Friendster Developers Platform

Overview

The Friendster Developer Platforms provide APIs to access Friendster data and seamless integration points within the Friendster web site to create compelling applications for Friendster's userbase.

Platform V1 and the common integration points are described in the following sections of this page.

Platform V1 APIs provides access to Friendster data through a rich REST-style interface. These resources can be accessed using an API key and a shared secret key that is issued to every application or 'Friendster App'. The resources can be accessed at the endpoint http://api.friendster.com/v1

The current list of resources supported by the platform is as follows:

/user

GET or POST

Get User Information for the logged in user.

/user/:uids

GET or POST

Get User Information for users in :uids list.

/application/friends

GET

Get friends who also installed the current application.

/friends/:uid

GET

Get user's friend list.

/shoutout/:uids

GET

Get shoutouts for users in :uids list.

/shoutout/

GET

Get the shoutout for the current user.

/messages/

GET

Get the list of conversation for the current user

/newmessages/

GET

Gets the total number of new messages

/message/:cid

GET

Get the list of messages by conversation

/messages/

POST

Send a message

/messages/destroy/:mid

POST

Delete a message

/shoutout/

POST

Update a user's shoutout.

/notification

POST

Post a notification

/score/:avatar_id

POST

Post a game score

/score

GET

Get a list of top scores

/sessions/destroy

POST

Destroys the current session for this user. This will force the friendster platform to issue a new session_key when the user plays your game.

Payments and Wallet APIs

/wallet/payment

POST

Initiate purchase of a product by getting a request token

/wallet/commit

POST

API to COMMIT the wallet purchase transaction initiated by Get Payment Request

/wallet/balance

GET

API to query the current user's balance.

The following are the current integration points within the Friendster website:

Game Portal

Apps are placed in the Game Portal by categories. Friendster users can explore these widgets/applications and add them to their profile.

User Profile

Every app gets a module in the profile page and can control its content. Only Flash and static HTML content is currently supported. The chrome of the module includes support for Grabbing apps from someone else's profile to your own etc.

App Canvas Page

The App Canvas page opens from the 'edit' button on a app's chrome in the user profile page, or from the app Canvas URL.

Tracker

A new event is added to user's network activity when an app is added by the user.

Pending App Invitations

"NEW app invitations" appears in user's notification panel when they receive app invitations from their friends. User can select it to view all their app invitations.

Pending App Notifications

"NEW app notifications" appears in user's notification panel when they receive app notifications from applications they've installed. User can select it to view all their app notifications.

For more information about the Friendster Developers Platform, email developersupport@friendster.com.
To register your app, click here.

Information Needed for App Registration

App developers provide the following information to get listed in Friendster's Game Portal and to get an API Key and API Secret to access Friendster data:

Name

The name of the app as it appears in the Game Portal.

Unique Name

The app name used in the app's Canvas URL, with the format: 'http://www.friendster.com/game/<app_unique_name>'.

Description

The Description of the app shown in the Game Portal.

Genre

The genre of the game. Multiple genres can be selected.

Gameplay Type

Various gameplay types are available. Multiple gameplay types can be selected.

Callback URL

The Callback URL called by Friendster after the app gets started.

Install URL

The Install URL is called the first time the user plays the game. It load this URL instead of the callback URl. If no Install URL is provided, the callback URL is used instead.

Error URL

The Error URL is called when an error occurs.

Maintenance URL

The Maintenance URL is called when the app is in maintenance. An app can be placed in maintenance mode from the developer dashboard. When the application is not in maintenance mode, the Callback URL or Install URL will be called instead.

Topup URL

The Topup URL takes the user to the payment site. On the payment site, the user can purchase items using the Friendster wallet. This URL should be provided for Premium games.

Wall Photo

34 x 34 pixels / jpeg file / max 15kb (image should be the same as the Game Page Profile Image)

Mini Icon

20 x 20 pixels, jpeg file. The game Mini Icon will be displayed in the players’ Wall.

Profile Picture

Game Profile Image. 150 x 150 pixels / jpeg file / max 30kb

Portal Banner

940 x 250 pixels / jpeg or swf file / max 125kb

Portal Mini Banner

197 x 72 pixels / jpeg file / max 25kb

Admin Email

Email address that Friendster can contact for important updates or issues.

Help Email

the email address which players can use to notify you of issues regarding your game.

Canvas size

Size of the frame enclosing the application within the Friendster game page. Two width are available by default. The user can also choose to change the default height of 760px to fit specific game sizing requirements.

Information Provided to Developers / App Partners after App Registration

Friendster provides the following keys which are used for every API call:

API Key

Unique key assigned to every app.

API Secret

Secret key that is shared with Friendster. It is used to compute the request signature.

API Authentication/Authorization

Every API request should have the following attributes:

api_key

Unique key assigned to every app.

session_key

Session key given to a user on login. This session_key never expires once an instance of the app is installed in the user profile, or the user explicitly gives unlimited access to the app.
The session key is required for all API requests except for token and session.

nonce

Unique id for every call within the same session. This number needs to be unique and incrementing (e.g. current time with milliseconds) to avoid replay attacks.

sig

Signature generated by the following method:
md5(concatenate( pathinfo, request_attributes_as_name_value_pairs, secret_key))
The request attributes contains all parameters like api_key=value&session_key=value etc in alphabetical key order.

other_params

Other API specific parameters.

Example:

For instance for the following request:

http://api.friendster.com/v1/user/57519?
api_key=2e37638f335f0545c3719d34f4d20ed0&
session_key=M4yZuZ4LjoJQj5BJfTkw2HnGw6MG8JyM-57519&
nonce=326233766.3425

The signature is computed as follows, shown here in PHP syntax:

md5(
  '/v1/user/57519' .
  'api_key=2e37638f335f0545c3719d34f4d20ed0' .
  'nonce=326233766.3425' .
  'session_key=M4yZuZ4LjoJQj5BJfTkw2HnGw6MG8JyM-57519' .
  '<secret_key>');

App Canvas Page

The Canvas Page is accessed through the Canvas URL which is a public URL which uniquely identifies the app. It accepts the app name:

'http://www.friendster.com/play/<app_name>'

All references within Friendster use the Canvas URL.

The Callback URL is called with the following parameters:

user_id

Friendster user ID.

api_key

Unique key assigned to every app.

api_domain

The hostname that the app should use as the endpoint.

guest

This value is set to 1 if the session is a guest session, it is either not present or set to 0 otherwise.

src

The source for the callback 'directory', 'profile', 'myapps' if accessed from a Friendster page, or 'canvas' if accessed from the Canvas URL.

session_key

The session key required for all API requests.

expires

The session key expiry in Unix time or 0 for unlimited. A default expiry of 24 hours is usually set. Make sure that your app uses the latest session key passed to it to ensure a fresh expiration.

lang

User language setting. Currently supported languages include 'en-US', 'zh-CN', 'zh-TW' and 'es-MX'. Respectively US english, simplified chinese, traditional chinese and spanish.

nonce

Unique id for every call within the same session.

sandbox

This will have a value of 'true' if the app is in wallet sandbox mode it is false otherwise. Wallet sandbox mode implies that the sandbox wallet is being used instead of the real wallet.

sig

Signature generated by the same method as for the API calls.

signed_keys

The keys that will be used in the computation of the signature. The app should use this parameter to determine which keys to include in the computation. However, all parameters passed by Friendster (except sig) via the iframe are included here, which means that your signature computation should still work if you have already been including all keys passed by Friendster in the sig computation. This parameter can also help your app in case you have a middleware that adds its own keys.

instance_id (optional)

The app instance ID which is used to differentiate multiple instances of the same app in the user profile.

parameters (optional)

Any parameter present in the Canvas URL is passed through to the Callback URL.

