I was early on planning on adding support for the Game Jolt API in my game. Mostly I wanted to use it to store the current game state so that a player could continue taking care of the flower on another computer.

But I found out that I needed to use a secret token to calculate a signature in order to prove for the Game Jolt server(s) that the API call was legit, but this means that I would need to put the token in clear text, or hide it somehow in my javascript code, making it, in either case, easy for someone to extract it and make fake calls to the Game Jolt server(s).

I was unable to figure out a plan to cirkumvent this problem, so I am afraid that I will have to abandon the idea of storing the current game state on the Game Jolt server(s). Anyone have a good idea on how to solve this using javascript?

And the Game Jolt server(s) should really start using HTTPS in order to prevent a man in the middle attack… Just saying.

Anyhow. I will try to implement as much flowers as possible tomorrow. And to make it possible for the flowers to die. Death is somehow not yet present in the Happy Flower Kingdom…