Console
Guide

Database

Firebase-style realtime JSON database per app. Data is shared across all users — ideal for leaderboards, game configs, and shared state.

Overview

The Database is accessed through a single endpoint using the action field. Auth requires only your AppID:AppKey — no user token needed.

actionEffect
"get"Read a database or a path within it
"set"Write (overwrite) a database
"delete"Delete an entire database by name
Database vs CloudStore: Database data is shared across all users of your app. Use CloudStore for per-user data like saves and settings.

1. Write data (set)

The entire JSON at a given name is replaced on each set. To update a subset, read first, modify locally, then write back.

await fetch('https://vaneltonmedia.com/api/database/action.php', {
  method: 'POST',
  headers: {
    'Authorization': `${APP_ID}:${APP_KEY}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    action: 'set',
    name: 'leaderboard',
    data: {
      top1: { user: 'Vanelton', score: 9999 },
      top2: { user: 'Maria',    score: 8500 }
    }
  })
});
async function dbSet(name: string, data: unknown): Promise {
  await fetch('https://vaneltonmedia.com/api/database/action.php', {
    method: 'POST',
    headers: { 'Authorization': `${APP_ID}:${APP_KEY}`, 'Content-Type': 'application/json' },
    body: JSON.stringify({ action: 'set', name, data })
  });
}

await dbSet('leaderboard', { top1: { user: 'Vanelton', score: 9999 } });
function dbSet(string $name, mixed $data): array {
    $ch = curl_init('https://vaneltonmedia.com/api/database/action.php');
    curl_setopt_array($ch, [
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_POST => true,
        CURLOPT_HTTPHEADER => ['Authorization: ' . APP_ID . ':' . APP_KEY, 'Content-Type: application/json'],
        CURLOPT_POSTFIELDS => json_encode(['action' => 'set', 'name' => $name, 'data' => $data]),
    ]);
    $result = json_decode(curl_exec($ch), true);
    curl_close($ch);
    return $result;
}

dbSet('leaderboard', ['top1' => ['user' => 'Vanelton', 'score' => 9999]]);
import requests

HEADERS = {'Authorization': f'{APP_ID}:{APP_KEY}', 'Content-Type': 'application/json'}
DB_URL  = 'https://vaneltonmedia.com/api/database/action.php'

def db_set(name, data):
    return requests.post(DB_URL, headers=HEADERS, json={'action': 'set', 'name': name, 'data': data}).json()

db_set('leaderboard', {'top1': {'user': 'Vanelton', 'score': 9999}})
var _headers = ds_map_create();
ds_map_add(_headers, "Authorization", global.app_id + ":" + global.app_key);
ds_map_add(_headers, "Content-Type",  "application/json");

http_request(
    "https://vaneltonmedia.com/api/database/action.php",
    "POST", _headers,
    json_stringify({
        action: "set",
        name:   "leaderboard",
        data: {
            top1: { user: "Vanelton", score: 9999 },
            top2: { user: "Maria",    score: 8500 }
        }
    })
);
ds_map_destroy(_headers);
APP_ID="com.myapp.game"
APP_KEY="MyAppKey1234567890ABCDE"

curl -s -X POST "https://vaneltonmedia.com/api/database/action.php" \
  -H "Authorization: $APP_ID:$APP_KEY" \
  -H "Content-Type: application/json" \
  -d '{"action":"set","name":"leaderboard","data":{"top1":{"user":"Vanelton","score":9999},"top2":{"user":"Maria","score":8500}}}'
using System.Net.Http;
using System.Text;
using System.Text.Json;

const string APP_ID  = "com.myapp.game";
const string APP_KEY = "MyAppKey1234567890ABCDE";

using var client = new HttpClient();
client.DefaultRequestHeaders.Add("Authorization", $"{APP_ID}:{APP_KEY}");

async Task DbSet(string name, object data)
{
    var payload = JsonSerializer.Serialize(new { action = "set", name, data });
    await client.PostAsync(
        "https://vaneltonmedia.com/api/database/action.php",
        new StringContent(payload, Encoding.UTF8, "application/json"));
}

await DbSet("leaderboard", new { top1 = new { user = "Vanelton", score = 9999 } });
-- Requires: luarocks install luasocket luasec lua-cjson
local http  = require("socket.http")
local ltn12 = require("ltn12")
local json  = require("cjson")