Example:

For instance the following Canvas URL for the app 'slideshow':

http://www.friendster.com/play/avatarstore/show1?view=mostrecent&instance_id=3745

The Callback URL 'http://mydomain/apps/1445' would be called as follows within the App Canvas page:

http://mydomain/apps/1445/show1?
  view=mostrecent&
  instance_id=3745&
  user_id=57519&
  api_key=2e37638f335f0545c3719d34f4d20ed0&
  api_domain=api.friendster.com&
  sandbox=false&
  signed_keys=view,instance_id,user_id,api_key,api_domain,sandbox,signed_keys,src,session_key,expires,lang,nonce&
  src=profile&
  session_key=M4yZuZ4LjoJQj5BJfTkw2HnGw6MG8JyM-57519&
  expires=0&
  lang=en-US&
  nonce=326233766.3425&
  sig=012345678901234567890123456789012

How to compute for the signature

The signature is used to verify that a http request sent to the Friendster API indeed came from your application. To start we will need use the /v1/user call as an example:

http://api.friendster.com/v1/user/3448717?
nonce=177620106727976&api_key=ae17c149bedab7ecf731075eb14934a7&
session_key=b2abf542-9a5e-168c-6b29-4978de11c772

let us also assume the following:

api key: ae17c149bedab7ecf731075eb14934a7
api secret: b93d67ad280ab7bbe6fcd0197cbbc191

In order to compute for the signature correctly you need to do the following steps:

Extract the path from the url, remove the protocols and the domain:
Extract all the parmeters including the '=' sign, also if a parameter is URL encoded they should be unencoded during this computation.
```
session_key=b2abf542-9a5e-168c-6b29-4978de11c772
api_key=ae17c149bedab7ecf731075eb14934a7
nonce=177620106727976
```

Sort those parameters in alphabetical order

api_key=ae17c149bedab7ecf731075eb14934a7
nonce=177620106727976
session_key=b2abf542-9a5e-168c-6b29-4978de11c772

concatenate the path and the parameters together

concatenate your secret key at the end and then compute for the md5

md5(/v1/user/3448717
api_key=ae17c149bedab7ecf731075eb14934a7
nonce=177620106727976
session_key=b2abf542-9a5e-168c-6b29-4978de11c772b93d67ad280ab7bbe6fcd0197cbbc191)
signature => cf0e0334e5aa4d6f16e9ba038252385a

Set the value to sig and add it to your final url request

http://api.friendster.com/v1/user/3448717?
nonce=177620106727976&api_key=ae17c149bedab7ecf731075eb14934a7&
session_key=b2abf542-9a5e-168c-6b29-4978de11c772&
sig=cf0e0334e5aa4d6f16e9ba038252385a

Examples

Sample # 1:

api key: 370d00bfb0217e651b29891d09a201b0
api_secret: 783a78da225de83c7169c32ef62193c7
sample url: http://api.friendster.com/wallet/sandbox_authenticate?
api_key=370d00bfb0217e651b29891d09a201b0&
request_token=ed836ef9e96c1466315b42ce866360&
return_url=http%3A%2F%2Fwww.friendster.com

concatenated string:

final URL with Signature

http://api.friendster.com/wallet/sandbox_authenticate?api_key=370d00bfb0217e651b29891d09a201b0&
request_token=ed836ef9e96c1466315b42ce866360&
return_url=http%3A%2F%2Fwww.friendster.com&
sig=62a2519e7544cae6c84ed8c3422822d7

The Share App Page

Friendster has a page where you can redirect to in order to let users share your app to their friends. The URL syntax is as follows:

http://www.friendster.com/app_share/show?api_key=e59ff97941044f85df5297e1c302d260&
next=http://www.google.com

Also, when a user accepts the game invite, they will be redirected to your game play page with the referrer_uid parameter passed to your callback_url (e.g. www.friendster.com/play/mygame?referrer_uid=34245542)

The following parameters are accepted:

name

type

description

api_key

string

The api key of your app

URL string

The page to redirect to after sharing has been completed

Sample Usage:

<a target="_blank" href="http://www.friendster.com/app/share?api_key=6b9569e1a8074ebf972aa9eb2d725f9e
&next=http://smackaho.st:8080/play/avatarstore">Share this app to your friends</a>

Get User Information

Resource URL: http://api.friendster.com/v1/user/<UID> or http://api.friendster.com/v1/user?uids=<UIDS>

Resource Methods: GET (Retrieval of user information) : POST (Retrieval of user information)

Resource Description: API to get information on one or more avatars. If no avatar ID is specified, information about current logged in avatar will be returned.

Request :

string

api_key

Unique API ID given to each widget/application.

string

session_key

Session identifier.

string

uids

A comma separated list of avatar uids

string

cols (optional)

A comma separated list of attributes that the api will return (e.g. uid,first_name,last_name,level,location,hometown,user_type,url). All attributes are returned by default.

numeric

nonce

Unique ID that avoids replay attacks.

string

sig

Signature of the Request.

string

format (optional)

XML (default), JSON.

Response :

container

user

Individual containers for users (repeatable)

numeric

uid

User ID.

string

first_name

User's first name

string

last_name

DEPRECATED

integer

level

The avatars' level

string

url

url link to profile page

string

primary_photo_url

url link to primary photo

string

gender

male or female

string

user_type

DEPRECATED

string

fan_profile_type

DEPRECATED

container

member_since

DEPRECATED

numeric

* month

numeric

* year

string

relationship_status

DEPRECATED

container

interested_in

DEPRECATED

string

* interest

DEPRECATED

container

birthday

Birthday

numeric

* year

DEPRECATED

numeric

* month

DEPRECATED

numeric

* day

DEPRECATED

container

location

DEPRECATED

string(2)

* country

DEPRECATED

string

* state

DEPRECATED

string

* city

DEPRECATED

numeric

* zip

DEPRECATED

string

hometown

DEPRECATED

comma-string

occupation

DEPRECATED

comma-string

companies

DEPRECATED

comma-string

hobbies_and_interests

DEPRECATED

comma-string

affiliations

DEPRECATED

container

college_list

DEPRECATED

container

* college

DEPRECATED

string

* * name

DEPRECATED

string

* * region

DEPRECATED

string(2)

* * country

DEPRECATED

numeric

* * year_start

DEPRECATED

numeric

* * year_end

DEPRECATED

string

* * major

DEPRECATED

container

school_list

DEPRECATED

container

school

DEPRECATED

string

* * name

DEPRECATED

string

* * region

DEPRECATED

string

* * city

DEPRECATED

string(2)

