Console
Getting Started

Quickstart

Get credentials and make your first API call in under 5 minutes.

Step 1 — Get your credentials

Sign up at console.vaneltonmedia.com, create an app, and copy your AppID and AppKey. The AppKey is shown only once — store it securely.

Never put your AppKey in client-side code (browser JS, game client, mobile app). Route requests through your own backend server.

Step 2 — Add the Authorization header

Every request must include the header:

Authorization: AppID:AppKey
Authorization: com.myapp.game:MyAppKey1234567890ABCDE

Step 3 — Login a user

Call POST /api/vaneltonid/login.php to get a session token. Pass the token in the body of all subsequent user-scoped requests.

const APP_ID  = 'com.myapp.game';
const APP_KEY = 'MyAppKey1234567890ABCDE';

const res = await fetch('https://vaneltonmedia.com/api/vaneltonid/login.php', {
  method: 'POST',
  headers: {
    'Authorization': `${APP_ID}:${APP_KEY}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ email: 'user@email.com', password: 'pass123' })
});

const data = await res.json();
const token = data.vaneltonid.token;
localStorage.setItem('vm_token', token);
console.log('Logged in!', data.vaneltonid.username);
const APP_ID  = 'com.myapp.game';
const APP_KEY = 'MyAppKey1234567890ABCDE';

interface LoginResponse {
  vaneltonid: { token: string; username: string; name: string; id: number; };
  app: { authorized: number; appname: string; };
}

const res = await fetch('https://vaneltonmedia.com/api/vaneltonid/login.php', {
  method: 'POST',
  headers: {
    'Authorization': `${APP_ID}:${APP_KEY}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ email: 'user@email.com', password: 'pass123' })
});

const data: LoginResponse = await res.json();
const token: string = data.vaneltonid.token;
localStorage.setItem('vm_token', token);
define('APP_ID',  'com.myapp.game');
define('APP_KEY', 'MyAppKey1234567890ABCDE');

$ch = curl_init('https://vaneltonmedia.com/api/vaneltonid/login.php');
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST => true,
    CURLOPT_HTTPHEADER => [
        'Authorization: ' . APP_ID . ':' . APP_KEY,
        'Content-Type: application/json',
    ],
    CURLOPT_POSTFIELDS => json_encode([
        'email'    => 'user@email.com',
        'password' => 'pass123',
    ]),
]);
$data = json_decode(curl_exec($ch), true);
curl_close($ch);

$token = $data['vaneltonid']['token'];
$_SESSION['vm_token'] = $token;
import java.net.http.*;
import java.net.URI;

String APP_ID  = "com.myapp.game";
String APP_KEY = "MyAppKey1234567890ABCDE";

HttpClient client = HttpClient.newHttpClient();
String body = "{\"email\":\"user@email.com\",\"password\":\"pass123\"}";

HttpRequest request = HttpRequest.newBuilder()
    .uri(URI.create("https://vaneltonmedia.com/api/vaneltonid/login.php"))
    .header("Authorization", APP_ID + ":" + APP_KEY)
    .header("Content-Type", "application/json")
    .POST(HttpRequest.BodyPublishers.ofString(body))
    .build();

HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
// Parse JSON with Gson/Jackson to extract token
import requests

APP_ID  = 'com.myapp.game'
APP_KEY = 'MyAppKey1234567890ABCDE'

res = requests.post(
    'https://vaneltonmedia.com/api/vaneltonid/login.php',
    headers={
        'Authorization': f'{APP_ID}:{APP_KEY}',
        'Content-Type': 'application/json',
    },
    json={'email': 'user@email.com', 'password': 'pass123'}
)
data = res.json()
token = data['vaneltonid']['token']
// GML — GameMaker Studio 2
global.app_id  = "com.myapp.game";
global.app_key = "MyAppKey1234567890ABCDE";

var _url  = "https://vaneltonmedia.com/api/vaneltonid/login.php";
var _body = json_stringify({ email: "user@email.com", password: "pass123" });
var _headers = ds_map_create();
ds_map_add(_headers, "Authorization", global.app_id + ":" + global.app_key);
ds_map_add(_headers, "Content-Type",  "application/json");

global.login_req = http_request(_url, "POST", _headers, _body);
ds_map_destroy(_headers);

// --- In Async HTTP Event ---
if (async_load[? "id"] == global.login_req) {
    var _d = json_parse(async_load[? "result"]);
    global.user_token = _d.vaneltonid.token;
    show_debug_message("Token: " + global.user_token);
}
APP_ID="com.myapp.game"
APP_KEY="MyAppKey1234567890ABCDE"

curl -s -X POST "https://vaneltonmedia.com/api/vaneltonid/login.php" \
  -H "Authorization: $APP_ID:$APP_KEY" \
  -H "Content-Type: application/json" \
  -d '{"email":"user@email.com","password":"pass123"}'
using System.Net.Http;
using System.Text;
using System.Text.Json;

const string APP_ID  = "com.myapp.game";
const string APP_KEY = "MyAppKey1234567890ABCDE";

using var client = new HttpClient();
client.DefaultRequestHeaders.Add("Authorization", $"{APP_ID}:{APP_KEY}");

