"id": 2,
"name": "Steam Big",
"type": 0
},
"3": {
"id": 3,
"name": "In-game Thumbnail",
"type": 1
},
"8": {
"id": 8,
"name": "In-game Square",
"type": 1
}
},
"game_versions": [
{
"id": 2,
"version": "0.5.1.569095"
},
{
"id": 3,
"version": "0.5.2.571294"
}
],
"is_package": false,
"variations": [
{
"id": 3,
"name": "lo2-gloves-13-sven",
"default": true,
"primary_color": "818987",
"secondary_color": "EE8D29",
"links": [
{
"id": 1,
"url": "CharacterAttachments/Item Thumbnails/hands/lo2/thumb_lo2-13-sven.tif",
"type_id": 3
},
{
"id": 449,
"url": "https://pm-game-files.s3.amazonaws.com/2/54eefc7c704bc.png",
"type_id": 1
},
{
"id": 456,
"url": "https://pm-game-files.s3.amazonaws.com/2/54eefc7fe4111.png",
"type_id": 2
}
],
"properties": [
{
"material_path": "CharacterAttachments/hands/lo2/lo2-gloves-13-sven/lo2-gloves-13-sven.mtl",
"binding_path": "CharacterAttachments/hands/shared-meshes/gloves-a/gloves-a.skin",
"bone_id": 12,
"min_game_version_id": null
},
{
"material_path": "CharacterAttachments/hands/lo2/lo2-gloves-13-sven/lo2-gloves-13-sven.mtl",
"binding_path": "characterattachments/hands/shared-meshes/gloves-a/gloves_a_geo.skin",
"bone_id": 12,
"min_game_version_id": 20
}
]
}
],
"filters": {
"1": {
"name": "Brand",
"id": "1",
"value": {
"value": "lo2",
"url": null
}
},
"2": {
"name": "Season",
"id": "2",
"value": {
"value": "13/14",
"url": null
}
},
"5": {
"name": "Drop Point Category",
"id": "5",
"value": null
}
},
"bones": [
{
"id": 12,
"name": "arms"
},
{
"id": 7,
"name": "bindings_left"
},
{
"id": 8,
"name": "bindings_right"
}
],
"boneParameters": [
{
"name": "type",
"value": "CA_SKIN",
"bone_id": "12"
},
{
"name": "rotation",
"value": "1,0,0,0",
"bone_id": "7"
},
{
"name": "position",
"value": "-0.16281861,0.007631816,-0.93363667",
"bone_id": "7"
},
{
"name": "boneName",
"value": "Bip01 L Foot",
"bone_id": "7"
},
{
"name": "flags",
"value": "0",
"bone_id": "7"
},
{
"name": "type",
"value": "CA_BONE",
"bone_id": "7"
}
],
"package_contents": [],
"simple_asset": false
}
}
For a table structure of a full response, please see the Asset Data Structures section of this documenation.
Create asset
# Creating an asset, setting only some information
curl -X POST "https://api.lootlocker.io/admin/v1/asset" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
-H "Content-Type: application/json"
-d "{\"context_id\": 1, \"name\": \"Energy Drink Deluxe\", \"actions\": [{\"url\": \"http://www.snowthegame.com\", \"name\": \"Game website\", \"owner_only\": false}]}"
There are only a few required fields, but you can only activate an asset when it's complete.
Required fields: context_id and name.
The response from this call will be equal to a response from Get Detailed Asset Information.
For a full list of properties that can be set when creating an asset, please refer to the Asset Data Structures.
Update asset
curl -X PATCH "https://api.lootlocker.io/admin/v1/asset/4" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
When you wish to update an asset, use this endpoint. It takes the same input as the Create Asset endpoint, and returns the same response.
For a full list of properties that can be set when updating an asset, please refer to the Asset Data Structures.
Checking If An Asset Can Be Activated
curl -X GET "https://api.lootlocker.io/admin/v1/asset/4/can/activate" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This call will return a boolean called can_activate telling you if an asset can be activated or not. If it can not, you will also see an errors property, which will be an array containing the reasons an asset can not be activated. In the example response you see an error. In case of a success, the error property will not be present, and the can_activate will hold the value true.
Example Error Response
{
"success": false,
"can_activate": false,
"errors": [
"No context have been assigned to this asset."
]
}
Example Success Response
{
"success": true,
"can_activate": true
}
Activating An Asset
curl -X POST "https://api.lootlocker.io/admin/v1/asset/4/activate" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
Issuing this call will activate the asset id you've provided.
In case of an error, you will get a response identical to what Checking If An Asset Can Be Activated returns. In case of a success, you will simply have a success property with the value true.
Example Response
{
"success": true
}
Deactivating An Asset
curl -X PATCH "https://api.lootlocker.io/admin/v1/asset/4/deactivate" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-d "{\"reason\": \"Here is a good reason for deactivating this asset\", \"replacement_asset_id\": 5}"
This is what an example deactivation call could be, it takes a JSON input, with one or two properties: reason and replacement_asset_id. You can supply both, and you must supply at least one of them. The reason will be displayed to players as a notification when they boot the game, and the replacement_asset_id will be silent.
In case you get any errors back from this call, there will be an error property in the payload which will hold an array of text errors. See example.
Example Error Response
{
"success": false,
"error": [
"When not supplying a replacement asset, you must give a reason for deactivating the asset.",
"When not supplying a reason for deactivating an asset, you must supply a replacement asset."
]
}
When you get successful response, you will simply see a success property with the value true.
Get Contexts
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/assets/contexts" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
To list the contexts configured for the current game, call this endpoint.
Example Response
{
"success": true,
"contexts": [
{
"id": 1,
"name": "Head",
"friendly_name": null,
"detachable": false,
"user_facing": false,
"characters": {
"skier": true,
"snowboarder": true
},
"dependent_asset_id": false,
"editable": true
},
{
"id": 6,
"name": "Goggles",
"friendly_name": "Eyes",
"detachable": true,
"user_facing": true,
"characters": {
"skier": true,
"snowboarder": true
},
"dependent_asset_id": false,
"editable": true
}
],
"unlock_assets": [
{
"id": 1405,
"name": "Snowmobile Unlock"
}
]
}
The field friendly_name is what will be showed in integrations and other external places.
detachable denotes if this context can be unequipped without equipping a new asset in it's place. Eg; Goggles can be unequipped, pants can not.
The user_facing field is a boolean indicating wether the context should be shown in integrations, such as Steam.
The characters field is an array of character type names, if the value is true, the character type can interact with this context.
dependent_asset_id denotes if this context is unlocked by the player owning a specific asset.
The editable boolean is there to let you know if this is an editable context or not. A few default contexts will have this set to false. Any context you create will always be editable.
The unlock_assets at the end of the data is the assets which qualify for being passed in to dependent_asset_id. In simpler terms, it's assets which context is Feature Unlocks.
Update Contexts
curl -X PATCH "https://api.lootlocker.io/admin/v1/game/{game_id}/assets/contexts" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-H "Content-Type: application/json" \
-d "[{\"name\": \"New Context\"}, {\"id\": 1, \"name\": \"Existing Context\"}]"
Updating contexts is done by updating them all at the same time. This is suboptimal, and is scheduled to be fixed in the future.
For the time being, you simply send the same format in as you get from the list, and change the values you want updated. If you want to create a new context, simply skip sending the id field along, and it will be created as a new context. Contexts can not currently be deleted.
The response from this endpoint is the same as is returned from the Get Contexts call.
Asset Data Structures
This section holds tables that describe data structures surrounding assets.
Asset Root Object
The asset root object is a representation of the Asset Object. Single value root level properties will be described here, while any sub structure will have it's own table.
There are only two required fields for creating an asset, everything else is optional, but might need to be set for the asset to be activated (sent to your game). The required fields are context_id and name.