* * country

DEPRECATED

numeric

* * year_start

DEPRECATED

numeric

* * year_end

DEPRECATED

container

favorites

DEPRECATED

comma-string

* books

DEPRECATED

comma-string

* movies

DEPRECATED

comma-string

* music

DEPRECATED

comma-string

* tv_shows

DEPRECATED

string

about_me

DEPRECATED

string

wantto_meet

DEPRECATED

string

fb_id

The facebook id of the user. Applications that also exist in facebook can use this field as a hint to determine if the user already has an account in the game

Error Conditions/Response :

Error Code	Error Condition
1	Invalid input
2	Invalid session_id
3	Unsupported version
4	Invalid field
5	Invalid format
6	Invalid sig
7	Process failed

Example Request :

http://api.friendster.com/v1/user/57519?
    api_key=2e37638f335f0545c3719d34f4d20ed0&
    session_key=M4yZuZ4LjoJQj5BJfTkw2HnGw6MG8JyM-57519&
    nonce=326233766.3425&
    sig=012345678901234567890123456789012

http://api.friendster.com/v1/user?uids=57519&
    api_key=2e37638f335f0545c3719d34f4d20ed0&
    session_key=M4yZuZ4LjoJQj5BJfTkw2HnGw6MG8JyM-57519&
    nonce=326233766.3425&
    sig=012345678901234567890123456789012

Example Response (XML) :

<?xml version="1.0" encoding="UTF-8" ?>
<user_response xmlns="http://api.friendster.com/v1/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://api.friendster.com/v1/friendster.xsd">
    <user>
        <uid>635423412</uid>
        <first_name><![CDATA[John]]></first_name>
        <last_name><![CDATA[doe]]></last_name>
        <url>http://profiles.friendster.com/635423412</url>
        <primary_photo_url>http://photos.friendster.com:81/photos/43/09/45345/1_620223562m.jpg</primary_photo_url>
        <location>
            <country>US</country>
            <state>CA</state>
            <city>California</city>
        </location>
        <hometown><![CDATA[san francisco]]></hometown>
        <user_type>Normal</user_type>
        <fan_profile_type>None</fan_profile_type>
        <fan_profile_category>None</fan_profile_category>
        <relationship_status>Single</relationship_status>
        <gender>Male</gender>
        <member_since>
            <year>2003</year>
            <month>02</month>
        </member_since>
        <interested_in list="true">
            <interest>Friends</interest>
            <interest>Activity Partners</interest>
        </interested_in>
        <occupation><![CDATA[Programmer]]></occupation>
        <companies></companies>
        <hobbies_and_interests></hobbies_and_interests>
        <affiliations></affiliations>
        <college_list list="true">
            <college>
                <name><![CDATA[University of California - Davis]]></name>
                <region>California</region>
                <country>United States</country>
                <city></city>
                <year_start>2000</year_start>
                <year_end>2003</year_end>
                <major><![CDATA[Communications]]></major>
                <degree>127</degree>
                <course></course>
                <class_of>2002</class_of>
            </college>
        </college_list>
        <school_list list="true">
            <school>
                <name><![CDATA[Joplin High]]></name>
                <region>Missouri</region>
                <country>United States</country>
                <city>Joplin</city>
                <year_start>2000</year_start>
                <year_end>2004</year_end>
                <major></major>
                <degree>0</degree>
                <course></course>
                <class_of>2004</class_of>
            </school>
        </school_list>
        <school_other></school_other>
        <favorites>
            <books><![CDATA[Confessions of a Shopaholic]]></books>
            <movies><![CDATA[Ferris Bueller's Day Off, Friday, Goonies, Zoolander, 50 First Dates, Elf]]></movies>
            <music><![CDATA[all kinds...it just depends on the mood]]></music>
            <tv_shows><![CDATA[24 BABY!!!!!  SNL, Conan O'Brien, Friends, Reality TV...esp. American Idol,
 CSI, Nip Tuck, Chappelle's Show]]></tv_shows>
        </favorites>
        <about_me><![CDATA[I'm John Doe]]></about_me>
        <want_to_meet><![CDATA[Anyone who wants to be my friend]]></want_to_meet>
        <birthday>
            <year>1984</year>
            <month>07</month>
            <day>25</day>
        </birthday>
    </user>
</user_response>

Example Error Response :

<error_response xmlns="<http://api.friendster.com/v1/>"
    xmlns:xsi="<http://www.w3.org/2001/XMLSchema-instance>"
xsi:schemaLocation="http://api.friendster.com/v1/
http://api.friendster.com/v1/friendster.xsd">
<error_code>7</error_code>
<error_msg>Unauthorized source IP address (ip was: 10.1.2.3)</error_msg>
</error_response>

Get Friends List

Resource URL : http://api.friendster.com/v1/friends/<UID>

Resource Methods : GET (Retrieval of friends list)

Resource Description : API to get the friends list of a user. If no user ID is specified, the friends list of the current logged in user will be returned.

Request :

string

api_key

Unique API ID given to each widget/application.

string

session_key

Session identifier.

numeric

nonce

Unique ID that avoids replay attacks.

string

sig

Signature of the Request.

string

format (optional)

XML (default), JSON.

Response :

container

friends

Individual containers for friends

int

uid

User ID. (repeatable)

Error Conditions/Response :

Error Code	Error Condition	Description	HTTP status code
1	Unexpected error	Unexpected internal error	500
4	Wrong Method	Invalid HTTP method (must be GET)	501
6	Invalid session key	Invalid session key	403
8	Disabled widget	App is disabled and cannot be used	403
100	Invalid input parameter	Input parameters missing or invalid	4040
101	Unknown widget	API Key does not exist	404
102	Session expired	The current session has expired	403
103	Request replay	The request was already submitted	400
104	Invalid signature	Request signature is invalid	400

Example Request :

http://api.friendster.com/v1/friends/57519?
     api_key=2e37638f335f0545c3719d34f4d20ed0&
     session_key=M4yZuZ4LjoJQj5BJfTkw2HnGw6MG8JyM-57519&
     nonce=326233766.3425&
     sig=012345678901234567890123456789012

Example Response (XML) :

<friends_response xmlns="http://api.friendster.com/v1/"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://api.friendster.com/v1/
     http://api.friendster.com/v1/friendster.xsd">
   <friends list="true">
      <uid>57519</uid>
      <uid>12989</uid>
      <uid>57908</uid>
      <uid>48999</uid>
      <uid>37529</uid>
      <uid>97510</uid>
   </friends>
</friends_response>

Post Shoutout

Resource URL :http://api.friendster.com/v1/shoutout

Resource Method : POST (Updates the shoutout for the current user)

Resource Description : This API updates the shoutout of the current logged in user. If an empty value is passed as content, the current user shoutout will be cleared.

Request :

string

api_key

Unique API ID given to each widget/application.

string

session_key

Session identifier.

string

content

Content of the new shoutout.

numeric

nonce

Unique ID that avoids replay attacks.

string

sig

Signature of the Request.

string

format (optional)

XML (default), JSON.

