Getting Started With AbraTabia Game Server

Updated July 2026
This guide takes you from nothing to a working multiplayer server: installed, configured, proven with the built-in demo game, and answering matchmaking calls from your own client. The whole process is a config file and a handful of commands, because the server is one small PHP app with a single SQLite database file. Grab the code from GitHub and pick whichever install path fits.

Requirements

PHP 8.1 or newer with the pdo_sqlite extension, which ships in standard PHP builds. That is the whole list. There is no database server to install, no websocket layer to configure, and no game engine requirement on the client side, the SQLite file is created automatically in data/ and any device that can make an HTTPS call can play.

Step 1: Install and Run the Server

All three install paths start the same way: copy config.sample.php to config.php and set apiKey and adminPassword to long random strings.

Local development uses PHP's built-in server:

cp config.sample.php config.php
# edit config.php: set apiKey and adminPassword
php -S localhost:8080 -t public

Docker is two commands after the config edit: docker compose up --build, and the app is at http://localhost:8080/ with the same admin and demo pages.

Shared hosting means uploading the project and pointing your docroot or a subdomain at the public/ folder. If you can only upload into an existing docroot, put everything in a subfolder and the API lives at yoursite.com/subfolder/public/api.php.

Step 2: Configure the Server

Everything lives in config.php, and the defaults are sensible for development. The settings worth knowing:

SettingWhat it does
apiKeyThe key game clients must send with every API call
adminPasswordPassword for admin.php
corsOriginWhich browser origins may call the API, "*" or your game's origin
dbPathSQLite file location
queueSecondsHow long a waiting queue entry lives, default 120
matchSecondsHow long a match lives with no new actions, default 3600
maxPlayersLargest match size a client may request, default 10

The two lifetimes are what make the server self-cleaning: queue entries that never fill and matches that go quiet expire on their own, with no cron job and nothing to babysit.

Step 3: Play the Demo Game

Open demo.php in two browser tabs, enter your API key in both, and click Find Public Match in each. Within a few seconds the tabs match against each other through your own server and you are playing tic tac toe against yourself. This proves the whole pipeline, matchmaking, the action log, and polling, before you write a line of client code. The demo is also a complete reference client, and the build a game walkthrough reads through it line by line.

Step 4: Join Matchmaking From Your Game

Your client joins the queue with a player ID your game generates, a game mode string, and a party size:

curl -X POST http://localhost:8080/api.php/join \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_KEY" \
  -d '{"playerid": "player-abc123", "gameMode": "1V1", "numPlayers": 2, "username": "Paul"}'

If enough compatible players are already waiting, the response is a matched object with the match ID, your player number, and everyone's display names. Otherwise it is {"status": "waiting"}, and your client polls api.php/status every couple of seconds until the match appears. Game modes are just strings your game invents, and private matches and modes covers the design space, including lobbies with join codes for playing with friends.

Step 5: Send and Receive Moves

Once matched, gameplay is two calls. Send a move with api.php/action, giving it a type and up to three data fields your game defines:

curl -X POST http://localhost:8080/api.php/action \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_KEY" \
  -d '{"playerid": "player-abc123", "matchid": "g17529339421234", "actionType": "move", "data1": "e2e4"}'

Then poll api.php/actions with the highest action ID you have already seen, and the server returns everything newer, in order, for every player. Every client replays the same log and arrives at the same game state, which is the property that makes turn-based multiplayer work. Every field on every endpoint is documented in the API reference.

Before You Go Live

Three production habits: serve over HTTPS, lock corsOrigin to your game's origin, and keep queueSeconds modest so the public queue stays fresh. For competitive games, have your clients validate each other's moves from the shared action log, every client sees the full log, which makes rule enforcement a client-side check everyone can perform. The admin area at admin.php shows the live queue and active matches whenever you want to watch your server work.

Key Takeaway

Setup is one config file: copy it, set two keys, and run the server locally, in Docker, or on shared hosting. Prove it with the two-tab demo game, then your own game is four API calls away from real multiplayer: join, status, action, actions.