var payload = JsonSerializer.Serialize(new { email = "user@email.com", password = "pass123" });
using var res = await client.PostAsync(
    "https://vaneltonmedia.com/api/vaneltonid/login.php",
    new StringContent(payload, Encoding.UTF8, "application/json"));

using var doc = JsonDocument.Parse(await res.Content.ReadAsStringAsync());
var token = doc.RootElement.GetProperty("vaneltonid").GetProperty("token").GetString();
// Store token (e.g. PlayerPrefs.SetString("vm_token", token))
-- Requires: luarocks install luasocket luasec lua-cjson
local http  = require("socket.http")
local ltn12 = require("ltn12")
local json  = require("cjson")

local APP_ID  = "com.myapp.game"
local APP_KEY = "MyAppKey1234567890ABCDE"

local body   = json.encode({ email = "user@email.com", password = "pass123" })
local chunks = {}
http.request {
    url    = "https://vaneltonmedia.com/api/vaneltonid/login.php",
    method = "POST",
    headers = {
        ["Authorization"]  = APP_ID .. ":" .. APP_KEY,
        ["Content-Type"]   = "application/json",
        ["Content-Length"] = #body,
    },
    source = ltn12.source.string(body),
    sink   = ltn12.sink.table(chunks),
}
local data  = json.decode(table.concat(chunks))
local token = data.vaneltonid.token

Step 4 — Make an API call with the token

Use the token returned by login in the body of every user-scoped request. Here's a complete example saving data to CloudStore:

const res = await fetch('https://vaneltonmedia.com/api/cloudstore/set.php', {
  method: 'POST',
  headers: {
    'Authorization': `${APP_ID}:${APP_KEY}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    token: localStorage.getItem('vm_token'),
    cloudkey: 'save-1',
    dataobject: { level: 5, score: 1200 }
  })
});
const result = await res.json();
console.log(result.success); // true
const res = await fetch('https://vaneltonmedia.com/api/cloudstore/set.php', {
  method: 'POST',
  headers: {
    'Authorization': `${APP_ID}:${APP_KEY}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    token: localStorage.getItem('vm_token'),
    cloudkey: 'save-1',
    dataobject: { level: 5, score: 1200 }
  })
});
const result = await res.json();
console.log(result.success); // true
$ch = curl_init('https://vaneltonmedia.com/api/cloudstore/set.php');
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST => true,
    CURLOPT_HTTPHEADER => [
        'Authorization: ' . APP_ID . ':' . APP_KEY,
        'Content-Type: application/json',
    ],
    CURLOPT_POSTFIELDS => json_encode([
        'token'      => $_SESSION['vm_token'],
        'cloudkey'   => 'save-1',
        'dataobject' => ['level' => 5, 'score' => 1200],
    ]),
]);
$result = json_decode(curl_exec($ch), true);
curl_close($ch);

var_dump($result['success']); // true
res = requests.post(
    'https://vaneltonmedia.com/api/cloudstore/set.php',
    headers={'Authorization': f'{APP_ID}:{APP_KEY}', 'Content-Type': 'application/json'},
    json={'token': token, 'cloudkey': 'save-1', 'dataobject': {'level': 5, 'score': 1200}}
)
print(res.json()['success'])  # True
var _headers = ds_map_create();
ds_map_add(_headers, "Authorization", global.app_id + ":" + global.app_key);
ds_map_add(_headers, "Content-Type",  "application/json");

http_request(
    "https://vaneltonmedia.com/api/cloudstore/set.php",
    "POST", _headers,
    json_stringify({
        token:      global.user_token,
        cloudkey:   "save-1",
        dataobject: { level: 5, score: 1200 }
    })
);
ds_map_destroy(_headers);
TOKEN="YOUR_SESSION_TOKEN"

curl -s -X POST "https://vaneltonmedia.com/api/cloudstore/set.php" \
  -H "Authorization: $APP_ID:$APP_KEY" \
  -H "Content-Type: application/json" \
  -d "{\"token\":\"$TOKEN\",\"cloudkey\":\"save-1\",\"dataobject\":{\"level\":5,\"score\":1200}}"
var payload = JsonSerializer.Serialize(new {
    token      = token,
    cloudkey   = "save-1",
    dataobject = new { level = 5, score = 1200 }
});
using var res = await client.PostAsync(
    "https://vaneltonmedia.com/api/cloudstore/set.php",
    new StringContent(payload, Encoding.UTF8, "application/json"));

using var doc    = JsonDocument.Parse(await res.Content.ReadAsStringAsync());
bool      success = doc.RootElement.GetProperty("success").GetBoolean();
local body   = json.encode({
    token      = token,
    cloudkey   = "save-1",
    dataobject = { level = 5, score = 1200 },
})
local chunks = {}
http.request {
    url    = "https://vaneltonmedia.com/api/cloudstore/set.php",
    method = "POST",
    headers = {
        ["Authorization"]  = APP_ID .. ":" .. APP_KEY,
        ["Content-Type"]   = "application/json",
        ["Content-Length"] = #body,
    },
    source = ltn12.source.string(body),
    sink   = ltn12.sink.table(chunks),
}
local result = json.decode(table.concat(chunks))
print(result.success) -- true

What's next?

Authentication
Deep dive: sessions, multi-device, app authorization.
CloudStore
Save per-user JSON: game saves, settings, inventory.
Payments
Charge users with Stripe Checkout.