JSON Object with all arrays and objects set to their empty states
{
"id": 2,
"live_asset_id": 1,
"dev_asset_id": null,
"active": true,
"purchasable": false,
"name": "Asset Name",
"last_changed": "2021-01-21T12:41:48+00:00",
"price": 0,
"sales_price": 0,
"on_steam": false,
"languages": [],
"context_id": 4,
"global": null,
"featured": null,
"activation_errors": [],
"min_game_version_id": 0,
"rarity": null,
"popular": false,
"popularity_score": 0,
"unique_instance": false,
"external_identifiers": {
"psn": null,
"apple_app_store": null,
"google_play": null
},
"rental_options": null,
"loot_box_content": null,
"filters": [],
"links": [],
"is_package": false,
"is_loot_box": false,
"is_rental": false,
"bones": [],
"package_contents": [],
"simple_asset": false
}
| Field | Type | Value |
|---|---|---|
| id | integer | The ID of the asset |
| live_asset_id | integer | The ID of the live asset if the current asset is a dev version |
| dev_asset_id | integer | The ID of the dev asset if the current asset is a live version |
| name | string | The assets name |
| last_changed | string | The date when this asset was last changed |
| price | integer | The price of the asset in cents or virtual currency |
| sales_price | integger | Sets the asset on sale, overriding the price in any transactions if bigger than 0 or null |
| purchasable | boolean | Can this Asset be purchased? |
| context_id | integer | The ID of the Context this Asset belongs to |
| unique_instance | boolean | Can players own multiple or only one of this Asset? |
| on_steam | boolean | A boolean referencing if this asset is exposed to Steam |
| background_color | string | HEX color. Used in Steam inventory. |
| name_color | string | HEX color. Used in Steam inventory. |
| tradable | boolean | Tradable on steam |
| marketable | boolean | Marketable on steam |
| market_name | string | Asset name in steam market |
| market_hash_name | string | Asset name used for grouping in steam market |
| market_fee | double | Percent from 0 to 1 to charge for steam market trades |
| featured | object or null | Dates for featured, or null if not featured. |
| global | object or null | Dates for global, or null if not global. See global assets |
| storage | object | An object with keys and values set for the asset. |
| min_game_version_id | integer | The id of the lowest version of the game that supports this asset. |
| popular | boolean | Is this asset popular? |
| popularity_score | integer | A score of how popular this asset is |
| simple_asset | boolean | If this asset's complexity is considered simple by LootLocker (No variations or special logic) |
| activation_errors | array | An array of strings holding human readable errors that need to be corrected before the asset can be activated. |
| external_identifiers | array | See asset external identifiers |
| variations | array | See asset variations |
| rarity | object | See asset rarities |
| links | array | See asset images |
| descriptions | array | See asset descriptions |
| tags | array | See asset tags |
| actions | array | See asset actions |
| is_package | boolean | A boolean representing if this asset is a package of assets |
| package_contents | array | See asset package contents |
Global Assets
Global assets can either be null or be an object with a start and end date of the assets global status. Note that the end date can also be null if there is no end set for the global status.
JSON Object
{
"start_date": "2021-02-05 23:00:00",
"end_date": null
}
| Field | Type | Value |
|---|---|---|
| start_date | string | The UTC time zone date and time from when the asset is global |
| end_date | string or null | The UTC time zone date and time from when the asset is no longer global. Can also be null. |
Asset External Identifiers
External Identifiers is how we map Assets to external services such as PSN, Apple's App Store and Google Play.
JSON Object
{
"external_identifiers": {
"psn": {
"entitlement_id": "entitlement id",
"product_id": "product id"
},
"apple_app_store": {
"product_id": "product id",
},
"google_play": {
"product_id": "product id"
}
}
}
| Field | Type | Value |
|---|---|---|
| psn | object | An object holding the data necessary to map an asset to PSN |
| psn.entitlement_id | string | The entitlement ID set up on PSN |
| psn.product_id | string | The product ID set up on PSN |
| apple_app_store | object | An object holding the data necessary to map an asset to Apple's App Store |
| apple_app_store.product_id | string | The product ID set up on the App Store |
| google_play | object | An object holding the data necessary to map an asset to Google Play |
| google_play.product_id | string | The product ID set up on Google Play |
Asset Variations
Variations are used to allow sharing of properties between Assets that are very similar, such as hats that only vary in color or pattern, but otherwise are identical.
JSON Object with arrays set to default empty state
{
"id": 374,
"name": "Default",
"default": true,
"primary_color": null,
"secondary_color": null,
"links": [],
"properties": []
}
| Field | Type | Value |
|---|---|---|
| id | integer | Variation ID |
| name | string | The name of the variation |
| default | boolean | If this is the assets default variation. This is used to select the variation if it is not provided specifically in other calls |
| links | array | See asset images |
| properties | array | See asset variation properties |
Asset Variation Properties
The properties of a variation can be used to let your game client know where to find the material and binding, which attachment (bone_id) it belongs to and to set a minimum game version this variation should be returned to.
JSON Object
{
"material_path": "file path",
"binding_path": "file_path",
"bone_id": 79,
"min_game_version_id": null
}
| Field | Type | Value |
|---|---|---|
| material_path | string | A path to a material stored in your game |
| binding_path | string | A path to a binding stored in your game |
| bone_id | integer | The id of the bone (Attachment) this variation belongs to |
| min_game_version_id | integer | The id of the minimum game version this variation should be returned to |
Asset Descriptions
Descriptions show up in steam and other relevant places. Colors are used exclusively in steam for now.
JSON Object with arrays set to default empty state
{
"id": 1,
"active": true,
"owner_only": false,
"type": "text",
"color": "336699",
"label": "Gun: ",
"values": []
}
| Field | Type | Value |
|---|---|---|
| id | integer | ID of description |
| active | boolean | Is this description active? |
| owner_only | boolean | Switch for showing publicly or only for owner |
| type | enum | Possible values: text, html, image |
| color | string | HEX color to display text type in |
| label | string | Prefix before value |
| values | array | See asset description values |
Asset Description Values
JSON Object
{
"id": 1,
"language_id": 1,
"value": "High speed rail gun"
}
| Field | Type | Value |
|---|---|---|
| id | integer | ID of the value |
| language_id | integer | ID of the language |
| value | string | The actual value (Max length: 500) |
Asset Tags
Tags are used as filtering options in steam.
JSON Object with arrays set to default empty state
{
"id": 1,
"internal_name": "Gun tags",
"internal_category": "guns",
"tag_names": [],
"category_names": []
}
| Field | Type | Value |
|---|---|---|
| id | integer | ID of the tag |
| internal_name | string | Identifier for tag. Not user facing. |
| tag_names | array | See asset tag names below |
| internal_category | string | A category used by steam to group tags. Not user facing. |
| category_names | array | See asset category names |
Asset Tag names
These are the translated variants of the tag. These are shown to the user.
JSON Object
{
"id": 1,
"language_id": 1,
"value": "localized tag name"
}
| Field | Type | Value |
|---|---|---|
| id | integer | ID of the tag name |
| language_id | integer | ID of the language |
| value | string | Translated string (Max length: 100) |
Asset Category names
These are the translated variants of the category. They are shown to the user.
JSON Object
{
"id": 1,
"language_id": 1,
"value": "localized category name"
}
| Field | Type | Value |
|---|---|---|
| id | integer | ID of the category name |
| language_id | integer | ID of the language |
| value | string | Translated string (Max length: 100) |
Asset Actions
Actions is a steam concept, and shows up as buttons in the steam inventory.
Steam helps with these and replaces the urls %assetid%, %contextid%, and %appid%, with the asset's ID, context ID, and owning app ID, respectively.
JSON Object
{
"id": 1,
"url": "https://yourwebsite.com/assets/%assetid%",
"name": "See Asset",
"owner_only": true
}
| Field | Type | Value |
|---|---|---|
| id | integer | Action ID |
| url | string | URL endpoint for action |
| name | string | The name of the action |
| owner_only | boolean | Only show action for owner |
Asset Images
For legacy reasons images are referrenced as links in LootLocker at the moment.
Asset links can be present both on the root of an Asset, and on Asset Variations.
JSON Object
{
"id": 1,
"url": "url or file path",
"type_id": 1
}
| Field | Type | Value |
|---|---|---|
| id | integer | Link ID |
| url | string | A CDN url or in-game file path to the linked file |
| type_id | integer | A reference to the type of link this is. |
Asset Rarities
Asset Rarities is an object holding information about the rarity of an asset. The object has 3 properties, which are all optional.
JSON Object
{
"id": 1,
"name": "Ultra Rare",
"short_name": "UR",
"color": "c6c891"
}
| Field | Type | Value |
|---|---|---|
| id | integer | The ID of the rarity |
| name | string | A name of the rarity, eg: Legendary |
| short_name | string | A short version of the name, eg: L |
| color | string | A HEX color for the rarity, eg: c6c891 |
Asset Package Contents
Package Content is an array of assets contained inside another asset, represented in a simplified structure, which provides what is necessary to render a preview. Packages can not contain other packages, so there will never be a nesting level deeper or a circular reference.
