8.2 Authentication

The server-to-server API uses HMAC-SHA256 request signatures for authentication. Gala will provide a key/secret pair, this key/secret pair must be kept private on the game’s hosting infrastructure. You then can use the key/secret pair to sign requests initiated from the game’s server. Gala’s server will use the signature to authorize the request and validate it was not tampered with.

See Section 16 for request client implementation examples in Node.js and C#. Contact your Gala representative if you need assistance implementing an interface using a language or framework that isn’t included in the examples.