top of page
  • Writer's pictureJack

How to make a multiplayer online open world game

Updated: Feb 19, 2020

Note this article is for the developers out there. Im going over some pretty technical stuff for newbies, but google can probably answer your questions.

First, how do I know what I'm talking about? You can find my full programming history on linkedIn, but to quickly sum it up, I've built websites, email server, fax server, torrent trackers, torrent clients, desktop applications, speech recognition logic, mobile apps, APIs, SQL databases, matchmaking servers, voice servers, blah, blah, blah. For the last decade I've coded during work and on my free time. World of Pursuits(WOP) is also not my first MMO game. I was the lead network engineer for a VR MMO that went live through Steam (The game sucked tho lol, not my idea. I was only tasked to build the back-end to support it)

APIs, databases, hardware, matchmaking servers, money, and the video game application are the core pieces needed to create an open world video game experience. Take a look at the Thumper Games Stack image below. These are the communication lines between servers and computers to make World of Pursuits work. This whole stack is duplicated for testing and dev environments.


Data in the companies servers are not public, so if you want to share data with strangers over the internet, how do you do that?

API is an acronym that can mean multiple things in the program world, but now days its typically a web server that sends and receives requests to send and receive data between other systems, like a video game client or web browser application. The main role of an API is authentication and doing things you cant trust strangers to do over the internet with company data. Its not safe to let clients read/write to a database freely, so the API server does it for them after validating the request. A users asks the API to do something by calling a specific Url like "" behind the scenes. The API will return data in the form of JSON or XML strings instead of html like normal web request.

The Thumper Games API (green circle in the middle of the image above) is a .Net Core JSON API. It's running on a blade server sitting in some azure warehouse. In the World of Pursuits(WOP) project we use a modified version of the free VaRest plugin to do https request in blueprints to our API (Unreal Engine stuff).

So how does authentication work then?

When a user logs into World of Pursuits(WOP), they actually just log-in to the API behind the scenes. All that means is they got a REALLY long string that like "jsv84mov98BlahBlahif84" from the API. Its just encrypted characters. That string is sent to the API in each request then on to prove the identity of the requester over the internet. A user sends their username and password to the API (should be encrypted using latest TLS and Https), and the API returns a token that it has created and linked to their account. In World of Pursuits, that token is saved locally in the GameInstance class. It never even goes through a game server. The token expires and only works coming from the original IP address. Its super secure.

So anytime the user needs to change their data in the database, say they picked a new paint color for their car, they'll ask the API to do that for them. It works like this:

1. Api receives a request on The request contains the users token, vehicleId, and newBodyColor

2. The api will first validate the token is legit and can be used from the requesting Ip address, along with other security checks.

3.The api will validate the request. It will look up the requester's money by the token in the database, then validate there is enough money for the paint job. In this case it will also make sure the requester own the vehicle they are requesting to modify. If validation fails the api will return an error message and stop processing anything further.

4.If the request is valid, the Api will write to the database the new paint color, then return "true".

A user could hack around the games validation (cause its all logic running on their local computers), known as client side validation, and send a request to the API server without enough money to cover the paint job, or maybe a vehicle Id of another users vehicle. The API server side validation is what prevents hacking 100%. A company is at major risk going cheap with an inexperienced .Net developer. Ignorance can potential cost A LOT in the network security world.

Real .Net guys are not cheap, but its a requirement for an online open world competitive game.


Databases are simply a collection of data. The data used in World of Pursuits(WOP) is all stored in Azure Sql Databases. There's other options like MySql and Oracle databases, but things like character eye color, car colors, inventory items, or whatever, has to be saved somewhere. Then the data has to be shared instantly across the globe. WOP data is stored in a SQL Azure database on a blade server in a warehouse somewhere. The data is accessed through the API for clients, but we let our game servers talk directly to our database because we can trust them. Plus it saves on bandwidth cost while also being faster than the API being a middle man. I built a Database Communicator Plugin for Unreal Engine to do allow our servers to talk to our databases. Check out the products page to learn more on the plugin


A MMO needs a lot of hardware. Its costly. All the systems in the Thumper Games Stack image above need computers to run on. The whole stack needs to be duplicated to have testing and dev environments. Game servers need power, and so do development desktops trying to run Unreal Engine and Visual Studio. The cables in the ground that have to be borrowed to send/receive data have the highest cost. Bandwidth doesn't grow on trees. It grows from humans laying cables. It might start growing in space one day though, go Space-X!


