hey everyone wondering how to do this, i have implemented a custom API for my own game and i think it works.
seems to be the safest way to do this. security is on server side (not inside the game) so it is not hackable unless your server is hacked.
you will need NodeJs and ExpressJs (very basic JS) to setup this API
basically the work flow is like this
-
deploy a verify signature contract (standalone contract) which will check that a secret wallet address signed a transaction with a 'secret message'
reference tutorial: https: // www . youtube . com/watch?v=vYwYe-Gv_XI -
in the minting contract for the game item to be minted, it should require a 'true' check from the verify sig contract above before allowing minting
-
now setup a Node app (using ExpressJs + ethers/web3 modules) which is an API app. the API app should accept POST request of a 'secret message' and sign this secret message with the secret wallet private key. (all these are server side so only your hosting provider and you know the private key). (its a POST that doesn't really post since this API app will have no database, but a POST call is more secure from what i understand as the secret message is hidden)
you can also setup custom logic here in the API
- when user mints something from the game, the game will send a POST request to the API. the game receives the signed transaction, and then feed this to the minting contract which then verifies it.
note: the game app will hold the secret message, but not the secret wallet private key.
the ExpressJs app will hold the private key