MonkeMadness Backend Overview

Server-authoritative Backend System

Authentication Layer

POST /api/PlayFabAuthentication

Handles player login, session creation, and automatic account setup using PlayFab. Returns session tokens and player identity data.

Payload: AppId, OculusId, OculusNonce

Response: CustomId, PlayFabId, SessionTicket, EntityToken, EntityId, EntityType, VirtualCurrencies, BannedItems, VirtualCosmetics, OculusData

POST /api/MotherShipAuthentication

Validates client APK/API signature to verify authenticity without exposing internal secret checks.

POST /api/Attestation

Oculus attestation verification to confirm client authenticity. Logs results to Discord.

Player Data & Inventory

POST/GET /api/PlayerVirtualCosmeticData

Retrieves a player’s cosmetic items securely using their CustomId.

GET /api/ReturnMyOculusData

Returns basic Oculus account info for the given CustomId (device type, locale, firmware).

GET /api/ReturnOculusUserProfileData

Provides Oculus profile details: DisplayName, FriendsCount, Achievements, ProfilePicture.

GET /api/ReturnOculusHash

Generates a secure SHA256 hash for APK anti-tamper verification. Does not expose secret key.

In-Game Anti-Cheat

POST /api/ServerSidedPlayerHeartBeatChecker

Receives heartbeats from clients to ensure connection health. Logs heartbeat events server-side.

GET /api/PCVR

Detects PC VR clients and returns an in-game status message.

System Overview

This Flask backend provides:

Future: Enhanced anomaly detection, rollback mechanisms, dynamic inventory checks.

Status Legend

Green: Implemented & active

Red: Planned / Under development