Why Server-Side Storage Matters
Hardcoding sensitive values like memory offsets, API endpoints, or configuration strings directly in your client binary is a security risk. Every time a value changes, you'd need to push a new binary update. PapelShip's server-side systems solve this by letting you manage dynamic data from your dashboard and deliver it to authenticated clients at runtime.
Server-Side Strings
Navigate to /dashboard/api-integrations/serverside-strings to access the String Library. Each record has the following properties:
Access ID — A unique 12-character identifier automatically generated when you create a string. Your client application uses this ID to fetch the value from the API.
String Types:
- String — Plain text values. Store API URLs, configuration JSON, version numbers, or any arbitrary text content.
- Offset — Memory offsets formatted as
module + address. The dashboard provides an Offset Calculator with fields for Base Module (e.g.,client.dll) and Offset Address (e.g.,0x123456). The stored value becomesclient.dll + 0x123456. - Function — Mathematical expressions or formulas. The Equation Builder lets you construct expressions like
(base_addr * 0x4) + 0x100with hex/add/multiply helpers.
Product Scoping
Each string can be scoped to specific products or left as Global (accessible by all products). This is controlled by the Target Products selector, where you pick one or more products by their internal cheat_value identifier.
Force Key Check
When the Force Key Check toggle is enabled on a string, the API endpoint requires a valid, active license key to be presented alongside the access ID. Without a valid key, the server returns an authorization error. This prevents users with expired or banned licenses from accessing critical data like memory offsets.
Server-Side Files
The file management system at /dashboard/api-integrations/file-management works similarly to strings but delivers binary files instead of text values. Use cases include:
- DLL injection payloads — Deliver the latest compiled DLL to authenticated clients
- Configuration archives — Push JSON/XML config packs
- Asset bundles — Distribute encrypted game assets or model files
- Patch files — Deliver incremental binary patches
Files are uploaded through the dashboard with chunked upload support for large files. Each file gets its own access ID and can be scoped to specific products.
Integration Example
Here's the conceptual flow for fetching a server-side string from your C++ client:
GetServerString(access_id) with the 12-character IDFor files, the flow is identical but uses GetServerFile(access_id) which returns the binary content.
Security Best Practices
Dashboard Workflow
- Create — Click "New String", fill in label, select type, configure product scope and security
- Edit — Click the edit icon on any row to modify the value or settings
- Search — Filter by label, access ID, or string value using the search bar
- Copy Access ID — One-click copy button for easy integration into your code
- Delete — Permanently remove a string record (requires confirmation)


