▲ Tactical Heist Simulator ▲
NEON VAULT HEIST
Every Vault Is Different.
▸ Deploy CrewSneak past guards, dodge laser grids, and grab every gem before the alarm hits 100%. Cash out at the helipad — or risk it all.
For Casino Operators ↓▲ Tactical Heist Simulator ▲
Every Vault Is Different.
▸ Deploy CrewSneak past guards, dodge laser grids, and grab every gem before the alarm hits 100%. Cash out at the helipad — or risk it all.
For Casino Operators ↓B2B · RGS Integration
REST + HMAC. Server-authoritative rounds, provably-fair, signed wallet callbacks. You hold the license and the player wallet — we run the game and take 15% GGR.
Auth, wallet callbacks, session launch, rev share, full request/response reference.
Read the spec →02HMAC-SHA256 headers, timing-safe compare, sample code in Node & curl.
Signing guide →03Signed round.settled, round.refunded events with automatic retries.
Webhook events →04Sealed server seed hash at bet, revealed at settle. Verifier included.
Verify a round →05Isolated is_sandbox flag. Run the full flow without touching production ledgers.
Sandbox flow →06Eight-step checklist from credentials to sign-off. Typical setup: 1–3 days.
Start onboarding →Quickstart · 3 endpoints
Every player lifecycle in Neon Vault Heist is three server-to-server calls. Implement them in this order and you can point sandbox traffic at us today.
/api/public/rgs/launchYou call us. We mint a short-lived opaque session token and return a launch_url. Embed it in an iframe — that's the player's entry point into the game.
Session endpoint →POST /api/public/rgs/launch
{ "operator_player_id": "player-42",
"currency": "USD",
"balance_minor": 500000,
"ttl_seconds": 3600 }
→ { "session_id": "...",
"launch_url": "https://.../play?session=..." }/api/rgs/player/round-startCalled by the game canvas when the player wagers. We seal the outcome (crash point + seeds), then call your wallet /bet endpoint with an HMAC-signed payload. Return { ok, balance_minor } and the round is live.
Round-start reference →Your wallet receives:
POST <your_url>/bet
X-Signature: <hmac_sha256>
{ "operator_tx_id": "bet-<round_id>",
"operator_player_id": "player-42",
"amount_minor": 1000,
"currency": "USD" }
← { "ok": true, "balance_minor": 499000 }/api/rgs/player/round-cashoutPlayer reaches the cashout coin and hits CASH OUT. We validate against the sealed crash point + anti-cheat, then call your wallet /win. On bust, no /win — the wager is already yours. Server seed is revealed so the round is verifiable.
Verification guide →Your wallet receives (winners only):
POST <your_url>/win
X-Signature: <hmac_sha256>
{ "operator_tx_id": "win-<round_id>",
"amount_minor": 2400,
"multiplier": 2.40,
"currency": "USD" }
← { "ok": true, "balance_minor": 501400 }Operators must hold the appropriate gaming license in their jurisdiction. KYC / AML / geo-blocking remain the operator's responsibility.