Version: 1.0.0
Operator Wallet API
API contract that operators must implement. The platform calls these endpoints for authentication, bet placement (withdrawals), settlement (deposits), and rollbacks.
Retry behavior
The platform classifies responses by status code:
- 2xx — success, transaction processed.
- 4xx — permanent failure, not retried. Use the appropriate status code (e.g.
409for insufficient funds,401for invalid session). - 5xx — transient failure, retried up to 3 times with exponential backoff (200 ms → 2 s). If all retries fail, the platform treats it as a failure and may trigger a rollback.
All error responses must return a JSON body with an error field: {"error": "Human-readable message"}.
Authentication
- API Key: X-Payload-Signature
- API Key: Session
HMAC-SHA256 hex signature of the raw request body.
- Take the shared secret provided during onboarding.
- Compute:
signature = hex(HMAC-SHA256(secret, request_body)) - Send in the
X-Payload-Signatureheader.
See the Wallet Endpoints guide for code examples.
Security Scheme Type: | apiKey |
|---|---|
Header parameter name: | X-Payload-Signature |
JWT token identifying the authenticated player.
The JWT is minted by the operator backend during session initialization and passed by the widget in subsequent requests.
Security Scheme Type: | apiKey |
|---|---|
Header parameter name: | Session |