Live infrastructure.
One typed API.
Orivox keeps LiveOps, progression, commerce, and Web3 operations server-authoritative while engine adapters deliver portable runtime JSON to game clients.
Privileged operations stay private
Zod checks every API response
JSON adapters for modern engines
Install the SDK
npm install @orivox/sdkServer applications require Node.js 20+. Only browser-safe public operations belong in distributed clients.
Connect your project
Create one client inside a trusted backend using a private API key and project ID.
import { Orivox } from "@orivox/sdk";
const orivox = new Orivox({
apiKey: process.env.ORIVOX_API_KEY!,
projectId: process.env.ORIVOX_PROJECT_ID!,
});
const [config, events] = await Promise.all([
orivox.remoteConfig.getAll(),
orivox.events.listActive(),
]);orivox.remoteConfigorivox.featureFlagsorivox.rewardsorivox.eventsorivox.shopsorivox.battlePassorivox.xporivox.playersorivox.segmentsorivox.analyticsorivox.enginesorivox.solanaorivox.x402orivox.webhooksSeparate clients from privilege
GAME CLIENTS
Unity · Godot · Unreal · Web
ORIVOX SDK
Validation · retry · adapters
INFRASTRUCTURE
Orivox API · Solana · x402
→ retry safe/idempotent failure with jitter
→ validate JSON with Zod → typed result or OrivoxError
Remote configuration
const rate = await orivox.remoteConfig.getNumber("enemy_spawn_rate", 1);
const shop = await orivox.remoteConfig.getJson<ShopConfig>("main_shop");
await orivox.remoteConfig.refresh();Feature flags
const result = await orivox.featureFlags.evaluate("new_inventory", {
playerId: "player_123", country: "ID", level: 20, platform: "pc"
});
if (result.enabled) enableInventory();Rewards, events, and battle passes
await orivox.rewards.claim({ playerId, calendarId: "default" });
await orivox.events.addProgress({ eventId, playerId, objectiveId, amount: 1 });
await orivox.battlePass.addXp({ playerId, amount: 250, source: "match_complete" });Server-resolved shops and x402
Never accept a price from a game client. Use exact decimal strings for payments and an idempotency key for purchases.
const receipt = await orivox.shops.purchase({
shopId: "main_shop", offerId: "starter_pack", playerId,
paymentMethod: "x402", idempotencyKey: crypto.randomUUID(),
});
await orivox.x402.createPaymentRequest({
resource: "/shops/main_shop/offers/starter_pack",
amount: "5.00", currency: "USDC",
});Wallet and asset verification
const challenge = await orivox.solana.wallet.createChallenge({ walletAddress, playerId });
const ownsAsset = await orivox.solana.nfts.verifyOwnership({ owner: walletAddress, mintAddress });Verify before processing
Pass the unmodified raw body. Verify HMAC signature and timestamp, reject replayed event IDs, process the typed event exactly once, then return 2xx.
const event = await orivox.webhooks.verify({
rawBody, signature, secret: process.env.ORIVOX_WEBHOOK_SECRET!,
});Operational controls
baseUrlhttps://api.orivox.devenvironmentproductiontimeoutMs30000retries3cacheMemoryCacheloggeroptional structured hooksA hard client boundary
- Clients may read public runtime configuration and evaluate public flags.
- Progression updates, rewards, and purchases run on a trusted backend.
- Solana and x402 verification never runs in an untrusted client.
- Private API keys, webhook secrets, and signing keys are never bundled into games.
Errors, retries, and pagination
Every failure extends OrivoxError with a stable code, optional status and request ID, contextual details, and a retryable flag. The client retries safe/idempotent 408, 429, and 5xx responses with backoff and jitter.
const page = await orivox.events.list({ limit: 20 });
for await (const event of orivox.events.iterate()) console.log(event.id);Portable runtime JSON
Supported adapters: Unity, Godot, Unreal Engine, Phaser, Three.js, Babylon.js, and custom engines.
const runtimeConfig = await orivox.engines.unity.getRuntimeConfig({ playerId });
const json = orivox.engines.unity.serialize(runtimeConfig);@orivox/sdk. Generate the full local reference with npm run docs.