How to Connect a Mobile App or Game to Your Portal API

Why Use the Portal as a Mobile Backend

Building a backend from scratch means provisioning servers, setting up databases, writing API endpoints, handling authentication, and managing scaling. The portal API gives you all of this out of the box. Your mobile app sends HTTP requests to the platform, which handles authentication, database operations, and response formatting. You focus on building the app itself.

The same data is accessible from both the mobile app and the web portal. A user who updates their profile in the app sees the change on the web portal, and vice versa. This unified data layer eliminates sync issues between different interfaces.

How the API Connection Works

Authentication

Your mobile app authenticates with the platform using an API key included in request headers. The API key identifies your account and validates that the request is authorized. For user-specific operations, include the user's account ID in the request so the platform can scope data access to the correct user.

Reading Data

To read data, your app sends a GET or POST request to the appropriate API endpoint with the table name, partition key, and sort key. The platform queries DynamoDB and returns the result as JSON. Your app parses the JSON and displays the data in your UI.

Writing Data

To write data, your app sends a POST request with the data payload as JSON. The platform validates the request, writes to the database, and returns a success or error response. Write operations include creating new records, updating existing fields, and deleting records.

Integration Examples

Unity Game

In Unity, use UnityWebRequest to call the API. Create a simple wrapper class that handles authentication, request formatting, and response parsing. Common operations include saving player progress on level completion, loading saved state on game startup, submitting scores to the leaderboard, and syncing in-app purchase status.

iOS or Android App

Native mobile apps use their platform's HTTP client (URLSession on iOS, OkHttp on Android) to call the API. React Native and Flutter apps use their respective HTTP libraries. The API is language-agnostic since it accepts and returns standard JSON over HTTPS.

Progressive Web App

PWAs running in a browser can call the API using the Fetch API or XMLHttpRequest. Since the API supports CORS, your web app hosted on any domain can communicate with the platform endpoints directly from the browser.

Data Storage Options

You have several storage options depending on your data model:

• NoSQL (key-value): Fast, simple storage at 1-2 credits per operation. Best for player data, settings, and simple records. See game backend with NoSQL.
• App Data table: Structured app data with arrays of records. Best for complex data with multiple record types per user.
• Conversation Data: Threaded message storage. Best for chat features, activity feeds, and communication logs.

Security Best Practices

Never embed API keys directly in your mobile app's source code since they can be extracted from compiled binaries. Instead, use a proxy approach where your app calls a lightweight endpoint that adds the API key server-side. For games where some cheating risk is acceptable, include basic request signing to prevent trivial manipulation while accepting that determined users may find ways around it.