Response :

status

contains either "updated" (when shoutout is updated) or "deleted" (when shoutout is cleared)

Error Conditions/Response :

Error Code	Error Condition	Description	HTTP return code
1	Unexpected error	Unexpected internal error	500
4	Wrong Method	Invalid HTTP method (must be POST)	501
6	Invalid Session Key	Invalid session Key	403
8	Disabled widget	App is disabled and cannot be used	403
100	Invalid input parameter	Input parameters missing or invalid	404
101	Unknown widget	API Key does not exist	404
102	Session expired	The current session has expired	403
103	Request replay	The request was already submitted	400
104	Invalid signature	Request signature is invalid	403

Example Request :

http://api.friendster.com/v1/shoutout
::Content-Type: multipart/form-data; boundary=xxx
MIME-version: 1.0

--xxx
Content-Disposition: form-data; name="content"

Traveling to Vegas!

Example Response (XML) :

<shoutout_response xmlns="http://api.friendster.com/v1/"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://api.friendster.com/v1/friendster.xsd">
    <status>updated</status>
</shoutout_response>

Example Error Response :

<error_response xmlns="<http://api.friendster.com/v1/"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://api.friendster.com/v1/">
    <error_code>104</error_code>
    <error_msg>Invalid signature</error_msg>
</error_response>

Get Shoutout

Resource URL :http://api.friendster.com/v1/shoutout(/:user_id)

Resource Method : GET (Retrieves the shoutout of the current user if user_id is not specified. Otherwise, it gets the shoutout of the given user_id if present.)

Resource Description : This API gets the shoutout of the currently logged in user or the provided user_id if present.

Request :

string

api_key

Unique API ID given to each widget/application.

string

session_key

Session identifier.

numeric

nonce

Unique ID that avoids replay attacks.

string

sig

Signature of the Request.

string

format (optional)

XML (default), JSON.

Response :

container

shoutouts

contains a list of individual shoutouts

string

shoutout

contains the shoutout

int

user_id

the user_id of the shoutout poster

int

time

timestamp when the shoutout was posted

Error Conditions/Response :

Error Code	Error Condition	Description	HTTP return code
1	Unexpected error	Unexpected internal error	500
4	Wrong Method	Invalid HTTP method (must be POST)	501
6	Invalid Session Key	Invalid session Key	403
8	Disabled widget	App is disabled and cannot be used	403
100	Invalid input parameter	Input parameters missing or invalid	404
101	Unknown widget	API Key does not exist	404
102	Session expired	The current session has expired	403
103	Request replay	The request was already submitted	400
104	Invalid signature	Request signature is invalid	403
110	Invalid User ID	one or more uids passed are invalid	400

Example Request :

http://api.friendster.com/v1/shoutout/1234

Example Response (XML) :

<shoutout_response xmlns="http://api.friendster.com/v1/"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://api.friendster.com/v1/friendster.xsd">
    <shoutouts>
      <uid>1234</uid>
      <shoutout>Hello world!</shoutout>
      <time>1317277054</time>
    </shoutouts>
</shoutout_response>

Example Error Response :

<error_response xmlns="<http://api.friendster.com/v1/"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://api.friendster.com/v1/">
    <error_code>104</error_code>
    <error_msg>Invalid signature</error_msg>
</error_response>

Post Notification

Resource URL:

http://api.friendster.com/v1/notification
http://api.friendster.com/v1/notification/<uids>

Resource Method: POST (generate a notification)

Resource Description: API to generate a notification to the uids listed in the resource URL on behalf of the logged in user. If no uids are provided, the notification is generated for the logged in user. There is a limit to the number of notifications a user can receive per day from a single application. When a user receives an app notification, "NEW app notifications" displays in the notification panel in the logged in homepage. The notifications appear in the user's app notifications page as follows:

Request:

string

api_key

API key

string

sig

Signature of the request

string

session_key

Session identifier

int

nonce

Unique ID that avoids replay attacks.

string

content

Content of new notification. Must not be an empty string (max 300 characters) [HTML not allowed]

string

subject

Subject of the notification (max 80 characters) [HTML not allowed]

string

label

Notification label (max 50 characters) [HTML not allowed]

string

type

Notification type ( 2 = Notification )

string

uids

Comma separated list of User IDs to send the notification to

string

url_fragment

url fragment that will be appended to the canvas URL. For eg., if the url fragment is /notifications?sender_uid=12345, then the URL will be http://apps.friendster.com/simpleapp/notifications?sender_uid=12345&nid=<notification_id>&src=app_notifications

string (optional)

format

XML (default), JSON

Response :

container

uids

uids that were successfully notified.

Error Conditions/Response :

Error Code	Error Condition	Description	HTTP status code
1	Unexpected error	Unexpected internal error	500
4	Wrong Method	Invalid HTTP method (must be POST)	501
6	Invalid session key	Invalid session key	403
8	Disabled application	Widget is disabled and cannot be used	403
100	Invalid input parameter	Input parameters missing or invalid	400
101	Unknown application	API Key does not exist	404
102	Session expired	The current session has expired	403
103	Request replay	The request was already submitted	400
104	Invalid signature	Request signature is invalid	400

Example Request:

    http://api.friendster.com/v1/notification/53642,72361,4734?type=1&
    api_key=2e37638f335f0545c3719d34f4d20ed0&content=hello%20world&
    subject=hello%20world%20app&label=click%20here&sig=fake_sig

Example Response (XML):

<?xml version="1.0" encoding="UTF-8"?>
<notifications_response
    xmlns="<%3Chttp://api.friendster.com/v1/>"xmlns:xsi="<http://www.w3.org/2001/XMLSchema-instance>"
    xsi:schemaLocation="http://api.friendster.com/v1/ <http://api.friendster.com/v1/friendster.xsd>"
    list="true">
       <uid>53642</uids>
       <uid>72361</uids>
       <uid>4734</uids>
</notifications_response>

Example Error Response (XML):

<error_response xmlns="<http://api.friendster.com/v1/>"
    xmlns:xsi="<http://www.w3.org/2001/XMLSchema-instance>"
    xsi:schemaLocation="http://api.friendster.com/v1/
    http://api.friendster.com/v1/friendster.xsd">
    <error_code>100</error_code>
    <error_msg>Missing parameters from notification</error_msg>
</error_response>

Get Application friends

Resource URL:

http://api.friendster.com/v1/application/friends

Resource Method:

GET (obtain list of friends who have the application currently installed)

Resource Description:

This API returns the list of friends who already installed a similar widget or application.

