Server sided script ???
I have used the GET method to pass form variables before securely by using an encrypted KEY that used a private key added to the variables before encrypting it using the openbrowser() command. (in classic)
That way no one could simply change the values in the path.
I haven't tried to do anything like this before, but I am sure it could be done if you let the server sided script do most of the work.
Getting those results for time watched should be easy enough with the HTTP stuff for the response if the results are written to a plain text file on the server by your script.
Can't remember exactly how I was doing it for the 64x64 Jam for matching players card info, but it was pretty straight forward using the mid() to pull out the parts of the results string that I wanted.
Again, never done this before with playing YouTube videos, but it seems like it should be doable running it in a separate window via the server's script rather than the app.
Once you have the server playing the video and recording the time watched so the app can access that info, then adding the coins and stuff on the app side should be doable.
Just a thought on a possible work around... so not sure if you could pull it off, but it seems like it could be done if you can time that video being played with your script.
Coding things my way since 1981 -- Currently using AppGameKit V2 Tier 1