local APP_ID  = "com.myapp.game"
local APP_KEY = "MyAppKey1234567890ABCDE"

local function db_set(name, data)
    local body   = json.encode({ action = "set", name = name, data = data })
    local chunks = {}
    http.request {
        url    = "https://vaneltonmedia.com/api/database/action.php",
        method = "POST",
        headers = {
            ["Authorization"]  = APP_ID .. ":" .. APP_KEY,
            ["Content-Type"]   = "application/json",
            ["Content-Length"] = #body,
        },
        source = ltn12.source.string(body),
        sink   = ltn12.sink.table(chunks),
    }
    return json.decode(table.concat(chunks))
end

db_set("leaderboard", { top1 = { user = "Vanelton", score = 9999 } })

2. Read data (get)

Retrieve the full database or a nested value using the path field (slash-separated keys, like Firebase).

// Get entire database
const res = await fetch('https://vaneltonmedia.com/api/database/action.php', {
  method: 'POST',
  headers: { 'Authorization': `${APP_ID}:${APP_KEY}`, 'Content-Type': 'application/json' },
  body: JSON.stringify({ action: 'get', name: 'leaderboard' })
});
const { data } = await res.json();
console.log(data.top1.score); // 9999

// Get a nested value via path
const pathRes = await fetch('https://vaneltonmedia.com/api/database/action.php', {
  method: 'POST',
  headers: { 'Authorization': `${APP_ID}:${APP_KEY}`, 'Content-Type': 'application/json' },
  body: JSON.stringify({ action: 'get', name: 'leaderboard', path: 'top1/score' })
});
const { data: score } = await pathRes.json();
console.log(score); // 9999
async function dbGet(name: string, path?: string): Promise {
  const body: Record = { action: 'get', name };
  if (path) body.path = path;
  const res = await fetch('https://vaneltonmedia.com/api/database/action.php', {
    method: 'POST',
    headers: { 'Authorization': `${APP_ID}:${APP_KEY}`, 'Content-Type': 'application/json' },
    body: JSON.stringify(body)
  });
  const { data } = await res.json();
  return data as T;
}

const top1 = await dbGet<{ user: string; score: number }>('leaderboard', 'top1');
function dbGet(string $name, string $path = ''): mixed {
    $body = ['action' => 'get', 'name' => $name];
    if ($path) $body['path'] = $path;
    $ch = curl_init('https://vaneltonmedia.com/api/database/action.php');
    curl_setopt_array($ch, [
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_POST => true,
        CURLOPT_HTTPHEADER => ['Authorization: ' . APP_ID . ':' . APP_KEY, 'Content-Type: application/json'],
        CURLOPT_POSTFIELDS => json_encode($body),
    ]);
    $result = json_decode(curl_exec($ch), true);
    curl_close($ch);
    return $result['data'] ?? null;
}

$score = dbGet('leaderboard', 'top1/score'); // 9999
def db_get(name, path=None):
    body = {'action': 'get', 'name': name}
    if path:
        body['path'] = path
    return requests.post(DB_URL, headers=HEADERS, json=body).json().get('data')

score = db_get('leaderboard', 'top1/score')  # 9999
var _headers = ds_map_create();
ds_map_add(_headers, "Authorization", global.app_id + ":" + global.app_key);
ds_map_add(_headers, "Content-Type",  "application/json");

global.db_req = http_request(
    "https://vaneltonmedia.com/api/database/action.php",
    "POST", _headers,
    json_stringify({ action: "get", name: "leaderboard" })
);
ds_map_destroy(_headers);

// --- In Async HTTP Event ---
if (async_load[? "id"] == global.db_req) {
    var _result = json_parse(async_load[? "result"]);
    show_debug_message("Top 1: " + _result.data.top1.user);
}
# Get entire database
curl -s -X POST "https://vaneltonmedia.com/api/database/action.php" \
  -H "Authorization: $APP_ID:$APP_KEY" \
  -H "Content-Type: application/json" \
  -d '{"action":"get","name":"leaderboard"}'