Request :

string

api_key

Unique API ID given to each widget / application.

string

session_key

Session identifier

int

nonce

Unique ID that avoids replay attacks.

string

sig

Request signature

string (optional)

format

XML (default), JSON

Response :

application_friends

A list of user ids for friends who have installed this application this application

Error Conditions/Response :

Error Code	Error Condition	Description	HTTP status code
1	Unexpected error	Unexpected internal error	500
4	Wrong Method	Invalid HTTP method (must be GET)	501
6	Invalid session key	Invalid session key	403
8	Disabled widget	Widget is disabled and cannot be used	403
100	Invalid input parameter	Input parameters missing or invalid	400
101	Unknown widget	API Key does not exist	404
102	Session expired	The current session has expired	403
103	Request replay	The request was already submitted	400
104	Invalid signature	Request signature is invalid	400

Example Request:

http://api.friendster.com/v1/application/friends

Example Response (XML):

<application_friends_response xmlns="http://api.friendster.com/v1/"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://api.friendster.com/v1/friendster.xsd" list="true">
    <application_friends>
      <uid>123456</uid>
      <uid>81213123</uid>
      <uid>12310993</uid>
    </application_friends>
</application_friends_response>

Example Error Response

<error_response xmlns="http://api.friendster.com/v1/"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://api.friendster.com/v1/">
<error_code>104</error_code>
<error_message>Invalid signature</error_message>
</error_response>

Get Conversation List

Resource URL : http://api.friendster.com/v1/messages;

Resource Methods : GET (Retrieval of user conversations)

Resource Description : API to get the conversations list of a user.

Request :

string

api_key

Unique API ID given to each widget/application.

string

session_key

Session identifier.

numeric

nonce

Unique ID that avoids replay attacks.

string

sig

Signature of the Request.

string

format (optional)

XML (default), JSON.

Response :

container

messages

List of all conversations per user

container

conversation

Individual containers for conversations

numeric

cid

Conversation ID

string

latest_message_body

Latest message body

numeric

sender_id

Avatar sender id

string

sender_name

Avatar sender name

numeric

recipient_id

Avatar recipient id

string

recipient_name

Avatar recipient name

Error Conditions/Response :

Error Code	Error Condition	Description	HTTP status code
1	Unexpected error	Unexpected internal error	500
4	Wrong Method	Invalid HTTP method (must be GET)	501
6	Invalid session key	Invalid session key	403
8	Disabled widget	App is disabled and cannot be used	403
100	Invalid input parameter	Input parameters missing or invalid	4040
101	Unknown widget	API Key does not exist	404
102	Session expired	The current session has expired	403
103	Request replay	The request was already submitted	400
104	Invalid signature	Request signature is invalid	400

Example Request :

http://api.friendster.com/v1/messages?
     api_key=2e37638f335f0545c3719d34f4d20ed0&
     session_key=M4yZuZ4LjoJQj5BJfTkw2HnGw6MG8JyM-57519&
     nonce=326233766.3425&
     sig=012345678901234567890123456789012

Example Response (XML) :

<message_response xmlns="http://api.friendster.com/v1/"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://api.friendster.com/v1/
     http://api.friendster.com/v1/friendster.xsd">
   <messages>
      <conversation>
        <cid>55</cid>
        <latest_message_body>Private message test reply</latest_message_body>
        <sender_id>445777</sender_id>
        <sender_name>secondOne</sender_name>
        <recipient_id>445758</recipient_id>
        <recipient_name>Jay</recipient_name>
      </conversation>
      <page>1</page>
      <next_page/>
   </messages>
</message_response>

Get Message List by Conversation ID

Resource URL : http://api.friendster.com/v1/message/:cid;

Resource Methods : GET (Retrieval of user messages by conversation id)

Resource Description : API to get the message list of a user by conversation id.

Request :

string

api_key

Unique API ID given to each widget/application.

string

session_key

Session identifier.

numeric

nonce

Unique ID that avoids replay attacks.

string

sig

Signature of the Request.

string

format (optional)

XML (default), JSON.

Response :

container

messages

List of all private messages per conversation

container

message

Individual containers for messages

numeric

mid

Message ID

string

message_body

Message body

numeric

message_sender_id

Avatar sender id

string

message_sender_name

Avatar sender name

numeric

message_recipient_id

Avatar recipient id

string

message_recipient_name

Avatar recipient name

Error Conditions/Response :

Error Code	Error Condition	Description	HTTP status code
1	Unexpected error	Unexpected internal error	500
4	Wrong Method	Invalid HTTP method (must be GET)	501
6	Invalid session key	Invalid session key	403
8	Disabled widget	App is disabled and cannot be used	403
100	Invalid input parameter	Input parameters missing or invalid	4040
101	Unknown widget	API Key does not exist	404
102	Session expired	The current session has expired	403
103	Request replay	The request was already submitted	400
104	Invalid signature	Request signature is invalid	400

Example Request :

http://api.friendster.com/v1/message/120?
     api_key=2e37638f335f0545c3719d34f4d20ed0&
     session_key=M4yZuZ4LjoJQj5BJfTkw2HnGw6MG8JyM-57519&
     nonce=326233766.3425&
     sig=012345678901234567890123456789012

Example Response (XML) :

<message_response xmlns="http://api.friendster.com/v1/"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://api.friendster.com/v1/
     http://api.friendster.com/v1/friendster.xsd">
   <messages>
      <message>
        <mid>120</cid∣
        <message_body>Private message test 2</message_body>
        <message_sender_id>445758</message_sender_id>
        <message_sender_name>Jay</message_sender_name>
        <message_recipient_id>445780</message_recipient_id>
        <message_recipient_name>Marc</message_recipient_name>
      </message>
      <page>1</page>
      <next_page/>
   </messages>
</message_response>

Post a message to an avatar

Resource URL : http://api.friendster.com/v1/messages;

Resource Methods : POST (Adding Message to a conversation)

Resource Description : API to post the message of a user.

Request :

string

api_key

Unique API ID given to each widget/application.

string

session_key

Session identifier.

numeric

recipient

The uid of the user to send a message to

string

content

The body of the message to send a message to

numeric

nonce

Unique ID that avoids replay attacks.

string

sig

Signature of the Request.

string

format (optional)

XML (default), JSON.

numeric

cid

Conversation ID

numeric

mid

Message ID

numeric

uid

Avatar ID

Response :

container

status

Status of post

Error Conditions/Response :

Error Code	Error Condition	Description	HTTP status code
1	Unexpected error	Unexpected internal error	500
4	Wrong Method	Invalid HTTP method (must be GET)	501
6	Invalid session key	Invalid session key	403
8	Disabled widget	App is disabled and cannot be used	403
100	Invalid input parameter	Input parameters missing or invalid	4040
101	Unknown widget	API Key does not exist	404
102	Session expired	The current session has expired	403
103	Request replay	The request was already submitted	400
104	Invalid signature	Request signature is invalid	400

Example Request :

http://api.friendster.com/v1/messages?
     api_key=2e37638f335f0545c3719d34f4d20ed0&
     recpient=9017&
     content=Hello+world&
     session_key=M4yZuZ4LjoJQj5BJfTkw2HnGw6MG8JyM-57519&
     nonce=326233766.3425&
     sig=012345678901234567890123456789012

Example Response (XML) :

<message_response xmlns="http://api.friendster.com/v1/"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://api.friendster.com/v1/
     http://api.friendster.com/v1/friendster.xsd">
   <status>created</status>
</message_response>

Delete a Message from a Conversation

Resource URL : http://api.friendster.com/v1/messages/destroy/:mid;

Resource Methods : POST (Deleting a Message from a conversation)

Resource Description : API to delete the message of a user.

