Getting started
Keys, anonymous identity, and the one-import integration loop.
Triggair is a game backend for browser games. You integrate it with one import and one publishable key; player-scoped calls authenticate themselves, and every error tells an agent how to fix it.
Keys
Every game has two key kinds. The publishable key (tg_pk_…) is safe in client code — it identifies the game and is origin-checked (CORS). The secret key (tg_sk_…) is server-only and must never ship in a client. Issue and rotate keys in the dashboard (Setup → Keys) or via the API. Only the SHA-256 hash is stored; the full key is shown once.
import { createClient } from '@triggair/sdk';
const tg = createClient({ key: 'tg_pk_your_key' }); Anonymous-first identity
There are no accounts or login screens by default. On first use the SDK mints an anonymous player token from a stable device id and silently refreshes it; every player-scoped call attaches it. For cross-device rescue, mint a recovery code the player saves once and redeem it on the new device.
const { playerId } = await tg.login();
const { code } = await tg.mintRecoveryCode(); // show once
await tg.recover(code); // same player, new device CORS — the 'works locally, 403s deployed' trap
Browser calls are origin-checked. If a call only fails once deployed, add your deployed origin to the game's allowed_origins (Setup → Keys/CORS). An empty allowlist is open to any origin — set it before you ship.
Close the loop
After wiring the SDK, run the self-test — the MCP tool triggair_verify_integration or the dashboard's verify runner. It live-probes player → save → leaderboard → CORS and reports pass/fail per service with fixes.