JSON Object
{
"asset_id": 1,
"asset_variation_id": 2,
"quantity": 1337,
"child_asset": {
"name": "Rail Gun",
"thumbnail": "url or path",
"variation_name": "Destroyer of Ships",
"price": 100,
"context": "guns"
}
}
| Field | Type | Value |
|---|---|---|
| asset_id | integer | The ID of the contained Asset |
| asset_variation_id | integer | The id of the variation of the contained Asset or null |
| quantity | integer | The quantity of the contained asset |
| child_asset | object | An object with data to help represent the contained Asset |
| child_asset.name | string | The name of the contained Asset |
| child_asset.thumbnail | string | A url to a thumbnail for the contained Asset (Relative to the variation if present) |
| child_asset.variation_name | string | The name of the variation of the contained Asset |
| child_asset.price | integer | The price of the contained Asset |
| child_asset.context | string | The name of the context the contained Asset belongs to |
User Generated Content
Get Candidates
curl -X GET "https://api.lootlocker.io/admin/v1/game/4/assets/candidates?count=20" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
Get list of asset candidates pending moderation.
Optional fields
| Field | Type | Value |
|---|---|---|
| count | number | Number of records that should be returned |
| after | number | Curser for pagination, a cursor will be returned in the response |
Example success Response
{
"items": [
{
"id": 16,
...
}
],
"pagination": {
"total": 7,
"next_cursor": 16
}
}
Update Candidate
curl -X PATCH "https://api.lootlocker.io/admin/v1/game/4/assets/candidate/10" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
-H "Content-Type: application/json"
-d "{\"status\": \"approve\"}"
Update asset candidate moderation status.
Fields
| Field | Type | Value |
|---|---|---|
| status | string | Required: approve or deny |
| comment | string | Optional comment, only used when denying an asset candidate |
Example success Response
{
"success": true
}
Characters
Characters are a core concept in LootLocker, and each player needs to have at least one to be able to equip assets. Characters can also be extended with extra functionality through the Heroes feature.
Through the Admin API you can configure your Character Classes.
There is currently a bit of confusion in the naming for Character Classes, as they were previously called Character Types in LootLocker, so any references to Character Types actually refer to Character Classes too. This will be fixed in upcoming v2 endpoints.
List Character Classes
curl -X GET "https://api.lootlocker.io/admin/v1/game/1234/loadout/default" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
To list all Character Classes configured for a game, call this endpoint, substituting 1234 for your games ID.
Example Response
{
"success": true,
"character_types": [
{
"default": false,
"name": "Medic",
"id": 3,
"contexts": []
},
{
"default": true,
"name": "Heavy",
"id": 1,
"contexts": [
{
"name": "Barks",
"default_loadout_asset": {
"name": "Quick Angry",
"image": null,
"variation_name": ""
}
}
]
}
]
}
Under the character_types property of a successful response, you will find the following structure:
| Property | Meaning |
|---|---|
| default | Is this the default character class for newly created characters |
| name | The name of your character class |
| id | The ID of the character class |
| contexts | An array of contexts this character class can equip assets from |
| contexts.name | The name of the context |
| contexts.default_loadout_asset | Structure for presenting asset information |
| contexts.default_loadout_asset.name | The name of the default asset for this context |
| contexts.default_loadout_asset.image | A URL to an image for this asset if one exists |
| contexts.default_loadout_asset.variation_name | The variation name for this asset if it exists and was selected |
Update Character Type
curl -X PATCH "https://api.lootlocker.io/admin/v1/game/1234/loadout/default/5678" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-d "{\"name\": \"Heavy\", \"default\": false}"
To update a Character Type or it's default loadout, send a request to this endpoint, substituting 1234 for your games ID, and 5678 for the Character Type's ID.
If you wish to delete the default_loadout_asset, simply update with that key's value set to null.
If you wish to change or set the default_loadout_asset, instead set two properties: asset_id and variation_id if the asset has variations.
When changing a Default Character Type, using the default boolean, you do not need to both remove and add the status to both Character Types. LootLocker will automatically ensure that only the newly appointed default Character Type is default.
Creating a new Character Type is done by setting the Character Type ID to new instead of an integer.
Example Payload
{
"default":true,
"name":"Heavy",
"contexts":[
{
"name":"Barks",
"default_loadout_asset": {
"asset_id":2,
"variation_id":null,
}
}
]
}
The response from this call is the same as from List Character Classes.
Delete Character Type
curl -X DELETE "https://api.lootlocker.io/admin/v1/game/1234/loadout/default/5678"
Character Types can only be deleted if they haven't been used to create a player character in your game. If player characters exist in your game, you will see the error in the Example Error Response.
A successful deletion will immediately remove the Character Type, as well as any Default Loadout that may have been configured for it.
Example Error Response
{
"success": false,
"error": "Instances of this character type exists, and because of that it can't be deleted"
}
Example Success Response
{
"success": true
}
Heroes
Heroes are an extension of the Characters functionality, which add extra functionality on top.
List Heroes
curl -X GET "https://api.lootlocker.io/admin/v1/game/2/heroes" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
Listing heroes to a game is done by calling this endpoint. Very little information about each hero is returned here. Only what's needed to build a simple interface where you can inspect a hero more closely later, using the Get Hero endpoint.
Example Response
{
"success": true,
"heroes": [
{
"name": "Rick Astley",
"hero_id": 3,
"asset_id": 5,
"character_type_id": 4,
"character_type_name": "Medic"
}
]
}
Get Hero
curl -X GET "https://api.lootlocker.io/admin/v1/game/2/heroes/3" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This endpoint lets you get more information about a hero, than you get when you list them all.
This endpoint also returns the default loadout and equipping exceptions a hero has set up.
Example Response
{
"success": true,
"hero": {
"name": "Rick Astley",
"hero_id": 3,
"asset_id": 5,
"character_type_id": 4,
"character_type_name": "Medic",
"default_loadout": [
{
"id": 4,
"asset_id": 2,
"asset_variation_id": null,
"created_at": "Mon Nov 30 2020 15:28:41 GMT+0000",
"updated_at": "Mon Nov 30 2020 15:28:41 GMT+0000"
}
],
"exceptions": []
}
}
Create Hero
curl -X POST "https://api.lootlocker.io/admin/v1/game/2/heroes" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-d "{\"name\": \"David Hasselhoff\", \"character_type_id\": 2}"
Example Response
{
"success": true,
"hero": {
"name": "David Hasselhoff",
"hero_id": 3,
"asset_id": 4,
"character_type_id": 2,
"character_type_name": "Medic",
"default_loadout": [],
"exceptions": []
}
}
Update Hero
curl -X POST "https://api.lootlocker.io/admin/v1/game/2/heroes/3" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-d "{\"name\": \"Rick Astley\"}"
Example Response
{
"success": true,
"hero": {
"name": "Rick Astley",
"hero_id": 3,
"asset_id": 4,
"character_type_id": 2,
"character_type_name": "Medic",
"default_loadout": [],
"exceptions": []
}
}
Delete Hero
curl -X DELETE "https://api.lootlocker.io/admin/v1/game/2/heroes/3"
Deleting a hero can be done by calling this endpoint.
Example Response
{
"success": true
}
Adding an Asset to a Heros Default Loadout
curl -x POST "https://api.lootlocker.io/admin/v1/game/2/heroes/3/defaults" \
-d "{\"asset_id\": 2, \"asset_variation_id\": 4}"
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
When adding to a heros default loadout, you can supply only an asset_id, or an asset_id with a corresponding asset_varaiation_id. If no asset_variation_id is supplied, the default variation for the asset is used, if it has any variations, however, the property is left empty, and the default variation is evaluated when the player creates the hero.
Example Response
{
"success": true,
"hero": {
"name": "Rick Astley",
"hero_id": 3,
"asset_id": 5,
"character_type_id": 4,
"character_type_name": "Medic",
"default_loadout": [
{
"id": 4,
"asset_id": 2,
"asset_variation_id": null,
"created_at": "Mon Nov 30 2020 15:28:41 GMT+0000",
"updated_at": "Mon Nov 30 2020 15:28:41 GMT+0000"
}
],
"exceptions": []
}
}
Removing an Asset from a Heros Default Loadout
curl -X DELETE "https://api.lootlocker.io/admin/v1/game/2/heroes/3/defaults/4" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
Example Response
{
"success": true,
"hero": {
"name": "Rick Astley",
"hero_id": 3,
"asset_id": 5,
"character_type_id": 4,
"character_type_name": "Medic",
"default_loadout": [],
"exceptions": []
}
}
Adding an Asset or a Context to a Heros Exception List
curl -X POST "https://api.lootlocker.io/admin/v1/heroes/3/exceptions" \
-d "" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
The exception list for a Hero is a list that can be used to make exceptions to the Hero's default equippable items (inherited from the Character Type).