Request :

string

api_key

Unique API ID given to each widget/application.

string

session_key

Session identifier.

numeric

nonce

Unique ID that avoids replay attacks.

string

sig

Signature of the Request.

string

format (optional)

XML (default), JSON.

numeric

cid

Conversation ID

numeric

mid

Message ID

numeric

uid

Avatar ID

Response :

container

status

Status of destroy

Error Conditions/Response :

Error Code	Error Condition	Description	HTTP status code
1	Unexpected error	Unexpected internal error	500
4	Wrong Method	Invalid HTTP method (must be GET)	501
6	Invalid session key	Invalid session key	403
8	Disabled widget	App is disabled and cannot be used	403
100	Invalid input parameter	Input parameters missing or invalid	4040
101	Unknown widget	API Key does not exist	404
102	Session expired	The current session has expired	403
103	Request replay	The request was already submitted	400
104	Invalid signature	Request signature is invalid	400

Example Request :

http://api.friendster.com/v1/messages/destroy/55?
     api_key=2e37638f335f0545c3719d34f4d20ed0&
     session_key=M4yZuZ4LjoJQj5BJfTkw2HnGw6MG8JyM-57519&
     nonce=326233766.3425&
     sig=012345678901234567890123456789012

Example Response (XML) :

<message_response xmlns="http://api.friendster.com/v1/"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://api.friendster.com/v1/
     http://api.friendster.com/v1/friendster.xsd">
   <status>deleted</status>
</message_response>

Get the number of new messages

Resource URL: http://api.friendster.com/v1/newmessages

Methods: GET (query the number of new messages)

Resource Description: API to query the number of new messages for the current user since the last_update (optional parameter).

Request :

string

api_key

Unique API ID given to each widget/application.

numeric

nonce

Unique id for every call within the same session.

numeric

last_update (optional)

Get only number of new messages since last_update. Will return total of all messages if not specified.

string

sig

Signature of the Request.

string

format (optional)

XML (default), JSON

Response :

integer

new

number of new messages

integer

last_update

The date in unixtime of the latest message

Error Conditions/Response:

Error Code

Error Condition

Description

Invalid signature

If signature is invalid

Unexpected error

Processing error

Disabled widget

If API key is disabled

Unknown widget

Unknown API key

Example Request:

http://api.friendster.com/v1/newmessages?
    api_key=2e37638f335f0545c3719d34f4d20ed0&
    nonce=326233766.3425&
    sig=012345678901234567890123456789012

Example Response (XML):

<newmessages_response xmlns="http://api.friendster.com/v1/"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://api.friendster.com/v1/ http://api.friendster.com/v1/friendster.xsd">
     <new>5</new>
     <last_update>1112241241242424</last_update>
</newmessages_response>

Post Game Score

Resource URL : http://api.friendster.com/v1/score/:avatar_id

Resource Methods : POST (Adding game score)

Resource Description : API to post the game score of an avatar.

Request :

string

api_key

Unique API ID given to each widget/application.

string

session_key

Session identifier.

numeric

nonce

Unique ID that avoids replay attacks.

string

sig

Signature of the Request.

numeric

score

Game score of the avatar

string

format (optional)

XML (default), JSON.

Response :

container

status

Status of post

Error Conditions/Response :

Error Code	Error Condition	Description	HTTP status code
1	Unexpected error	Unexpected internal error	500
4	Wrong Method	Invalid HTTP method (must be GET)	501
6	Invalid session key	Invalid session key	403
8	Disabled widget	App is disabled and cannot be used	403
100	Invalid input parameter	Input parameters missing or invalid	4040
101	Unknown widget	API Key does not exist	404
102	Session expired	The current session has expired	403
103	Request replay	The request was already submitted	400
104	Invalid signature	Request signature is invalid	400

Example Request :

http://api.friendster.com/v1/score/11111?
     api_key=2e37638f335f0545c3719d34f4d20ed0&
     session_key=M4yZuZ4LjoJQj5BJfTkw2HnGw6MG8JyM-57519&
     nonce=326233766.3425&
     sig=012345678901234567890123456789012&
     score=100

Example Response (XML) :

<game_score_response xmlns="http://api.friendster.com/v1/"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://api.friendster.com/v1/
     http://api.friendster.com/v1/friendster.xsd">
   <status>posted</status>
</game_score_response>

Get Top Score List

Resource URL : http://api.friendster.com/v1/score

Resource Methods : GET (Retrieval of top scores of the game)

Resource Description : API to get the list of top scores of the game.

Request :

string

api_key

Unique API ID given to each widget/application.

string

session_key

Session identifier.

numeric

nonce

Unique ID that avoids replay attacks.

string

sig

Signature of the Request.

string

format (optional)

XML (default), JSON.

numeric

limit (optional)

Number of top scores to return. 10 (default).

Response :

container

high_scores

List of all scores

container

score

Individual containers for scores

numeric

avatar_id

Avatar ID

numeric

score

Score

datetime

posted_at

Datetime of the score was posted

Error Conditions/Response :

Error Code	Error Condition	Description	HTTP status code
1	Unexpected error	Unexpected internal error	500
4	Wrong Method	Invalid HTTP method (must be GET)	501
6	Invalid session key	Invalid session key	403
8	Disabled widget	App is disabled and cannot be used	403
100	Invalid input parameter	Input parameters missing or invalid	4040
101	Unknown widget	API Key does not exist	404
102	Session expired	The current session has expired	403
103	Request replay	The request was already submitted	400
104	Invalid signature	Request signature is invalid	400

Example Request :

http://api.friendster.com/v1/score?
     api_key=2e37638f335f0545c3719d34f4d20ed0&
     session_key=M4yZuZ4LjoJQj5BJfTkw2HnGw6MG8JyM-57519&
     nonce=326233766.3425&
     sig=012345678901234567890123456789012

Example Response (XML) :

<game_score_response xmlns="http://api.friendster.com/v1/"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://api.friendster.com/v1/
     http://api.friendster.com/v1/friendster.xsd">
   <high_scores>
      <score>
        <avatar_id>445695</avatar_id>
        <score>100</score>
        <posted_at>1325127188</posted_at>
      </score>
   </high_scores>
</game_score_response>

BALANCE INQUIRY

Resource URL: https://api.friendster.com/v1/sessions/destroy

Resource Methods: POST (Destroy Session)

Resource Description: API to destroy the current session. The friendster system will issue a new session_key when the user tries to access your app/game again.

Request :

string

api_key

Unique API ID given to each widget/application.

string

session_key

Session identifier.

string

sig

Signature of the Request.

string

format (optional)

XML (default), JSON.

