APIs, website, and security enhancement for Aim Gods

Aim Gods is a Twitch arena shooter developed by Finalmouse — a gamer mice developer. The game was a part of the mice promo campaign. Every tournament participant got a chance to win a limited mouse or a very significant discount.

descriptive text

What the task was

We had to develop a set of APIs, a game website with an admin panel, Twitch integration, and critical tournament game features like matchmaking, real-time chat, friend & party management, ranking, etc.

Plus, taking into account the cloud infrastructure of the game’s social aspect, we had to enhance its security to detect and prevent possible DDoS attacks, and at the same time, reduce infrastructure costs.


How we solved it

Developed a set of essential tournament game features

Real-time matchmaking and multiplayer lobby

We have integrated AWS GameLift to manage match searching queues and how it shuffles the players and places them in the lobby before joining the game.

Chat system

We have used API Gateway Websockets to develop a real-time chat system for players to communicate seamlessly during the game.


Friends & newsfeed management

Developed how players interact within the platform, add each other to friends lists, send messages, follow, block, etc.

Ranking system

We have automated the rank and tier calculation based on the results of the matches by ELO methodology.

Loot boxes

Made a roulette wheel that payers could spin and receive random discount % from purchasing a mouse.

Twitch integration p\n

Players could connect their Twitch account and stream the game in real-time.


Set up an admin panel

We’ve designed and developed an admin panel to manage game season start, purchases, access keys, activations, and deactivations.


Enhanced security

We’ve ensured that users and workloads follow the least-privilege principle and have access only to the actions they need so we could trace changes to the workload configurations.

With CIS AWS Foundations Benchmark and AWS Security Hub, we’ve set up constant cloud assessment and an overview of CloudTrail logging and its coverage, the status of enforcing password policies and permission boundaries, abandoned and misconfigured EC2 instances, and other workloads.

In addition, We’ve used AWS GuardDuty to detect any suspicious requests from blocklisted IPs. We’ve also enabled WAF (Web Application Firewall) to cut these requests as they show up thanks to a pre-defined set of rules with all known types of attacks like shuffle the players and placeXSS (cross-site scripting), SQL injections, etc.


How it benefited our client

Games like this cannot work correctly without APIs that help essential parts of the game communicate. With our help, Aim Gods got:

  • Real-time services with low response time and immediate updates
  • Admin panel to manage game seasons and access
  • Enhanced DDoS protection and automated security assessments

Our works


ELT Platform



Architecture Improvements

Architecture Improvements