diff --git a/public/break_escape/js/core/game.js b/public/break_escape/js/core/game.js
index e70d2c3..e727931 100644
--- a/public/break_escape/js/core/game.js
+++ b/public/break_escape/js/core/game.js
@@ -19,6 +19,7 @@ import { NPCHealthBars } from '../ui/npc-health-bars.js';
 import { GameOverScreen } from '../ui/game-over-screen.js';
 import { PlayerCombat } from '../systems/player-combat.js';
 import { NPCCombat } from '../systems/npc-combat.js';
+import { ApiClient } from '../api-client.js'; // Import to ensure window.ApiClient is set
 
 // Global variables that will be set by main.js
 let gameScenario;
diff --git a/public/break_escape/js/minigames/password/password-minigame.js b/public/break_escape/js/minigames/password/password-minigame.js
index 0898cc6..28e8c7d 100644
--- a/public/break_escape/js/minigames/password/password-minigame.js
+++ b/public/break_escape/js/minigames/password/password-minigame.js
@@ -376,12 +376,13 @@ export class PasswordMinigame extends MinigameScene {
     }
     
     async submitPassword() {
+        const gameId = window.breakEscapeConfig?.gameId;
         console.log('submitPassword called', {
             isActive: this.gameState.isActive,
             correctPassword: this.correctPassword,
             hasApiClient: !!window.ApiClient,
             hasAPIClient: !!window.APIClient,
-            gameId: window.gameId
+            gameId: gameId
         });
 
         if (!this.gameState.isActive) return;
@@ -399,14 +400,14 @@ export class PasswordMinigame extends MinigameScene {
 
         // Check if we need server-side validation (correctPassword is null or empty string)
         const apiClient = window.ApiClient || window.APIClient;
-        if ((!this.correctPassword || this.correctPassword === '') && apiClient && window.gameId) {
+        if ((!this.correctPassword || this.correctPassword === '') && apiClient && gameId) {
             console.log('Using server-side validation');
             await this.validatePasswordWithServer(enteredPassword);
         } else {
             console.log('Using client-side validation', {
                 correctPassword: this.correctPassword,
                 hasApiClient: !!apiClient,
-                gameId: window.gameId
+                gameId: gameId
             });
             // Client-side validation (backwards compatibility)
             if (enteredPassword === this.correctPassword) {
diff --git a/public/break_escape/js/minigames/pin/pin-minigame.js b/public/break_escape/js/minigames/pin/pin-minigame.js
index 1fd6b58..1681c31 100644
--- a/public/break_escape/js/minigames/pin/pin-minigame.js
+++ b/public/break_escape/js/minigames/pin/pin-minigame.js
@@ -250,7 +250,8 @@ export class PinMinigame extends MinigameScene {
         // Check if we need server-side validation (correctPin is null or empty)
         let isCorrect;
         const apiClient = window.ApiClient || window.APIClient;
-        if ((!this.correctPin || this.correctPin === '') && apiClient && window.gameId) {
+        const gameId = window.breakEscapeConfig?.gameId;
+        if ((!this.correctPin || this.correctPin === '') && apiClient && gameId) {
             console.log('Using server-side PIN validation');
             isCorrect = await this.validatePinWithServer(this.currentInput);
         } else {