Response :

string

status

'success' if the operation was successful

Error Conditions/Response :

Error Code	Error Condition
1	Invalid input
2	Invalid session_id
3	Unsupported version
4	Invalid field
5	Invalid format
6	Invalid sig
7	Process failed

Example Request :

 http://api.friendster.com/v1/sessions/destroy?
 api_key=2e37638f335f0545c3719d34f4d20ed0&session_key=M4yZuZ4LjoJQj5BJfT
 kw2HnGw6MG8JyM-57519&sig=fake_sig

Example Response (XML) :

<sessions_response xmlns="https://api.friendster.com/v1/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://api.friendster.com/v1/ https://api.friendster.com/v1/friendster.xsd">
  <status>success</status>
</wallet_response>

Example Error Response :

<error_response xmlns="<https://api.friendster.com/v1/>"
xmlns:xsi="<http://www.w3.org/2001/XMLSchema-instance>"
xsi:schemaLocation="https://api.friendster.com/v1/
https://api.friendster.com/v1/friendster.xsd">
  <error_code>300</error_code>
</error_response>

Wallet API

The wallet APIs allow developers to access the wallet in order to facilitate the purchase of virtual goods and/or services within your game. The Wallet API is available to both premium and non-premium apps, however your app must have been upgraded to premium status in order to gain access to the real wallet otherwise your app will be limited to "sandbox" mode. Developers can use sandbox mode in order to prepare their app before they request for premium status.

The Friendster payment API flow

The Friendster payment API flow is designed so that the customer’s password is not passed to the application. It allows the user to approve all transactions to his or her wallet.

A purchase is performed using the following steps:

App obtains a request token using the GET PAYMENT REQUEST (https:// {api_domain}/v1/wallet/payment) call. The app will need to supply all the purchase details including the amount, product name, description etc. The request token will be needed in the succeeding steps.
The App will be required to redirect the user to the Payments Authentication page. The URL to the payments authentication page is returned in the response of the https:// {api_domain}/v1/wallet/payment call. The behavior of the payments authentication page is described in the "PAYMENTS AUTHENTICATION PAGE" section.
The User must then enter his or her password in the Payments Authentication page. While the App has no control on the behavior of this page, it will however be redirected back to the app after the user has been successfully authenticated.
After control is returned to the App via the redirect, assuming the authentication process is successful the next step is for the App to issue the COMMIT PAYMENT REQUEST (https:// {api_domain}/v1/wallet/commit). At this point, the balance of the user is deducted and the App may now deliver the product purchased by the user. The transaction commit is successful if and only if there is a successful response and a transaction id is returned. For accounting purposes the App is advised to store the corresponding transaction id returned by this call. Please note that for non-sandbox mode, there will be a corresponding entry in the users’ wallet transaction history.

How the Sandbox environment works

The Wallet API provides a sandbox environment where the application developer can use a fake wallet and coins balance in order to perform integration testing. Each application has its own sandbox, which means that two different applications will transact against distinct wallets. If an application developer manages two applications, the application developer will have separate balances for each sandbox. Also, a distinctive chrome is displayed around your app's iframe indicating sandbox mode.

For premium apps you can access sandbox mode by clicking on the “play in sandbox” link (non-premium or normal apps will always use the sandbox wallet). A flag “sandbox=true” will be passed to your app via the iframe if the current session is using sandbox mode. The app should use this flag to prevent confusion during billing, as transactions performed against sandbox mode is not valid. Sandbox mode is only accessible by the developer and admin. The sandbox and production wallets are distinct. When an application is not played in sandbox mode, it will access the wallet the current user has created.

The sandbox wallet is automatically created upon the first use of the application in its sandbox environment. The initial balance for each new sandbox wallet is 1000000 coins.

Wallet API Reference

BALANCE INQUIRY

Resource URL: https://api.friendster.com/v1/wallet/balance

Resource Methods: GET (Wallet Balance)

Resource Description: API to query the current user's balance.

Request :

string

api_key

Unique API ID given to each widget/application.

string

session_key

Session identifier.

numeric

nonce

Unique ID that avoids replay attacks.

string

sig

Signature of the Request.

string

format (optional)

XML (default), JSON.

Response :

decimal

coins

coins balance

string

timestamp

The time when the balance was queried, based on RFC 3339

Error Conditions/Response :

Error Code	Error Condition
300	Wallet Does not exist 404
301	Invalid Wallet
302	Wallet Unexpected The specified user does not have a wallet yet and an attempt was made to access it
307	Access Denied - The users' wallet is either suspended or invalid. The user should be advised to seek customer support

Example Request :

 https://api.friendster.com/v1/wallet/balance?
 api_key=2e37638f335f0545c3719d34f4d20ed0&session_key=M4yZuZ4LjoJQj5BJfT
 kw2HnGw6MG8JyM-57519&nonce=326233766&sig=fake_sig

Example Response (XML) :

<wallet_response xmlns="https://api.friendster.com/v1/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://api.friendster.com/v1/ https://api.friendster.com/v1/friendster.xsd">
  <coins>10000</coins>
  <timestamp>1996-12-19T16:39:57-08:00</timestamp>
</wallet_response>

Example Error Response :

<error_response xmlns="<https://api.friendster.com/v1/>"
xmlns:xsi="<http://www.w3.org/2001/XMLSchema-instance>"
xsi:schemaLocation="https://api.friendster.com/v1/
https://api.friendster.com/v1/friendster.xsd">
  <error_code>300</error_code>
  <error_msg>Wallet does not exist</error_msg>
</error_response>

GET PAYMENT REQUEST

Resource URL: https://api.friendster.com/v1/wallet/payment

Resource Methods: POST (Initiate purchase of a product by getting a request token)

Resource Description:API to initiate a purchase of a virtual good or service to the currently logged in user. The API will return a request token and a redirect URL. The redirect URL is a page hosted by friendster where the user will be asked to authenticate the transaction by providing his or her password, the app will have to provide a means to redirect the user to that page (see Payments Authentication Page). The request token can be used by the app to determine if the payment authentication is successful, if so the app must then proceed to call "/v1/wallet/commit" to confirm the transaction. The request_token is valid for a maximum of 10 minutes from the time this api was called. A request_token can still be obtained even when the user has insufficient balance. In this case the wallet authentication page will present the user with the process to purchase coins if necessary.

Request :

string

api_key

Unique API ID given to each widget/application.

string

session_key

Session identifier.

numeric

nonce

Unique ID that avoids replay attacks.

string

name

The name of the product to purchase (App defined, max 30 characters). It is advised to prefix the product name with the application name (e.g. Petstore – 200 credits) to facilitate easier reporting.

string

description

A description of the transaction. (max 200 characters)

numeric

amt

The transaction amount in Friendster coins (should be greater than 0)

string

params

additional params to be included in the return URL, this is appended to the end of the return_url aside from the signature. page that the wallet authentication page will redirect to once the user has finished entering the password

string

sig

Signature of the Request.

string

format (optional)

XML (default), JSON.

Response :

string

request_token

A token that the application can use to monitor the status of the transaction and is used to complete the transaction using the payment commit API call.

string

redirect_url

The url that the user must be redirected to so that they can authenticate the transaction. This is the location of the payments authorization page.