Example Response
{
"success": true,
"hero": {
"name": "Rick Astley",
"hero_id": 5,
"character_type_id": 2,
"default_loadout": [],
"exceptions": [
{
"id": 2,
"asset_id": 2,
"context_id": null,
"can_equip": true,
"created_at": "Tue Dec 1 2020 09:10:41 GMT+0000",
"updated_at": "Tue Dec 1 2020 09:10:41 GMT+0000"
}
]
}
}
Removing an Asset or a Context from a Heros Exception List
curl -X DELETE "https://api.lootlocker.io/admin/v1/heroes/3/exceptions/1234" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
Example Response
{"success": true}
Bones
Bones are used to let the game client know how to attach assets to characters.
Get Bones To Game
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/bones" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This endpoint will return a list of bones and their parameters.
Example Response
{
"success": true,
"bones": [
{
"bone": {
"id": 50,
"name": "snowmobile_ski_left"
},
"parameters": [
{
"name": "rotation",
"value": "1,0,0,0",
"type": "string"
},
{
"name": "position",
"value": "-0.53,0.93,-0.35",
"type": "string"
},
{
"name": "boneName",
"value": "Bip01",
"type": "string"
},
{
"name": "type",
"value": "CA_BONE",
"type": "string"
}
]
}
],
"types": [
"boolean",
"string",
"number"
]
}
Update Bones
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/bones" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-H "Content-Type: application/json" \
-d "{\"bones\": [{\"bone\": {\"id\": 50, \"name\": \"snowmobile_ski_left\"}, \"parameters\": [{\"name\": \"rotation\", \"value\": \"1,0,0,0\", \"type\": \"string\"}]}]}"
When updating bones, you should send data in the same format as you get when you list bones to a game. Parameters are looked up by name on the backend, so supplying a new unique name, will create a new bone. You can set as many parameters as you want.
The response from this endpoint is the same as from Get Bones To Game.
Maps
Getting All Maps To A Game
curl -X GET "https://api.lootlocker.io/admin/v1/maps/game/{game_id}"
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This endpoint will return all maps with all their spawnpoints. If you need more information about the map than is provided here, call the assets endpoint, which will contain the poster image, name and what else you might need.
Example response
{
"success": true,
"maps": [
{
"map_id": 1,
"asset_id": 938,
"spawnpoints": [
{
"guid": "{ef7e9ca1-d3c8-47be-bc6a-b9d8556cab3b}",
"id": 1,
"asset_id": 939,
"position": "123585818123",
"rotation": "19588188841",
"cameras": [
{
"position": "1495986818281823",
"rotation": "1495986818281823"
}
]
},
{
"guid": "{09ca78e6-1719-43bc-becc-2a04cae9715d}",
"id": 2,
"asset_id": 940,
"position": "868181824845",
"rotation": "868186810",
"cameras": [
{
"position": "868190040011",
"rotation": "96817767100108681"
}
]
}
]
},
{
"map_id": 2,
"asset_id": 950,
"spawnpoints": [
{
"guid": "{38070225-a4d8-4db3-a8c9-550e806c6216}",
"id": 7,
"asset_id": 951,
"position": "123585818123",
"rotation": "19588188841",
"cameras": [
{
"position": "1495986818281823",
"rotation": "1495986818281823"
}
]
},
{
"guid": "{997b0abe-706f-49e9-9925-67d2454223e2}",
"id": 8,
"asset_id": 952,
"position": "868181824845",
"rotation": "868186810",
"cameras": [
{
"position": "868190040011",
"rotation": "96817767100108681"
}
]
}
]
}
]
}
Creating Maps
curl -X POST "https://api.lootlocker.io/admin/v1/maps"
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
-H "Content-Type: application/json"
-d "{\"json\": \"goes here\"}"
When creating a map, you send a POST request with the payload data. This will create the map, an asset for it and spawn points with their own assets for each spawn point you've sent along.
Request payload example
{
"name": "Sialia",
"game_id": 2,
"spawn_points": [
{
"guid": "{997b0abe-706f-49e9-9925-67d2454223e2}",
"position": "123551231",
"rotation": "156516991",
"name": "Eastwater Forest",
"cameras": [
{
"position": "12958181",
"rotation": "9591885818"
}
]
}
]
}
On success, this endpoint will return the full list of maps as documented in Getting All Maps To A Game.
On error you will receive a response similar to the error example shown.
Error response example
{
"success": false,
"error": "Required parameter on camera \"position\" missing."
}
| Property | Description | Required |
|---|---|---|
| game_id | Id of the game the map should belong to | Yes |
| name | Name of the map | Yes |
| asset_id | The ID of an asset if you've created one and don't want this call to do it for you. | No |
| spawn_points | An array of spawn point objects. See below. | No |
Spawn Points
Spawn points have a few properties.
| Property | Description | Required |
|---|---|---|
| position | Coordinates for where the spawn point should be positioned | Yes |
| rotation | Coordinates for the rotation of the spawn point | Yes |
| name | Name of the spawn point | Yes |
| guid | A 38-character long unique identifier provided by you | No |
| cameras | An array of cameras for the spawn point. See below. | No |
Cameras
Cameras are simple as they have just 2 properties.
| Property | Description | Required |
|---|---|---|
| position | Coordinates for where the camera should be positioned | Yes |
| rotation | Coordinates for the rotation of the camera | Yes |
Updating Maps
curl -X PATCH "https://api.lootlocker.io/admin/v1/maps/{map_id}"
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
-H "Content-Type: application/json"
-d "{\"json\": \"goes here\"}"
Updating maps follow the same rules as creating them, with a few exceptions. The request type is PATCH instead of POST and the url having the map_id appended to it.
When updating a map, send along the id's for the spawn points. Otherwise the backend will create new ones. Any spawn points not sent will be deleted.
Always send the cameras for a spawn point, as default behaviour is to delete all, and then re-create from the input given by the call.
Events
Creating Missions
curl -X POST "https://api.lootlocker.io/admin/v1/missions"
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
-H "Content-Type: application/json"
-d "{\"game_id\": 1, \"type\": 1, \"name\": \"Eastwater River\", \"goals\":{\"gold\": {\"goal\": \"00:20:00\", \"points\": 400, \"assets\": [{\"asset_id\": 24, \"asset_variation_id\": 43}]},\"silver\": {\"goal\": \"00:30:00\", \"points\": 200},\"bronze\": {\"goal\": \"00:35:00\", \"points\": 100}], \"checkpoints\": [{\"guid\": \"{f5bf1883-5192-4cd0-b251-8752d83c9bc2}\", \"index\": 1, \"x\": \"y\", \"foo\": \"bar\", \"baz\": \"foobar\"},{\"guid\": \"{54e54736-d290-4565-ae17-d19f90611c85}\", \"index\": 2, \"x\": \"y1\", \"foo\": \"bar1\", \"baz\": \"foobar1\"},{\"guid\": \"{ef7e9ca1-d3c8-47be-bc6a-b9d8556cab3b}\", \"index\": 3, \"x\": \"y2\", \"foo\": \"bar2\", \"baz\": \"foobar2\"}]}"
When creating a mission, you send a POST request with the payload data. This will create the mission and an asset for the mission, which you can later update with the update method.
You can set the following information:
Root level properties:
| Property | Description | Required |
|---|---|---|
| name | A name for the mission | Yes |
| game_id | The ID of the game to which this mission shall belong | Yes |
| type | An integer representing the type of mission you're creating | Yes |
| map_id | An integer representing the ID of the map this mission belongs to | Yes |
| asset_id | A reference to an asset you've created that you want to attach this mission to, if not supplied, one will be created automatically | No |
| poster_path | A string representing a path to a poster to display for this mission. | No |
| rounds | An integer representing the number of rounds in the mission | No |
| round_length | A string formatted as "00:00:000" for representing minutes, seconds and milliseconds | No |
| completion_bonus | A point based bonus for completing the mission, represented as an integer | No |
| difficulty_name | A string for representing the difficulty of the mission | No |
| difficulty_multiplier | A decimal number that will be multiplied with the point_reward from the medal field and completion_bonus from the mission | No |
| time_score_multiplier | An integer that will be multiplied with the amount of seconds that a player is faster than the round_length for mission of type 3 | No |
| goals | Array of objects, see Goals below | No |
| checkpoints | Array of objects, see Checkpoints below | No |
| filters | Array of objects, see Filters | No |
Types
Three different types of missions are currently supported.
| Type | Description |
|---|---|
| 1 | Time based and calculates based on time. |
| 2 | Score based and calculates based on score. |
| 3 | Time based, but calculates based on how many seconds faster the player was than round_length, and multiplies those seconds by time_score_multiplier |
Checkpoints
Checkpoint example
[
{
"index": 1,
"your_property": "your value",
"your_second_property": "your second value"
}
]
A mission can have an unlimited amount of checkpoints. For checkpoints you can add as many properties as you want, in a key/value style. There is a required index field which is used to set the order of the checkpoints.
