API, client, Web Account Manager

The game…

I'm building a account manager, separated from the rest of the web services.
But one problem… how I can manage, the API token, the client token and the web services tokens ?
I don't know… but… I've build something, with registering, and login… and an api…
Yes it work, no it's not based on OAuth…(but I must read more about OAuth, because it can be better to use it in the future) it use the django-hasher crate to manage passwords.
For the token, I've choose to use the same algorithm to manage the web services tokens, the clients tokens and the API tokens. The generated token is a base64 string, with some infos… like… a randomly generated string, user id, type of the token… etc so… YOU MUST KEEP YOUR KEY SECRET !

The client… It's nothing. I've found a codename for the launcher, and started to work on it… but… before that I want to build the real game… So the launcher is in a waiting state.
For the game I'm searching for the sounds and trying to understand the game engine.

And…
The API, the api is named Djinn, because… why not ? My universe is an Heroic-Fantasy world… so… a Djinn can exist, and if we ask with the correct answer the Djinn respond, if the answer was incorrect… the Djinn will not respond. Like an API.
The API is not going to be huge now because of… you know i'v speak about two games, the first game is in local-only, so… no account, no request to a web server(excepted for checking update at start).
So the API is not a realy active project. But it exist.