Error Conditions/Response :

Error Code	Error Condition
300	Wallet Does not exist 404
301	Invalid Wallet
302	Wallet Unexpected The specified user does not have a wallet yet and an attempt was made to access it
307	Access Denied - The users' wallet is either suspended or invalid. The user should be advised to seek customer support

Example Request :

https://api.friendster.com/v1/wallet/payment?
api_key=2e37638f335f0545c3719d34f4d20ed0&session_key=M4yZuZ4LjoJQj5BJfTkw2HnGw6
MG8JyM-57519&description=New%20Bag&amt=1000&nonce=326233766&sig=fake_sig

Example Response (XML) :

<wallet_response xmlns="https://api.friendster.com/v1/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://api.friendster.com/v1/ https://
api.friendster.com/v1/friendster.xsd">
<request_token>a5u3jhdidufyset-9017</request_token>
<auth_url>https://wallet.friendster.com/authenticate</redirect_url>
</wallet_response>

Example Error Response :

<error_response xmlns="https://api.friendster.com/v1/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://api.friendster.com/v1/
https://api.friendster.com/v1/friendster.xsd">
  <error_code>303</error_code>
  <error_msg>Insufficient Coins</error_msg>
</error_response>

COMMIT PAYMENT REQUEST

Resource URL: https://api.friendster.com/v1/wallet/commit

Resource Methods: POST (commit the transaction)

Resource Description:API to COMMIT the wallet purchase transaction initiated by Get Payment Request. The caller must pass the request_token corresponding to the transaction that it wishes to commit. The request_token must have been authenticated by the customer. If successful, the transaction id will then be returned by the service.

Request :

string

api_key

Unique API ID given to each widget/application.

string

session_key

Session identifier.

numeric

nonce

Unique ID that avoids replay attacks.

string

request_token

The request token returned by the returnUrl or provided by the request_token purchase transaction Get Payment Request

string

sig

Signature of the Request.

string

format (optional)

XML (default), JSON.

Response :

numeric

amt

Amount of the transaction in Friendster coins

string

transaction_id

The transaction reference number

string

timestamp

The time when the transaction was committed, based on RFC 3339

Error Conditions/Response :

Error Code	Error Condition
300	Wallet Does not exist 404
301	Invalid Wallet
302	Wallet Unexpected The specified user does not have a wallet yet and an attempt was made to access it
307	Access Denied - The users' wallet is either suspended or invalid. The user should be advised to seek customer support

Example Request :

https://api.friendster.com/v1/wallet/commit?
api_key=2e37638f335f0545c3719d34f4d20ed0&request_token=a5u3jhdidufyset-9017&
session_key=M4yZuZ4LjoJQj5BJfTkw2HnGw6MG8JyM-
57519&nonce=326233766&sig=fake_sig

Example Response (XML) :

<wallet_response xmlns="https://api.friendster.com/v1/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://api.friendster.com/v1/ https://
api.friendster.com/v1/friendster.xsd">
  <amt>500</amt>
  <transaction_id>0003448717ZQAVPF9DE</transaction_id>
  <timestamp>1996-12-19T16:39:57-08:00</timestamp>
</wallet_response>

Example Error Response :

<error_response xmlns="https://api.friendster.com/v1/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://api.friendster.com/v1/
https://api.friendster.com/v1/friendster.xsd">
  <error_code>304</error_code>
  <error_msg>Invalid Wallet token</error_msg>
</error_response>

PAYMENTS AUTHENTICATION PAGE

A page hosted by Friendster that users can use in order to authenticate transactions coming from an app. This page makes sure that only Friendster knows about the users’ password and not the app. For reference purposes this page will be referred to as the "Payments Authentication Page". The URL of the page depends on the type of environment used by the wallet API, either if it is sandbox or normal mode. The URL to use will be returned by the GET PAYMENT request API via the “redirect_url” parameter. The page will contain the following:

The Name of the APP based on the api_key sent by the app.
The description of the transaction
The amount of the transaction
Place to enter the password

The page will show up even if the current user does not have a wallet defined. Possible behaviors are as follows:

If the user does not have a wallet, the authentication page will display links that would enable the user to activate his or her wallet (This will open up in another tab).
If the user does not have enough balance, a message will appear that he/she does not have enough balance and a link will appear telling the user to go to the topup page.

Resource URL : https://{redirect_url}

Resource Description : The App should issue a HTTP redirect (or open it up in a new browser popup or tab) to the url returned by the GET payment request call.

Request :

string

api_key

The api key that identifies an application

string

request_token

The request token that was obtained using /v1/wallet/payment. The request token can be authenticated only once and if the user cancels the transaction you must request for a new one.

string

return_url

The url the page will redirect to after the user authenticates the transaction. Also known as the callback, if no URL is given the page will just close.

string

sig

A signature computed from the apps secret, the app should compute the sig to verify that it originated from Friendster. (refer to the API Framework docs on how this is computed)

EXAMPLE REQUEST:

Assuming the redirect url passed to you is https://api.friendster.com/wallet/authenticate you should load or issue a HTTP redirect to the following URL:

https://api.friendster.com/wallet/authenticate?api_key=669d598ee50fa90a05ddedbcbc45bd25&
return_url=http%3A%2F%2Fdevappx2.gbxsc.friendster.com%3A2375%2Fwalletui
%2Fconfirm.php&request_token=1d65ad33e9&sig=483726fdyagwyerjdufy

CALLBACK

After the user has successfully authorized the transaction, Friendster will issue a HTTP redirect back to your app passing the parameters as described below:

Assuming the return_url that you specified is http://www.mycoolgamesite.com/purchase_complete, Friendster will then issue the following HTTP redirect:

http://www.mycoolgamesite.com/purchase_complete?
api_key=2e37638f335f0545c3719d34f4d20ed0&api_domain=api.friendster.
com&sandbox=false&request_token=aye18374182adg&
params=myref&session_key=6rhe6rbh645364354d&
signed_keys=api_key,api_domain,sandbox,request_token,params,session_key,signed_keys&
status=1&sig=hsajdfiseyrqhwejr

The parameters passed is described as follows:

int

amt

The amount of the authenticated transaction in Friendster coins.

string

api_key

The api key that identifies an application

string

api_domain

The api endpoint the app should call

string

request_token

The request token that was obtained using /v1/wallet/payment. The request token can be authenticated only once and if the user cancels the transaction you must request for a new one. The app should then use this request token in the /v1/wallet/commit call to complete the transaction

string

session_key

The session key that the app can use for making API calls, the session key provided is in the context of the user that made the payment.

int

user_id

The user_id of the user

string

return_url

The url the page will redirect to after the user authenticates the transaction. Also known as the callback, if no URL is given the page will just close.

string

sig

A signature computed from the apps secret, the app should compute the sig to verify that it originated from Friendster. (refer to the API Framework docs on how this is computed)

Overview

Information Needed for App Registration

Information Provided to Developers / App Partners after App Registration

API Authentication/Authorization

App Canvas Page

How to compute for the signature

Examples

The Share App Page

Get User Information

Get Friends List

Post Shoutout

Get Shoutout

Post Notification

Get Application friends

Get Conversation List

Get Message List by Conversation ID

Post a message to an avatar

Delete a Message from a Conversation

Get the number of new messages

Post Game Score

Get Top Score List

BALANCE INQUIRY

Wallet API

The Friendster payment API flow

How the Sandbox environment works

Wallet API Reference

BALANCE INQUIRY

GET PAYMENT REQUEST

COMMIT PAYMENT REQUEST

PAYMENTS AUTHENTICATION PAGE

CALLBACK

Use your Friendster account to log in: