This document contains supplementary & unsorted information referenced from multiple pages.
The codename of our API in all it’s flavours is LeChuck, a tribute to one of our favourite games.
If you use some sort of sitelock to prevent the distribution of your game make sure you whitelist our domains or we won't be able to publish your games.
Please be noticed that according to our internationalization plans more domains could be added.
*.miniplay.com *.minijuegos.com *.minijuegos.es *.minijuegosgratis.com *.minigiochi.com *.minijogos.com.br *.minijuegos.mx *.minijuegos.com.mx
["*.miniplay.com", "*.minijuegos.com", "*.minijuegos.es", "*.minijuegosgratis.com", "*.minigiochi.com", "*.minijogos.com.br", "*.minijuegos.mx", "*.minijuegos.com.mx"]
Our sites provides multiple layouts in order to accommodate to different game dimensions:
Our sites features real time notifications for all the registered users, it enables us to push important messages to them, like unlocked achievements or new followers. When the users are playing a game, only notifications related with that game will be dispatched to them, so, they won’t receive notifications from other games. Most of notifications close automatically after a small delay but there are a few notifications that the user must dismiss by clicking on them.
Here’s a list of some of the notifications we’ll send to the users:
If your game won’t be hosted by us you should validate all the mp_* parameters we sent to your game iframe url in order to avoid someone modifying them that could produce misbehaviour into your game. We’ll always send an additional mini_signature parameter that you can use to check they can be trusted and weren’t modified.
The mini_signature is the md5 signature of your api_key concatenated to the json encoding of all the parameters starting with “mp_”. Here’s a little PHP snippet that shows you how to validate:
Download it here: https://gist.github.com/miniplay/4972221
If your game is external (not running inside our sites) you must hardcode all the parameters you expected in your application, therefore, no signature check is needed because there are no parameters to check :)
We’ve got a few different domains, so, as an additional feature, we provide 2 small trust tools that allows you to validate the urls you’ll receive as parameters, that way, you can be sure they can be trusted, especially when you want to use the mp_api_js_url, mp_api_js_url_bck, mp_api_js_url... that you receive instead of hardcoding them. Be noticed that if you validate the game parameters signature this step is not needed, because all mp_* parameters are validated.
Performs a 301 redirection if the provided url is trusted.
Checks if an url can be trusted and returns it as a response.
This is the user handling workflow (the play screen is the game itself):