Integrating Shield Module

This section contains the steps to integrate the Shield Module. The next section contains the Validate session token API reference and code samples to validate the session token.

1. Get Session Token

You can generate a secure sessionToken on-demand by calling the Shield Module API.

To get the session token, launch a new intent to start the BlueStacks App player Shield Module and set up a callback to receive the session token.

You can use the following code in your app to get the session token as and when required:

// Callback to receive session token from BlueStacks App player Shield Module API
ResultReceiver receiver = new ResultReceiver(new Handler()) {
   protected void onReceiveResult(int resultCode, Bundle resultData) {
       super.onReceiveResult(resultCode, resultData);
       if (resultCode == 0) { // means we have got the session token and hence can read packageName and sessionToken
           String pkgName = resultData.getString("packageName");
           String sessionToken = resultData.getString("sessionToken");
       } else {
           // there was some error while getting session token
           Log.d(TAG, "error in getting session token");

Intent intent = new Intent(); // Starting the BlueStacks App player Shield Module  
intent.putExtra("resultReceiver", receiverForSending(receiver));
intent.putExtra("pkgName", getPackageName());
ComponentName componentName = startService(intent);
if (componentName == null) {
   Log.d(TAG, "Error in getting session token, no token service present");

ResultReceiver receiverForSending(ResultReceiver actualReceiver) {
   Parcel parcel = Parcel.obtain();
   actualReceiver.writeToParcel(parcel, 0);
   ResultReceiver receiverForSending = ResultReceiver.CREATOR.createFromParcel(parcel);
   return receiverForSending;

Note: The sessionToken must be sent to your game backend immediately (session token expires after 5 minutes), which will validate it with the Bluestacks backend.

2. Send session token to Game Backend

The next step is to send this session token to your game backend server for validation. Your backend server will then validate this session token with the BlueStacks backend, as illustrated in the next step.

3. Validate the session token

The next step is to validate the session token. Use the Validate Session Token API at your game backend to verify the token from BlueStacks backend.

Note: You can get the secret_api_key (Shield API Key) by following the steps mentioned here.

4. Handle the response of session token validation

In the final step, your game backend will receive the response of session token validation from the BlueStacks backend. You can handle this response in your game client as per your requirement.

The following is the expected response:

     is_verified: <True/False>,
     error_code : <error_code>   // Error code if is_verified is False

Response Handling

  • If is_verified is True – the game should continue as the session token is verified.
  • If is_verified is False – the game should not be allowed to continue, as:
    • The game may be running on some other platform, or
    • The game may have been tampered with.

Important Information

  • Depending on your requirement, if you wish to lock your game to a single instance or disable Macros, please email us at
  • To test your integration, please continue to the testing integration section.
  • We have also included the demo project for Shield, which you can find here.
Text copied to clipboard
Link copied to clipbord
Questions? Please reach out to us at