Send your checkpoints in the format that you see in the example. You can send your values in any format, but they will always be treated and returned as strings.
Goals
Goals example
{
"gold": {
"goal": "5000",
"points": 400,
"assets": [
{
"asset_id": 24,
"asset_variation_id": 43
}
]
},
"silver": {
"goal": "4500",
"points": 350
},
"bronze": {
"goal": "3000",
"points": 200
}
}
You can add as many goals to a mission as you want. The object name is the name of the goal, which can be anything that'll fit in a JSON object.
| Property | Description | Required |
|---|---|---|
| goal | A string, with either a time based goal, or points | yes |
| points | An integer representing the point that will be rewarded and multiplied by the difficulty_multiplier from the mission | yes |
| assets | An array of assets that will be granted the first time the player reaches the goal, if it's the highest they've reached | no |
Filters
Filters example
[
{
"name": "Mission Type",
"value": "Freeride"
}
]
You can add as many filters to a mission as you want. Both properties are required. These will be returned with assets later.
Keep in mind that these might be used to let users filter assets at a later point, so keep them human friendly.
| Property | Description |
|---|---|
| name | A name for your filter, such as Mission Type |
| value | A value for the filter, such as Freeride |
Updating Missions
curl -X PATCH "https://api.lootlocker.io/admin/v1/missions/{mission_id}"
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
-H "Content-Type: application/json"
-d "{\"asset_id\": 6718, \"game_id\": 1, \"type\": 1, \"name\": \"Eastwater River\", \"goals\":{"gold": {\"goal\": \"00:20:00\", \"points\": 400, \"assets\": [{\"asset_id\": 24, \"asset_variation_id\": 43}]}, "silver": {\"goal\": \"00:30:00\", \"points\": 200},"bronze": {\"goal\": \"00:35:00\", \"points\": 100}], \"checkpoints\": [{\"guid\": \"{f5bf1883-5192-4cd0-b251-8752d83c9bc2}\", \"index\": 1, \"x\": \"y\", \"foo\": \"bar\", \"baz\": \"foobar\"},{\"guid\": \"{54e54736-d290-4565-ae17-d19f90611c85}\", \"index\": 2, \"x\": \"y1\", \"foo\": \"bar1\", \"baz\": \"foobar1\"},{\"guid\": \"{ef7e9ca1-d3c8-47be-bc6a-b9d8556cab3b}\", \"index\": 3, \"x\": \"y2\", \"foo\": \"bar2\", \"baz\": \"foobar2\"}]}"
Updating a mission follows the same format as creating one with the exception that any checkpoints or goals that you do not supply in an update will be removed. If you do not wish to change them, simply omit them in the request. Any field is optional, and only changed if a new value is supplied. Also, notice the addition of the {mission_id} to the url.
If you want to make sure the name of the mission isn't changed, you can send along a GET style parameter called protect_name and set it to true.
Getting All Missionss
curl -X GET "https://api.lootlocker.io/admin/v1/missions/game/{game_id}"
When working with missions, you might want to get them all. Issuing a call to this endpoint with a valid game_id will get that for you. In the example you'll see a simple mission with 2 checkpoints, and 3 goals.
Example Response
{
"success": true,
"missions": [
{
"mission_id": 1,
"asset_id": 912,
"rounds": 0,
"round_length": "0",
"difficulty_name": null,
"difficulty_multiplier": null,
"goals": {
"gold": {
"goal": "00:20:00",
"points": "400"
},
"silver": {
"goal": "00:30:00",
"points": "200"
},
"bronze": {
"goal": "00:35:00",
"points": "100"
}
},
"checkpoints": [
{
"guid": "{54e54736-d290-4565-ae17-d19f90611c85}",
"index": 1,
"segment_time": 18510,
"your_key": "your value",
"your_second_key": "your second value"
},{
"guid": "{f5bf1883-5192-4cd0-b251-8752d83c9bc2}",
"index": 2,
"your_key": "your value",
"your_second_key": "your second value"
}
]
}
]
}
Triggers
Triggers are a simple way to have game events perform actions on the backend, such as granting assets or awarding XP.
List Triggers
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/triggers" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This endpoint will list all triggers, and their rewards.
Example Response
{
"success": true,
"triggers": [
{
"id": 112,
"name": "enterArea.SialiaSummit",
"times": 1,
"grant_all": false,
"rewards": [
{
"asset_id": 0,
"asset_variation_id": null,
"asset_image": null,
"asset_name": "",
"score": 100
}
]
},
{
"id": 113,
"name": "enterArea.BluebirdRidge",
"times": 1,
"grant_all": false,
"rewards": [
{
"asset_id": 0,
"asset_variation_id": null,
"asset_image": null,
"asset_name": "",
"score": 100
}
]
}
]
}
Create Trigger
curl -X POST "https://api.lootlocker.io/admin/v1/game/{game_id}/triggers" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-H "Content-Type: application/json" \
-d "{\"name\": \"enterArea.SialiaBurgerBar\", \"times\": 10, \"grant_all\": false, \"rewards\": [{\"score\": 100}]}"
Creating a trigger requires sending data about said trigger in JSON form.
The name value is what will be called as a trigger from the Game API.
The times field is how many times this trigger should be called before the rewards will be granted to the player.
The grant_all field is to let the backend know if it should reward all the rewards of this trigger, or select one at random.
The rewards field is an array of rewards. This can be either XP in the form of a score field, or an asset, in the form of asset_id and asset_variation_id fields.
The response from this endpoint will be the list of triggers.
Update Trigger
curl -X PATCH "https://api.lootlocker.io/admin/v1/game/{game_id}/triggers/112" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-H "Content-Type: application/json" \
-d "{\"name\": \"enterArea.SialiaSummit\", \"times\": 4, \"grant_all\": true, \"rewards\": [{\"score\": 500}]}"
Updating a trigger follows the same format as creating one.
The response from this endpoint will be the list of triggers.
Delete Trigger
curl -X DELETE "https://api.lootlocker.io/admin/v1/game/{game_id}/triggers/112" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-H "Content-Type: application/json" \
-d "{\"name\": \"enterArea.SialiaSummit\", \"times\": 4, \"grant_all\": true, \"rewards\": [{\"score\": 500}]}"
This endpoint deletes a trigger, and all progress players have made towards it.
The response from this endpoint will be the list of triggers.
Leveling
List Levels
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/levels" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This endpoint will list the games levels, and their rewards.
The grant_all field references if players should be granted all assets, or just one at random when they reach a level.
The xp_threshold field denotes how much XP is necessary to reach this level.
Example Response
{
"success": true,
"levels": [
{
"id": 8,
"level": 0,
"xp_threshold": 0,
"grant_all": false,
"grants": []
},
{
"id": 9,
"level": 1,
"xp_threshold": 1000,
"grant_all": false,
"grants": [
{
"id": 57,
"level_id": 9,
"asset_id": 1370,
"asset_variation_id": 0,
"asset_name": "100 Credits Reward",
"asset_image": null,
"grant_id": 57
}
]
}
]
}
Save Levels
curl -X PATCH "https://api.lootlocker.io/admin/v1/game/{game_id}/levels" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-H "Content-Type: application/json" \
-d "[{\"id\": 8, \"xp_threshold\": 1500, \"grant_all\": false}, {\"level\": 61, \"xp_threshold\": 160000, \"grant_all\": false}]"
You save levels by sending them all in an array to the API. If you supply the id field, it will update an existing level, if you don't you will have to supply the level property too, and it will use that to create a new level.
The response from this endpoint will be the same as from the List Levels endpoint.
Add Reward
curl -X POST "https://api.lootlocker.io/admin/v1/game/{game_id}/levels/grant" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-d "level_id=8&asset_id=1405&asset_variation_id=1906"
To add a reward, you send a POST request with parameters identifying the level you wish to add a reward for using level_id, the asset_id, and asset_variation_id.
The response from this endpoint is the same as from List Levels.
Update Reward
curl -X PATCH "https://api.lootlocker.io/admin/v1/game/{game_id}/levels/grant/57" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-d "level_id=9&asset_id=1405&asset_variation_id=1906"
To update a reward, you need to provide the id of the reward in the url. Other than that, it's identical to the Add Reward call.
The response from this endpoint is the same as from List Levels.
Delete Reward
curl -X DELETE "https://api.lootlocker.io/admin/v1/game/{game_id}/levels/grant/57" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
Deleting a reward is done by sending a delete request to the rewards endpoint.
The response from this endpoint is the same as from List Levels.
DLC
Please note that DLC migrations are currently only for Steam integrations. For PSN, use consumable entitlements instead. These will be checked on game start.
List DLCs To Game
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/dlc" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This endpoint will list all DLC's for a game.
