This guide is intended to help you as a game developer navigate the Challonge Connect API by addressing common use cases and highlighting the most relevant API endpoints.
No matter your platform or engine, the first thing you’ll need to do is register a new Challonge developer application at https://connect.challonge.com. Everything can be edited later, so don’t worry if you don’t have an application or redirect (for OAuth callback) URL yet.
Next, it’s helpful to know what resources are available for your game development platform. While these can add conveniences and speed up development, Challonge Connect will work in any environment where JSON API requests can be made.
Authenticate a Challonge user in-game:
Authentication: Use our Device Grant OAuth flow. Postman doc: https://documenter.getpostman.com/view/11915787/U16jN6TK#3d1082d9-c237-4cef-aae3-49c877681228
Scopes: — me: you definitely want this one. It allows your app to view the user’s details. — application:organizer: allows your app to create and manage tournaments on the user’s behalf that are connected to your app. This includes read and write access to the participants, matches, and other resources associated with these tournaments. — application:player: if application:organizer is more than you need, you can instead opt to request this player scope. It allows you to view tournaments connected to your app that the user is registered for, allows you to register the user for tournaments, and allows you to report scores on behalf of the user (note: Challonge policies limit which matches they can edit. An organizer can edit all matches for their tournament, but a player typically can only edit matches they’re participating in).
Access read-only information for your game as the signed-in user:
Authentication: access token from device authorization grant OAuth flow
Perform player actions as the signed-in user:
Authentication: access token from device authorization grant OAuth flow
Manage tournaments for the signed-in user (client-side): NOTE: These requests are only intended for games that are local or peer-to-peer. Due to there being no server for validating game state and preventing cheating, local client match results have to be trusted. Implementing request signing is strongly recommended to prevent easier forms of cheating (see https://www.notion.so/Security-3440fc9411bd40d0af1509e629e4bb64)
Authentication: access token from device authorization grant OAuth flow
Manage any tournament associated with your game (server-side): NOTE: Requires client-server architecture where you can secure private keys on servers. This architecture is recommended if your players have any incentive to cheat (global high score leaderboards, player ratings, rewards for winning tournaments).
Authentication: access token from client credentials OAuth flow
Scopes: — application:manage: full access to all tournaments connected to your app. This scope can only be obtained via the client credentials flow and should be carefully protected.
One of the greatest parts about integrating Challonge Connect into your game is that you extend the reach of your game to Challonge.com. This means: