sub.games

Server SDK

Server-side tier verification with @subgames/server-sdk.

The @subgames/server-sdk package lets you verify player tiers on your server. Use this when your game has a backend and you need to prevent client-side tier spoofing.

When to Use This

Most browser-only games can use the Browser SDK alone. Use the Server SDK when:

  • Your game has a backend server that serves game data or logic
  • You need to verify that a player actually has the tier they claim
  • Preventing cheating is important (e.g., competitive games, leaderboards)

Installation

npm install @subgames/server-sdk

Setup

import { SubGamesServer } from '@subgames/server-sdk';

const server = SubGamesServer.init({
  apiKey: process.env.SUBGAMES_API_KEY,
  apiSecret: process.env.SUBGAMES_API_SECRET,
});

Get your API key and secret from the creator dashboard.

Configuration

interface SubGamesServerConfig {
  apiKey: string;     // Required. Your API key from the dashboard.
  apiSecret: string;  // Required. Your API secret from the dashboard.
  apiUrl?: string;    // API endpoint. Defaults to https://api.sub.games
}

Verify Player Tier

Validate a player's auth token (sent from the browser SDK) and get their tier:

const { email, tier } = await server.verifyPlayerTier(playerToken);
// email: 'player@example.com'
// tier: 'none' | 'free' | 'supporter' | 'founder'

The playerToken comes from the Browser SDK on the client side via sdk.getToken().

Example: Express Middleware

async function requireSupporter(req, res, next) {
  const token = req.headers.authorization?.replace('Bearer ', '');
  if (!token) return res.status(401).json({ error: 'No token provided' });

  try {
    const { tier } = await server.verifyPlayerTier(token);
    const tierRank = { none: 0, free: 1, supporter: 2, founder: 3 };

    if (tierRank[tier] < tierRank['supporter']) {
      return res.status(403).json({ error: 'Supporter subscription required' });
    }

    next();
  } catch (err) {
    return res.status(401).json({ error: 'Invalid token' });
  }
}

app.get('/api/bonus-levels', requireSupporter, (req, res) => {
  res.json({ levels: getBonusLevels() });
});

Check Access

Check if a specific player (by email) has at least the required tier:

const allowed = await server.checkAccess('player@example.com', 'supporter');
// true or false

This is useful when you already know the player's email (e.g., from a session) and just need a yes/no access check.

Full Flow

Here's how the Browser SDK and Server SDK work together:

  1. Client: Player loads game, Browser SDK initializes and restores their session
  2. Client: Player tries to access a gated feature
  3. Client: Browser SDK sends the player's token to your server
  4. Server: Server SDK calls verifyPlayerTier(token) to validate the token and get the tier
  5. Server: If the tier is sufficient, return the gated content
  6. Server: If not, return a 403 — the Browser SDK handles showing the subscribe prompt
// Client side
const token = sdk.getToken();
const res = await fetch('/api/bonus-levels', {
  headers: { Authorization: `Bearer ${token}` },
});

if (res.status === 403) {
  await sdk.promptSubscribe('supporter', 'bonus levels');
}

API Reference

MethodReturnsDescription
SubGamesServer.init(config)SubGamesServerCreate a server SDK instance
server.verifyPlayerTier(token)Promise<{ email, tier }>Verify token and get player tier
server.checkAccess(email, tier)Promise<boolean>Check if a player meets a tier

Browser SDK

Integrate the sub.games browser SDK to add tier-gating, auth, and social features to your game.

Events Reference

SDK events for reacting to login, tier changes, and pause state.

On this page

When to Use ThisInstallationSetupConfigurationVerify Player TierExample: Express MiddlewareCheck AccessFull FlowAPI Reference