The dlc_identifier field is the app id steam provides for the DLC. These are 6 digits always.
The always_check boolean denotes if this DLC is checked every time the game starts. The purpose of this is to allow for migratory DLC's where people have bought a game with DLCs, before the game was hooked up to the backend. If they're only checked once, the backend will only check if the player owns them with steam the first time it sees the player. If always_check is set to true, the dlc_identifier value will be returned with the Game API session registration for the game to check if any of the DLC's are owned. See the Game API docs for how to handle this.
Example Response
{
"success": true,
"dlcs": [
{
"id": 1,
"name": "Season Pass",
"dlc_identifier": "257300",
"always_check": false,
"active": true,
"created_at": "2015-03-01 00:00:00",
"updated_at": "2015-05-26 14:01:20",
"product_count": 6
}
]
}
Create DLC To Game
curl -X POST "https://api.lootlocker.io/admin/game/{game_id}/dlc" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-H "Content-Type: application/json" \
-d "{\"name\": \"Season Pass\"}"
To create a DLC package, you simply send a POST with a name of the package you wish to create.
Example Response
{
"success": true,
"dlc_id": 1
}
Get DLC Details
curl -X GET "https://api.lootlocker.io/admin/game/{game_id}/dlc/1" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
The DLC details endpoint will list details about a DLC package, including it's contents.
Example Response
{
"success": true,
"dlc": {
"id": 21,
"name": "Test",
"dlc_identifier": "0",
"always_check": "1",
"active": "0",
"created_at": "2016-08-19 10:43:22",
"updated_at": "2016-08-19 10:43:22",
"assets": [
{
"id": 62,
"name": "Rival Pro",
"image": "https://pm-game-files.s3.amazonaws.com/2/56f54a14b12e7.png",
"variation_id": 131,
"variation_name": "k2-13-rivalpro-green"
},
{
"id": 1380,
"name": "Source Z",
"image": "https://pm-game-files.s3.amazonaws.com/2/56f67b5c8e33a.png",
"variation_id": 1873,
"variation_name": "black"
}
]
}
}
Update DLC Details
curl -X PATCH "https://api.lootlocker.io/admin/game/{game_id}/dlc/1" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-H "Content-Type: application/json" \
-d "{\"active\": true, \"assets\": [{\"id\": 62, \"variation_id\": 131}]}"
When updating a DLC package, all fields are optional. Only the ones passed in will be changed.
If assets is passed in, all assets not in the array will be removed. Any additional assets added will be added.
The response from this endpoint is the same as from Get DLC Details.
Messages
Messages are used to send news and promotions to your players.
Get Messages To Game
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/players/messages" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This endpoint will return a list of messages for a game. It will include drafts (messages without a published_at date set), and the messages will be the full messages, with all content.
The example only includes one response for brevity.
Example Response
{
"success": true,
"messages": [
{
"id": 4,
"live_player_message_id": 3,
"dev_player_message_id": null,
"title": "Message Title",
"summary": "Message Summary",
"message_body": "This is a rather lengthy body.\r\n\r\nLorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean congue urna vitae venenatis mattis. Nunc volutpat finibus nisl ut imperdiet. Mauris sed orci at leo posuere tincidunt ut ut leo. In hac habitasse platea dictumst. Sed pulvinar, magna in pharetra finibus, neque nibh elementum nisl, at pulvinar mauris augue in felis. Cras accumsan nec purus in dapibus. Nullam rhoncus accumsan condimentum. Nullam consequat ipsum sit amet porttitor varius. Curabitur lacinia in tortor eget egestas.",
"category": "Levels",
"action": ":store\/levels\/new",
"alert": true,
"image_url": null,
"image_name": null,
"published_at": "2017-09-12 15:55:22",
"created_at": "2017-09-12 08:39:48",
"updated_at": "2017-09-13 08:19:18"
}
]
}
Get Message
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/players/messages/4" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This endpoint will return a single message.
Example Response
{
"success": true,
"message": {
"id": 4,
"live_player_message_id": 3,
"dev_player_message_id": null,
"title": "Message Title",
"summary": "Message Summary",
"message_body": "This is a rather lengthy body.\r\n\r\nLorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean congue urna vitae venenatis mattis. Nunc volutpat finibus nisl ut imperdiet. Mauris sed orci at leo posuere tincidunt ut ut leo. In hac habitasse platea dictumst. Sed pulvinar, magna in pharetra finibus, neque nibh elementum nisl, at pulvinar mauris augue in felis. Cras accumsan nec purus in dapibus. Nullam rhoncus accumsan condimentum. Nullam consequat ipsum sit amet porttitor varius. Curabitur lacinia in tortor eget egestas.",
"category": "Levels",
"action": ":store\/levels\/new",
"alert": true,
"image_url": null,
"image_name": null,
"published_at": "2017-09-12 15:55:22",
"created_at": "2017-09-12 08:39:48",
"updated_at": "2017-09-13 08:19:18"
}
}
Create Message
curl -X POST "https://api.lootlocker.io/admin/v1/game/{game_id}/players/messages" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-H "Content-Type: application/json" \
-d "{\"title\": \"My fancy message title\"}"
Creating a message is simple. There are only one required field: title. Everything else is optional.
The title and summary fields have length settings on the game settings. They have sensible defaults, but you might want to change them for your game because of UI space etc.
Example Response
{
"success": true,
"message": {
"id": 4,
"live_player_message_id": 3,
"dev_player_message_id": null,
"title": "My fancy message title",
"summary": "",
"message_body": "",
"category": "",
"action": "",
"alert": false,
"image_url": null,
"image_name": null,
"published_at": null,
"created_at": "2017-09-12 08:39:48",
"updated_at": "2017-09-13 08:19:18"
}
}
The optional fields are as follows:
| Field | Type | Additional info |
|---|---|---|
| summary | string | This field can have a max length, set in the game settings. (Default: 140) New lines will be converted to \r\n on save. |
| message_body | string | This is the body of the message. New lines will be converted to \r\n on save. |
| category | string | A free text category for your message. (Max 255 characters) |
| action | string | A free text string that your game can parse to perform an action on the message. (Take to store etc) |
| alert | boolean | Used to let your game know if this message is an alert. |
| image_url | string | This can be a string or url to any image you want to show with your message. |
| image_name | string | This is only used in the admin API to help identify an image if it can't render on the platform the game is being managed from. (Eg. .dds in a browser) |
| published_at | datetime | Format: 2017-09-13 12:49:33 - The date for the message to be published. |
Update Message
curl -X PATCH "https://api.lootlocker.io/admin/v1/game/{game_id}/players/messages/4" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-H "Content-Type: application/json" \
-d "{\"title\": \"My fancier message title\", \"alert\": true}"
Updating a message functions exactly like creating one. The only difference is that the ID of the message goes in the URL and the request type is PATCH instead of POST. Refer to that part of the documentation for specifics.
Example Response
{
"success": true,
"message": {
"id": 4,
"live_player_message_id": 3,
"dev_player_message_id": null,
"title": "My fancier message title",
"summary": "",
"message_body": "",
"category": "",
"action": "",
"alert": true,
"image_url": null,
"image_name": null,
"published_at": null,
"created_at": "2017-09-12 08:39:48",
"updated_at": "2017-09-13 11:29:18"
}
}
Delete Message
curl -X DELETE "https://api.lootlocker.io/admin/v1/game/{game_id}/players/messages/4" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
The response from this endpoint will be identical to the one from Get Messages To Game.
Example Response
{
"success": true,
"messages": []
}
Files
Upload a file
curl -X POST 'https://api.lootlocker.io/admin/v1/upload' \
-H 'x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39' \
-F 'file=@path/to/your/file.bin' \
-F 'asset_id=5129' \
-F 'game_id=1234' \
-F 'tags=image;large'
This endpoint lets you upload a file and associate it with other LootLocker Game Systems, such as assets, asset instances (items) and players.
The field game_id is required for LootLocker to be able to attach the file to a specific game.
Files can also be tagged to help your game or editor to handle them better. When adding tags to a file while uploading it, they should be in a field called tags and be delimited with a semi-colon (;).
This table lists all possible Game Systems that a file can be associated with.
Example response
{
"success": true,
"url": "https://cdn.lootlocker.io/141/5f230b1e14614.txt",
"id": 13,
"size": 224,
"name": "astley-paradox.txt",
"tags": [
"image",
"large"
],
"updated_at": "2020-07-31 09:28:10"
}
| Game System | Field name |
|---|---|
| Assets | asset_id |
| Asset Instance | item_id |
| Player | player_id |
Get files
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/files?filter=asset" \
-H 'x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39'
Listing files can be done by issuing a call to this endpoint. See the example response for the structure. tags will be null if there are no tags.
attachment_type and attachment_id reference which Game System a file is attached to, holding the name in the type field and the id of said system resource in the id field. Eg attachment_type = asset and attachment_id = 1234 meaning that the file is attached to an asset with id 1234.
