Integration spec · v1
B2B casino integration. Server-authoritative rounds, provably-fair outcomes, HMAC-signed wallet callbacks. You hold the license and the player wallet; we run the game and take a 15% GGR share by default.
/bet, /win, /refund)operator_id (UUID), api_key, and hmac_secret — shown once at provisioningrtp_target (default 96%), max_win_multiplier (default 2000×), allowed_currenciessha256(server_seed) published pre-round, revealed post-settleEvery inbound call to /api/public/rgs/* requires four headers:
X-Operator-Id: <uuid> X-Operator-Key: <api_key> X-Operator-Hmac: <hmac_secret> X-Timestamp: <unix seconds> X-Signature: HMAC_SHA256(hmac_secret, "<ts>.<METHOD>.<path>.<sha256(rawBody)>")
Timestamp tolerance ±5 minutes. Signature comparison is timing-safe. We sign our outbound wallet calls back to you with the same scheme.
POST /api/public/rgs/launch
{
"operator_player_id": "player-42",
"currency": "USD",
"balance_minor": 500000, // $5,000.00
"ttl_seconds": 3600
}
→ 200
{
"ok": true,
"session_id": "…",
"launch_url": "https://<host>/play?session=<opaque>",
"expires_at": "2026-07-03T21:00:00Z"
}Embed launch_url in an iframe.
When the player bets or cashes out, we call your wallet API. All requests are HMAC-signed with the same scheme as above.
POST <wallet_callback_url>/bet
{
"operator_tx_id": "bet-<round_id>", // idempotency key
"operator_player_id": "player-42",
"session_id": "…",
"round_id": "…",
"currency": "USD",
"amount_minor": 10000 // $100.00
}
→ { "ok": true, "balance_minor": 490000 }
POST <wallet_callback_url>/win
{ …, "amount_minor": 25000, "multiplier": 2.5 }
→ { "ok": true, "balance_minor": 515000 }
POST <wallet_callback_url>/refund
{ …, "amount_minor": 10000 }
→ { "ok": true, "balance_minor": 500000 }Idempotency is enforced on our side by operator_tx_id; enforce it on yours too. If /bet returns non-200, we void the round and no bet is recorded.
Every round exposes:
GET /api/public/rgs/round/<round_id>
→ {
"server_seed": "…", // revealed only after settle/refund
"server_seed_hash": "…", // published pre-round
"client_seed": "…",
"nonce": 3,
"outcome": { "crashPoint": 4.87, "mapSeed": "…", "lootSeed": "…", "guardSeed": "…" },
"realized_multiplier": 2.50,
"payout_minor": 25000
}Verify by computing sha256(server_seed) and confirming it matches server_seed_hash, then replaying HMAC_SHA256(server_seed, "<client_seed>:<nonce>:crash") to reproduce the crash point.
GET /api/public/rgs/revenue?from=2026-07-01&to=2026-07-31
→ {
"ok": true,
"days": [
{
"period_day": "2026-07-01",
"currency": "USD",
"ggr_minor": 148000,
"house_share_minor": 22200, // your 15% goes to the house
"operator_share_minor": 125800,
"rounds": 342
}, …
]
}Contact the studio for provisioning. Bootstrap keys, rev-share overrides, and allow-lists are set per-operator.