#Backend Score Validation

Any data the client sends can be reverse engineered. At a minimum you'll want to be using https, it does make communication a bit more annoying to replicate (although not by much for advanced users).

Depending on how accurately you want the scores to reflect user performance you could do the overkill approach and work purely via server authored receipts:

• Everything on the client is a representation of server data. Everything has an id (for which a receipt may be issued)
• clients will tell the server what ids they've accomplished
  • whether or not the client was organically able to do all it says that it did via cheating can involve further live checks or most likely delayed analysis on their performance
  • two clients claiming the same id is subject to resolution, but this allows clients to spam their timestamped requests safely due to idempotent operations (safe repetition)
    Scores are pre-assigned to each client as they securely communicate with the server, not via who they claim to be in content but through the authorised session your server grants them securely.

Now it's a question of how loosely hou want to control and secure this behavior. General rule of thumb is to be as lenient as possible. Only highly competitive, multiplayer games need this.

But whenever you're trusting the client to send you any data without the server having any way to verify and recompute it itself, it can always be cheated by someone willing to put in the time.

I just wanted to send player's score to my database without the user able to tampering with the score data

since the score itself is really valuable and it could effect the economy inside the game

It will be a webgl game