When listing files you can also filter them by attachment_type, to only get files matching the specified filter returned. Currently the following exists:
| Attachment Type | Filter Value |
|---|---|
| Assets | asset |
| Asset Instance | item |
| Player | player |
Example Response
{
"success": true,
"files": [
{
"url": "https://cdn.lootlocker.io/141/5f230b1e14614.txt",
"id": 13,
"attachment_type": "asset",
"attachment_id": 1234,
"size": 224,
"name": "astley-paradox.txt",
"tags": [
"image",
"large"
],
"updated_at": "2020-07-31 09:28:10"
}
]
}
Update file
curl -X PATCH "https://api.lootlocker.io/admin/v1/game/{game_id}/files/{file_id}" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-d "{\"tags\": [\"never\", \"gonna\", \"give\", \"you\", \"up\"]}"
Updating files lets you change your tags. Send them as an array of strings in an object with a key tags.
Example Response
{
"success": true,
"file": {
"url": "https://cdn.lootlocker.io/141/5f230b1e14614.txt",
"id": 13,
"attachment_type": "asset",
"attachment_id": 1234,
"size": 224,
"name": "astley-paradox.txt",
"tags": [
"never",
"gonna",
"give",
"you",
"up"
],
"updated_at": "2020-07-31 09:28:10"
}
}
Delete file
curl -X DELETE "https://api.lootlocker.io/admin/v1/game/{game_id}/files/{file_id}" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
Deleting files can be done by issuing a call to this endpoint. Do note that files will be stored in LootLocker as long as there is a reference to them from the live game, so even though the reference is gone immediately, the actual file will not be removed until the change is merged to the live game.
Example response
{
"success": true
}
Data Entities
LootLocker supports custom data blobs that can be attached to a number of Game Systems. We call them Data Entities.
Create Data Entity
curl -X POST "https://api.lootlocker.io/admin/v1/game/{game_id}/data" \
-H "Content-Type: application/json" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-d "{\"name\": \"My custom data\", \"asset_id\": 1234, \"data\": \"your data here\"}"
When creating a Data Entity there are 2 required fields: data and a field to tie the Data Entity to a Game System, such as asset_id, used in the example here.
You can also assign a name to make it easier to identify the entity later. This name will not be returned through the Game API.
Example Response
{
"success": true,
"data_entity": {
"id": 1234,
"name": "My custom data",
"data": "your data here",
"updated_at": "2020-08-04 13:54:56"
}
}
The below list shows which Game Systems we currently support, and what field name to use to attach to that system.
| Game System | Field |
|---|---|
| Assets | asset_id |
| Player | player_id |
| Trigger | trigger_id |
| Event (Mission) Goal | event_goal_id |
Listing Data Entities
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/data/{type}/{type_id}" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
Listing Data Entities are done based on which Game System they are attached to, and is refered to in the url as type and type_id. The below table lists the types used and what id to use.
Example response
{
"success": true,
"data_entities": [
{
"id": 1234,
"name": "My custom data",
"data": "your data here",
"updated_at": "2020-08-04 13:54:56"
}
]
}
| Game System | Type | ID |
|---|---|---|
| Assets | asset | Asset ID |
| Player | player | Player ID |
| Trigger | trigger | Trigger ID |
| Event (Mission) Goal | eventgoal | Event Goal ID |
Get a single Data Entity
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/data/{data_entity_id}" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
Getting a single Data Entity is done by the ID of the entity.
Example response
{
"success": true,
"data_entity": {
"id": 1234,
"name": "My custom data",
"data": "your data here",
"updated_at": "2020-08-04 13:54:56"
}
}
Update a Data Entity
curl -X PATCH "https://api.lootlocker.io/admin/v1/game/{game_id}/data/{data_entity_id}" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-H "Content-Type: application/json" \
-d "{\"name\": \"My changed name\"}"
Updating a Data Entity is done by it's ID, as a PATCH request sending the fields to update along in a JSON payload.
The following fields can be updated: name, data.
Example response
{
"success": true,
"data_entity": {
"id": 1234,
"name": "My changed name",
"data": "your data here",
"updated_at": "2020-08-04 14:24:35"
}
}
Delete a Data Entity
curl -X DELETE "https://api.lootlocker.io/admin/v1/game/{game_id}/data/{data_entity_id}" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
Deleting a Data Entity is done by it's ID, as a DELETE request, having the ID in the URL.
Example response
{
"success": true
}
Game Versions
Game Versions are primarily used for handling different versions of assets, in the capacity that they will not be sent to games with an lower version.
Getting Game Versions
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/version" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This endpoint will list all versions that your game has.
Notice the string property at the end, which is handy for display purposes.
Example Output
{
"success": true,
"versions": [
{
"id": "2",
"live_game_version_id": null,
"game_id": "2",
"major": "0",
"minor": "5",
"revision": "1",
"build": "569095",
"created_at": "2015-03-27 16:22:51",
"updated_at": "2015-03-27 16:22:51",
"deleted_at": null,
"string": "0.5.1.569095"
},
{
"id": "3",
"live_game_version_id": null,
"game_id": "2",
"major": "0",
"minor": "5",
"revision": "2",
"build": "571294",
"created_at": "2015-03-30 15:06:43",
"updated_at": "2015-03-30 15:06:43",
"deleted_at": null,
"string": "0.5.2.571294"
}
]
}
Getting Game Versions to a Dev Game
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/version/develop" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
In addition to using the above endpoint with the ID of a development version of a game, you can call this utility endpoint and get the same response, but for the games development version.
Organisations
Get Users To An Organisation
curl -X GET "https://api.lootlocker.io/admin/v1/organisation/1/users" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This call will get you all users belonging to a specific organisation, if the user you're acting as has access to the organisation.
Invite A User To An Organisation
curl -X POST "https://api.lootlocker.io/admin/v1/organisation/1/users" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-H "Content-Type: application/json" \
-d "{\"name\": \"Andreas Stokholm\", \"email\": \"andreas@lootlocker.io\"}"
This endpoint can be called to invite existing users to an organisation or create new users who will automatically be part of the organisation they're being invited to. This is agnostic to the API and is automatically handled.
Once this endpoint has been called, the user will receive an email, telling them that either an account have been created for them, or that they've been added to a new organisation.
Example Response
{
"success": true
}
Get User To An Organisation
curl -X GET "https://api.lootlocker.io/admin/v1/organisation/1/users/1" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
The response from this endpoint will be details about the user.
Example Response
{
"success": true,
"user": {
"id": 1,
"name": "Andreas Stokholm",
"email": "andreas@lootlocker.io",
"uses_2fa": false,
"last_login": null
}
}
Remove Two-Factor Authentication For A User
curl -X DELETE "https://api.lootlocker.io/admin/v1/organisation/1/users/1/2fa" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
Requesting this endpoint will remove Two-Factor Authentication from the user. They will get an email notifying them about it.
Example Response
{
"success": true
}
Reset Password For A User
curl -X DELETE "https://api.lootlocker.io/admin/v1/organisation/1/users/1/password" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
Requesting this endpoint will initiate the process of resetting the users password. This means they will get an email with a link to reset the password, just like if they requested it themselves at login.
Example Response
{
"success": true
}
Users
Set Up Two-Factor Authentication
curl -X POST "https://api.lootlocker.io/admin/v1/user/2fa" \
-H "x-auth-token: 4b711a8a40b678fbc9afdb2fc0a1492530002de8"
This endpoint will initiate the process of setting up Two-Factor Authentication. The response will have to be presented to the user, for them to set up their device.
The mfa_token_url is a base64 encoded png of a QR code the user can scan with their device.