# Get a nested value via path
curl -s -X POST "https://vaneltonmedia.com/api/database/action.php" \
  -H "Authorization: $APP_ID:$APP_KEY" \
  -H "Content-Type: application/json" \
  -d '{"action":"get","name":"leaderboard","path":"top1/score"}'
async Task DbGet(string name, string? path = null)
{
    var body = new Dictionary { ["action"] = "get", ["name"] = name };
    if (path != null) body["path"] = path;
    var payload = JsonSerializer.Serialize(body);
    using var res = await client.PostAsync(
        "https://vaneltonmedia.com/api/database/action.php",
        new StringContent(payload, Encoding.UTF8, "application/json"));
    using var doc = JsonDocument.Parse(await res.Content.ReadAsStringAsync());
    return doc.RootElement.GetProperty("data").Clone();
}

var top1 = await DbGet("leaderboard", "top1");
Console.WriteLine(top1.GetProperty("score").GetInt32()); // 9999
local function db_get(name, path)
    local req  = { action = "get", name = name }
    if path then req.path = path end
    local body   = json.encode(req)
    local chunks = {}
    http.request {
        url    = "https://vaneltonmedia.com/api/database/action.php",
        method = "POST",
        headers = {
            ["Authorization"]  = APP_ID .. ":" .. APP_KEY,
            ["Content-Type"]   = "application/json",
            ["Content-Length"] = #body,
        },
        source = ltn12.source.string(body),
        sink   = ltn12.sink.table(chunks),
    }
    return json.decode(table.concat(chunks)).data
end

local score = db_get("leaderboard", "top1/score")
print(score) -- 9999

3. Delete a database

await fetch('https://vaneltonmedia.com/api/database/action.php', {
  method: 'POST',
  headers: { 'Authorization': `${APP_ID}:${APP_KEY}`, 'Content-Type': 'application/json' },
  body: JSON.stringify({ action: 'delete', name: 'leaderboard' })
});
await fetch('https://vaneltonmedia.com/api/database/action.php', {
  method: 'POST',
  headers: { 'Authorization': `${APP_ID}:${APP_KEY}`, 'Content-Type': 'application/json' },
  body: JSON.stringify({ action: 'delete', name: 'leaderboard' })
});
$ch = curl_init('https://vaneltonmedia.com/api/database/action.php');
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true, CURLOPT_POST => true,
    CURLOPT_HTTPHEADER => ['Authorization: ' . APP_ID . ':' . APP_KEY, 'Content-Type: application/json'],
    CURLOPT_POSTFIELDS => json_encode(['action' => 'delete', 'name' => 'leaderboard']),
]);
curl_exec($ch); curl_close($ch);
requests.post(DB_URL, headers=HEADERS, json={'action': 'delete', 'name': 'leaderboard'})
var _headers = ds_map_create();
ds_map_add(_headers, "Authorization", global.app_id + ":" + global.app_key);
ds_map_add(_headers, "Content-Type",  "application/json");

http_request(
    "https://vaneltonmedia.com/api/database/action.php",
    "POST", _headers,
    json_stringify({ action: "delete", name: "leaderboard" })
);
ds_map_destroy(_headers);
curl -s -X POST "https://vaneltonmedia.com/api/database/action.php" \
  -H "Authorization: $APP_ID:$APP_KEY" \
  -H "Content-Type: application/json" \
  -d '{"action":"delete","name":"leaderboard"}'
var payload = JsonSerializer.Serialize(new { action = "delete", name = "leaderboard" });
await client.PostAsync(
    "https://vaneltonmedia.com/api/database/action.php",
    new StringContent(payload, Encoding.UTF8, "application/json"));
local body   = json.encode({ action = "delete", name = "leaderboard" })
local chunks = {}
http.request {
    url    = "https://vaneltonmedia.com/api/database/action.php",
    method = "POST",
    headers = {
        ["Authorization"]  = APP_ID .. ":" .. APP_KEY,
        ["Content-Type"]   = "application/json",
        ["Content-Length"] = #body,
    },
    source = ltn12.source.string(body),
    sink   = ltn12.sink.table(chunks),
}

Error reference

CodeMessageCause
401Authorization header with appid:appkey is required.Missing header
401Invalid app credentials.Wrong AppID or AppKey
400Missing required fields.action or name not provided
404Data not found for the specified name and path.Name or path doesn't exist