Matchmaking is another .Net Developer job. Its basically another API. Its job is to track players queuing for activities, or requesting to join the open world. Thousands of people cant fit on to 1 game server, so you have to create multiple instances of levels on multiple game servers. The matchmaking server is responsible for tracking player counts, online servers, grouping players, and traveling players between servers. When a player uses a door in World of Pursuits to change levels, they're actually sending a request to the matchmaking server to get the IP of a game server running the level they're trying to join. To save on cost the player is not on a game server in their garage. They can tinker around all day on their car without being connected to a dedicated game server. They're game application is just talking to the API. Once they use the garage door to leave, the matchmaking server has to find them a server to join fast. The reason it picks a server can include things like favoring servers with friends on them.


You need a lot of money and time. Its a HUGE risk. It's easier to accept that risk on day 1 VS year 3. I used to say I liked gambling. With a wife, new kid, full-time stressful job, full-time Thumper Games development, bills, and thousands invested, i'm kinda over gambling now lol. My feet are tapped to the bicycle on this World of Pursuits stunt jump. I'm crashing or soaring, but there's no getting off now haha.

Video Game Application

Thumper Games uses the Unreal Engine 4 to build the MMO World of Pursuits(Our video game application). The game logic is the most complex piece of the puzzle. A single player game is probably 40% less complex than a multiplayer game, but probably 80% less complex than a full blown open world game with dedicated servers.

Video game development is a lot different from API development API logic is typically stateless, meaning logic works without running loops or persistent connections. There's just a request, then a response. The logic starts/stops and all connections are close in hopefully a few milliseconds.

Game devs work in a programming that's "running", meaning it doesn't stop until told to stop (like a user pressing "Exit Game"). There's more challenge to this type of programming because you have to look out for memory leaks, or bugs that don't show up until the game is running for hours. Its a madness of algorithms running in multiple threads (doing multiple things at once), while all trying to pass data between themselves. Mix in database request, API request, and the Unreal Engine's replication system, and logic can get real tangled up. Lazy or inexperienced devs can RUIN profit margins and even the ability for the game to stay running. Game devs have to know what event based programming is and how to follow SOLID(this is an acronym, look it up) principles. They have to look out for security flaws while making sure there's not even one hic-up of lag. A player gets pissed doing 200mph in a turn if a game server starts lagging on heavy, poor, or un-threaded code. Threads are another programming concept game devs have to master that can get tricky, unstable, and a pain to debug if inexperienced. Logic built by newbies will work on day 1, but will it still work under heavy user load? Will it scale with larger data tables? Is it actually secure? Can it be "gamed" or hacked? Is it thread safe? How does error handling work? These are all reasons why you HAVE to have at least 1 senior FULL-STACK game dev to guide the dev team. A good senior dev is a teacher. I'm married to a teacher :)

A lot is required to make an open world game. It keeps me up at night wondering if what I'm creating is worth the time away from my friends and family. It's the anxiety known by all entrepreneurs though. Games are HIGH RISK, mostly fail, and successful ones still only last for a few year typically. However I'm the son of a CPA and Financial Advisor, Ive been programming WAY to long, I really like programming, and the Infantry taught me mental stamina. I've got great stats to build a successful MMO. I know I have the capability, and I feel passionate to prove it. Wish me luck though! If you enjoyed the read, join our discord server and help boost our market presence. Thanks!

1,865 views0 comments

Recent Posts

See All


bottom of page