Show Login User Information

Next, you will use the RESTful API to develop a program that displays a test user's information on the start page.


This tutorial uses PHP for the server program. Configure the game server so that PHP runs on the game server. If you use another development language, substitute the language that matches your language environment when reading this section.

Also, this program uses the OAuth library to verify the validity of the request from the Gadget server and for RESTful API authentication. Get OAuth.php from the URL shown below and place it so that it is located at

Verifying the Validity of the Request from the Gadget Server

First, you will develop a program for verifying the validity of the request from the Gadget server to the game server.

Since this processing should be implemented in all programs that are requested from the Gadget server, develop validator.php as follows as a common class.

The program flow is explained below.

The validate function of the RequestValidator class gets the OAuth token and signature from the request from the Gadget server, compares it with the signature that was also generated by a similar procedure on the game server, and returns true if they match or false if they do not.

Since only the Gadget server and game server mutually know the Consumer Secret of this application as a common key, the falsification of a request can be prevented by verifying the signature.

Therefore, the Consumer Secret value must be managed securely so that is not divulged to an external party. If there is a possibility that it was divulged to an external party, contact the assistance center on the Developer's Site.

The Consumer Key and Consumer Secret values are set at the bottom of the "Common" tab on the Mobage Developer Site, so you should set those values in the program.


Next, in the following program, get the OAuth token (oauth_token and oauth_token_secret values) and signature (oauth_signature value) from the request header that is sent from the Gadget server.

Regenerate the signature at the game server based on the OAuth token that was obtained as described above, the Consumer Key and Consumer Secret, and the request information and verify whether they match the signature that was forwarded from the Gadget server. This processing sequence can be performed by the OAuthSignatureMethod_HMAC_SHA1 class check_signature function.

Place the completed validator.phpon the game server so that it is located at

Displaying the Test User's Nickname and Avatar

Next, you will develop a program that uses the People API of the API server to display the nickname and avatar of the user who is logged in. The following code shows how to develop mypage.php.

The program flow is explained below.

First, declare the use of validator.php for verifying the validity of the request from the Gadget server, which was created earlier.

Next, call the validate function of the RequestValidator class in validate.php to verify that the request from the Gadget server has not been falsified. Make sure an error page is returned if the signatures do not match and the request is invalid.

Next, take steps needed to access the API server. First, prepare Consumer Key and Consumer Secret, which are required for the API server's OAuth parameters.

Since an access to the People API uses the Proxy model (which uses the OAuth token), you'll need to get the OAuth token and opensocial_viewer_id (ID of login user who is browsing the screen), which were passed from the Gadget server.

This completes the information required to access the People API. You can now generate the OAuth header information.
Create /people/@me/@self, which is the path for getting the login user information, based on the Sandbox Endpoint URL. For the Proxy model, set the request parameter xoauth_requestor_id to the value of opensocial_view_id that was obtained above.

Execute the request to the API server using the OAuth Authorization header that was generated as described above. Get the response data and HTTP status code from the API server.

If the request was successful, the People API GET method will return 200 for the HTTP status code. If a value other than 200 is returned, make sure to return an error page.

When the HTTP status is 200, parse the JSON data which is contained in the response data, to get the values of the id, nickname, thumbnailUrl, and profileUrl, and embed them in the HTML.

When the thumbnailUrl avatar image is tapped on the guideline, the user's profile page must be displayed. For the Shell App Framework, mobage.shellapp.Service.openUserProfile must be called with the user ID specified. Otherwise, implement the following anchor tag to make a transition occur to the page specified in the profileUrl.

Place this mypage.php on the game server so that it is located at

Also, add a link to mypage.php in the index.html that was created in the previous chapter and then replace index.html. All links used in the screen transitions within the content must pass through the Gadget server. The URL must be specified as url={URL-encoded game server absolute path}.

Verifying Operation on an Actual Device

Re-launch the client application that you installed on the actual device in the previous chapter. While the application is starting up, press the Home button at the top to update the start page. You should see that the My Page link has been added as shown below. You do not need to update the client application when you update the server.



Tap the My Page link and if the login user's nickname and avatar are displayed as shown below, the process will have completed successfully.

Also, tap the avatar to verify that the dialog shown below appears.
In the Sandbox environment, this dialog appears since there is no Mobage portal application, but in the production environment, the profile screen is displayed in the Mobage portal application.


Calling from a Button in the Footer

Try modifying the client application so that the transition can also occur from the My Page button in the footer. As explained in the previous chapter, on the Developer's Site, click "Manage Application" > "MyFirstShellApp" > "Android" > "Layout". Change the hrefSandbox attribute of the first footer button to

Download the Sandbox application again from the "Download" tab and reinstall it on the actual device. Launch the application and tap the My Page button in the footer to verify that the nickname and avatar are displayed in the same way as before.

This completes the display of the test user's nickname and avatar.

Reference Material

The People API can be used to get information about another user by specifying the user ID, and to also get friend collection information. For more information, please see here.
For more information about the JavaScript openUserProfile, please see here.

Revision History

  • 12/11/2012
    • Initial release


Design ShellApp Client


Purchase Items