Example QR Code:
Example Response
{
"success": true,
"mfa_token_url": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAIAAAAiOjnJAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAFe0lEQVR4nO3dwa6cRhCG0djK+z+ylZ01i0vcPV0fw7XOWUZMg+1fpNQUxY9fv379A9N+fvoC+DsJFgnBIiFYJASLhGCRECwSgkVCsEgIFgnBIiFYJASLhGCRECwSgkVCsEj8+97Pfv6cT+RrL+vJ+is9sVfrn/TTvq558meZuoYp712POxYJwSIhWCTerLFe1TXBSr2yew0ra17VTCvH7P73qzWvrPx5P1uruWORECwSgkVioMZ6NVUf7K65Unud1Ge761+tOVULrpzrVfHv8oczDq4FvwkWCcEiMVxj1U7qs5N9o/oaVn57cg33c8ciIVgkBIvEQ2us3f2bqf6t3XVOznuy9/Z83/W6eTjBIiFYJIZrrKn9lZVaqqhvrhT9T7vPMev3AGa5Y5EQLBKCRWKgxvrUXstuj/nUOrv9T59a57N7YO5YJASLhGCR+PH8zp4ru71KU3tXJ/1VK+vs1ovP/Bd0xyIhWCQEi8SbNVZR30y9H3eyZrE3VpiaK7HCfCweRLBICBaJ4Rrr1dQ+UDFDa2quVTEP4sqdzwTPa0R3LBKCRUKwSLzZj7Xy//uTnqGTHvOpeaGFqf2/qb6uqeO/WOGN38AfCRYJwSIxsI9Vf7tmas/s6vjinb5P9aFP/T3Yx+KhBIuEYJEIe97rfay6N6tYp5gpv7L+yfH2sXgQwSIhWCQ+8E3o4juAU+vXcxZO6sLdnrA756l+sdrgWvCbYJEQLBJhz/uVomba9alnf9+xj94+Fg8iWCQEi8RAz/udPU9T7wOenPdK8dR1apbECvtYfAOCRUKwSITfK9x9hrVbT0zVW1fXsHLNJ6bml+6uufLsUs87DyVYJASLxHDP+9Tzr2JvbGqOaP19m7onbIUai4cSLBKCRWK4531qZtVJfXAyU+pT86iu1OfSj8U3I1gkBIvEcD9W0QO++9urY4rrKfbtijn193PHIiFYJASLxMA+1tR8gZM9m6ne+RNT+20n9WXxfPY97lgkBIuEYJEI+7FW3DmzoJ59ULz3V/Sr7R7vWSEPIlgkBItE+F5h3Uu0W2fc+V5hsbe0e80nzxbP97TcsUgIFgnBInFTz3vxTcCV817Z3eMpZn0VM7qujp+aYbFx9sPfw5cEi4RgkfjA7Iaid3vqOWOxxzN1/cUc1G62qjsWCcEiIVgkPtCPNTU7auUaPvV9npP9vN3jn/keojsWCcEiIVgkBr5XOFUf1L3t9Z7Z1TXUPe/FHpv5WDyUYJEQLBID87FeTe0hTfUMTc1TuHLn3PndbxN91hOvib+AYJEQLBID+1ivPvUcsN6/qee8P21/Ts87DyVYJASLxHCNtaKeP17vpdXPCu98J2D3vOvcsUgIFgnBIhE+K7w6vujTulPRzz41Q2F2jugJdywSgkVCsEg89L3Cqe8Grqj3q+p5EEVtd84di4RgkRAsEmE/1hO+SzM1X6qYibWy/uzs9f/nWSHfgGCRECwSw/tYU6aeeRXPLlc8be7o1Ld91rljkRAsEoJFYvhbOieuvl1TXENRc5zMVrhzDurKee1j8VCCRUKwSAx8E/qkPlipS1b6waf66J/wjmExL353fftYPJRgkRAsEgM11qt6z+aqPijqrZM9oZXrvDrXFTNIQbBoCBaJ4W/pFHOYTvZ1rs57pf7uct3DPtW37lkhDyVYJASLxPA+VmGqLjnpwdrdQ9qtS+588+CeGVruWCQEi4RgkRiusYre7anzvq5Zz5XYrefu3Ie7WnN2X80di4RgkRAsEgM11p39QCc94Hf2bO3WW8Xz06l3Bd7jjkVCsEgIFomHzsfiu3PHIiFYJASLhGCRECwSgkVCsEgIFgnBIiFYJASLhGCRECwSgkVCsEgIFgnBIvEfJJ6xkA2gXeUAAAAASUVORK5CYII="
}
Verify Two-Factor Authentication Setup
curl -X PATCH "https://api.lootlocker.io/admin/v1/user/2fa" \
-H "x-auth-token: 4b711a8a40b678fbc9afdb2fc0a1492530002de8" \
-H "Content-Type: application/json" \
-d "{\"secret\": 2552663}"
To finalize the Two-Factor Authentication, the user have to provide the secret from their device, which will result in a recovery token being returned.
Example Response
{
"success": true,
"recover_token": "117248:951659:058195:576195"
}
Remove Two-Factor Authentication
curl -X DELETE "https://api.lootlocker.io/admin/v1/user/2fa" \
-H "x-auth-token: 4b711a8a40b678fbc9afdb2fc0a1492530002de8" \
-d "secret=123456"
To remove Two-Factor Authentication from the currently logged in user, send a DELETE request to this endpoint, supplied an Two-Factor Authentication token with it.
Example Response
{
"success": true
}
Example Error Response
{
"success": false,
"error": "The provided Multi Factor Authentication token was invalid."
}
Reports
Revenue Report
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/reports/revenue/filter?filter_name=brand&start_date=2016-07-01+00:00:00&end_date=2016-07-30+00:00:00" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This report will return data to generate a report grouped by the filter (set on each asset) selected. Example; It's being used as a brand report tool at Poppermost.
Example Response
{
"success": true,
"report": {
"Brand": {
"K2": {
"income": 442,
"sales": 5,
"assets": {
"61": {
"name": "Rival",
"context": "Headwear",
"sales": 4,
"unit_price": "119",
"income": 380
},
"1262": {
"name": "Rig Logo Cap",
"context": "Headwear",
"sales": 1,
"unit_price": "69",
"income": "62"
}
}
},
"lo2": {
"income": 376,
"sales": 15,
"assets": {
"42": {
"name": "Bovall",
"context": "Headwear",
"sales": 1,
"unit_price": "59",
"income": "59"
},
"1253": {
"name": "Dazzle Boots",
"context": "Shoe",
"sales": 1,
"unit_price": "59",
"income": "59"
},
"1373": {
"name": "Default Drone",
"context": "Drone",
"sales": 1,
"unit_price": "0",
"income": "0"
},
"1374": {
"name": "Ferret",
"context": "Drone",
"sales": 1,
"unit_price": "109",
"income": "109"
},
"1408": {
"name": "Aurora Dazzle",
"context": "Snowmobile",
"sales": 1,
"unit_price": "149",
"income": "149"
},
"1449": {
"name": "Aurora Golden",
"context": "Snowmobile",
"sales": 1,
"unit_price": "0",
"income": "0"
},
"1499": {
"name": "Jumpy Jump",
"context": "MapProp",
"sales": 9,
"unit_price": "0",
"income": 0
}
}
},
"Poppermost": {
"income": 149,
"sales": 1,
"assets": {
"1375": {
"name": "Spark",
"context": "Drone",
"sales": 1,
"unit_price": "149",
"income": "149"
}
}
}
}
}
}
Request Player Report
curl -X POST "https://api.lootlocker.io/admin/v1/game/{game_id}/reports/players" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39" \
-d "start_date=2016-07-01+00:00:00&end_date=2016-07-30+23:59:59"
This endpoint requests the generation of a new player report. The player report can then later be downloaded. See List Player Reports for information on how to retrieve the status.
The response from this endpoint is the same as the one from List Player Reports.
List Player Reports
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/reports/players" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This endpoint will list reports previously requested, and give some insight to their status.
The status field of a report can have 4 different states;
- 1: Requested
- 2: Running
- 3: Finished
- 4: Failed
Example Response
{
"success": true,
"reports": [
{
"id": 1,
"status": 1,
"status_name": "Requested",
"user": "Andreas Stokholm",
"parameters": {
"start_date": "2016-07-01 00:00:00",
"end_date": "2016-07-30 23:59:59"
},
"finished_at": "Not yet",
"created_at": "2016-08-16 15:59:26"
}
]
}
Download Player Report
curl -X GET "https://api.lootlocker.io/admin/v1/game/{game_id}/reports/players/download?report_id=1" \
-H "x-auth-token: 778e544ecb28ebf74cbe37855c92c5b4108fad39"
This endpoint returns a download url for the report.
Example Response
{
"success": true,
"download_url": "https://s3-eu-west-1.amazonaws.com/pm-reports/report.jpg"
}
Errors
Errors are hinted with HTTP Status codes. 200 is OK, the rest that we're using is listed below here. You should be able to handle all of these in your integration.
| Error Code | Meaning |
|---|---|
| 400 | Bad Request -- Your request has an error |
| 403 | Forbidden -- You are not authorised |
| 404 | Not Found |
| 405 | Method Not Allowed |
| 409 | Conflict -- Your state is most likely not aligned with the servers. |
| 500 | Internal Server Error -- We had a problem with our server. Try again later. |
| 503 | Service Unavailable -- We're temporarily offline for maintenance. Please try again later. |