🚢
Airship
  • Getting Started
    • Welcome to Airship
    • Installing Airship
  • TypeScript
    • Overview
    • AirshipBehaviour
      • Adding Inspector Properties
      • AirshipSingleton
      • Using Component Decorators
      • Accessing Other Components
  • Publishing
    • Publish Game
    • Developer Console
  • Networking
    • Multiplayer
    • Local Server Mode
    • Network Signals
    • Network Functions
    • Network Identity
    • Network Transform
  • Input
    • User Input
      • Actions
      • Keyboard
      • Mouse
    • Proximity Prompts
  • Core Package
    • What is the Core Package?
    • Chat Commands
    • Inventory
    • Spawning Characters
    • Enable / Disable Core Features
  • Physics
    • Physics Settings
    • Physics Layers
  • Platform Services
    • Data Store
      • Locking
    • Cache Store
    • Leaderboards
    • Platform Inventory
    • Server Management
    • Server List
    • Server Transfers
    • Users
    • Parties
    • Matchmaking
    • External Services
  • CHARACTERS
    • Quick Configuration
    • Character Movement System
      • Character Movement Data
      • Character Movement Events
    • Character Camera
      • First Person Camera
      • Simple Usage
      • Camera Structure
      • Default Camera Modes
      • Disabling the Camera System
    • Character Animations
      • Character Blender Animations
      • Character Ragdoll
  • Accessories
    • Accessories Intro
    • Creating Accessories
    • Using Accessories
  • ANIMATIONS
    • Animation Events
  • Optimization
    • Live Game Profiler
    • Reducing Bundle Size
  • Game Settings
    • Game Visibility
  • Other
    • Project Status
    • FAQ
    • DataType Math
    • JS to Luau
    • Tags
    • Terrain
    • AirshipNetworkBehaviour
      • Lifecycle Events
      • ServerRpc
      • ObserversRpc
      • TargetRpc
    • VoxelWorld
      • Voxel World Getting Started
      • Voxel World Tips
      • Prefab Voxels
      • QuarterBlocks
    • Easy Helper Utils
      • Easy Motion
      • Easy Grid Align
      • Easy Look At
      • Easy Shake
      • Easy Destroy
Powered by GitBook
On this page
  • Overview
  • Supported Methods
  • Verifying GameServer HTTP Requests
  1. Platform Services

External Services

Game servers can make web requests to external API's using the built-in HttpManager. Each request is signed and can be validated by the service you are calling, see Verifying GameServer HTTP Requests below.

Overview

// Web Requests can only be made on the gameservers. Requests made on the client will fail.
if (!Game.IsServer()) return;

let getResult = HttpManager.GetAsync("https://jsonplaceholder.typicode.com/todos/1");
print(getResult.statusCode, getResult.data);

let postResult = HttpManager.PostAsync("https://jsonplaceholder.typicode.com/posts", json.encode({
	title: 'foo',
	body: 'bar',
}));
print(postResult.statusCode, postResult.data);

Supported Methods

GetAsync(url: string, headers: string): HttpResponse;
GetAsync(url: string): HttpResponse;
PatchAsync(url: string, data: string): HttpResponse;
PatchAsync(url: string, data: string, headers: string): HttpResponse;
PostAsync(url: string, data: string): HttpResponse;
PostAsync(url: string, data: string, headers: string): HttpResponse;
PutAsync(url: string, data: string): HttpResponse;
PutAsync(url: string, data: string, headers: string): HttpResponse;
PutAsync(options: RequestHelper, headers: string): HttpResponse;
DeleteAsync(url: string): HttpResponse;
DeleteAsync(url: string, headers: string): HttpResponse;

Verifying GameServer HTTP Requests

Requests originating from a GameServer will include an additional header called: x-airship-signature containing a JWT with request details including:

{
  "jti": string, // JWT ID - UUID e.x. 8e2b6b98-14ba-4724-b95b-3627b6d48d5b
  "iat": number, // u64 - Timestamp this jwt was issued, in seconds since Unix Epoch
  "exp": number, // u64 - Timestamp this jwt expires, in seconds since Unix Epoch
  "hostname": string, // e.x. "mywebsite.test" Will include port if not https, http 443, 80
  "path": string, // e.x. "/path/123" excludes query params
  "method": string, // GET, POST, etc.
  "gameId": string, // This should match your gameId on create.airship.gg
  "serverId": string,
  "sceneId": string, // The default starting scene of the server (doesn't update if changed)
  "region": string,
  "organizationId": string,
  "type": "game-server"
}

Each JWT is signed with a specific public key that can be identified in the header using kid:

{
  "typ": "JWT",
  "alg": "ES256",
  "kid": "f24d25f2-e49b-424b-8e61-cf9c8219b332"
}

When validating the token, ensure the JWT is signed by an Airship public key and ensure the hostname / path matches your API url.

PreviousMatchmakingNextQuick Configuration

Last updated 5 months ago

Using the kid you can validate the JWT against Airship public keys using our JWKS endpoint:

Read more here:

Examples verifying a JWT using JWKS can be found here:

https://airship.gg/.well-known/jwks.json
https://stytch.com/blog/understanding-jwks/
https://github.com/panva/jose/blob/main/docs/jwks/remote/functions/createRemoteJWKSet.md