API docs by Redocly

Gamble Hub API (1.0)

Download OpenAPI specification:

Gamble Hub API v1.0 — Integration Guide.

Environments

  • Stage and Prod are separated: different logins, different secret keys, different IP allowlists.
  • Integration starts on Stage (end-to-end validation, callback testing, stabilization, acceptance) and moves to Prod after acceptance.

What we need before technical start

  • Callback endpoint URL (wallet callbacks / seamless model). Configured per currency (can be the same URL for all currencies).
  • IP addresses for allowlisting (separate lists for Stage and Prod).
  • (Recommended) initial currency list for Stage testing so callbacks can be configured per currency from day one.

Integration models

  • Seamless: during gameplay the provider calls your wallet callbacks (getBalance, writeBet, rollback) signed with X-Signature.
  • Transfer: the merchant works with the command endpoint POST /apiIndividualWallet/ (userCreate, userCash, userInfo). No incoming callbacks are expected.

Auth

Authentication and token issuance.

Obtain Access Token (login)

Request (from guide example): POST https://office-api-dev.gamble-hub.net/auth/login with application/x-www-form-urlencoded

Body fields:

  • login
  • password
Request Body schema: application/x-www-form-urlencoded
required
login
required
string
password
required
string

Responses

Request samples

Content type
application/x-www-form-urlencoded
login=casino_operator&password=Qx9%23mK2%21pLnR

Response samples

Content type
application/json
{
  • "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI0ODFlM2M5Yi03N2YyLTRkMWEtYjgzMi05YzVlMGY4YTJkMTQiLCJsb2dpbiI6ImNhc2lub19vcGVyYXRvciIsInJvbGUiOiJVc2VyIiwiaWF0IjoxNzQ1NzQ4MDAwLCJleHAiOjE3NDU4MzQ0MDB9.Xk2mN9pQrL4vJsT8hDfW3uCbYoKgP7nAeRtMzIqVl5c",
  • "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI0ODFlM2M5Yi03N2YyLTRkMWEtYjgzMi05YzVlMGY4YTJkMTQiLCJ0eXBlIjoicmVmcmVzaCIsImlhdCI6MTc0NTc0ODAwMCwiZXhwIjoxNzQ2MzUyODAwfQ.mP3qRsNvTcYdJkW8xBfL2eAoGhI9ZuQlXrKtDyEwH6n",
  • "user": {
    }
}

Game Catalog

Fetch available games for the user.

Get user games by currency

Authorizations:
bearerAuth
path Parameters
user_id
required
string
currencyISO
required
string

Currency in ISO format (e.g., USD, EUR).

Responses

Response samples

Content type
application/json
[]

Game Session

Open a game session (launch).

Open game (no Authorization required)

MUST include X-Signature header (HMAC-SHA256 over raw JSON body).

Notes:

  • demo: "1" for demo mode (no callbacks), "0" for real gameplay.
  • callbackUrl: may override the default callback URL configured in the admin panel (leave empty to use default).
header Parameters
X-Signature
required
string
Examples: 9b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d

Hex HMAC-SHA256 computed over raw JSON body bytes using the user secret.

Request Body schema: application/json
required
currency
required
string

Game session currency (USD, EUR etc.)

demo
required
string
Enum: "0" "1"

"1" to start demo mode (no callbacks), "0" – real gameplay.

exitUrl
required
string <uri>
gameId
required
string
language
required
string

ISO (en, es, fr, de etc.)

player_login
required
string

Login name of the player that starts the game.

user_id
required
string

API user ID.

callbackUrl
string <uri>

Override default callback URL in admin panel. Leave empty for default.

Responses

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
{}

Webhooks

Wallet callbacks for the seamless model (provider → merchant).

The provider calls your callback URL during gameplay. Each request includes X-Signature (HMAC-SHA256 over raw body).

Idempotency: providers may retry callbacks — use transactionId as a unique key. If you already processed a writeBet with the same transactionId, return the current balance without applying the operation again.

Balance callback (provider -> your callback URL) Webhook

Called by the provider during gameplay (seamless model). Requires X-Signature (HMAC-SHA256 over raw body).

header Parameters
X-Signature
required
string
Examples: 9b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d

Hex HMAC-SHA256 computed over raw JSON body bytes using the user secret.

Request Body schema: application/json
required
cmd
required
string
Value: "getBalance"
login
required
string
sessionid
required
string

Responses

Request samples

Content type
application/json
{
  • "cmd": "getBalance",
  • "login": "alex_morozov_88",
  • "sessionid": "7d3b9e2a-4f1c-8d06-a912-c3e5f7b29041"
}

Response samples

Content type
application/json
{
  • "balance": 2500,
  • "currency": "USD",
  • "error": "",
  • "login": "alex_morozov_88",
  • "status": "ok"
}

Bet/Win callback (provider -> your callback URL) Webhook

Idempotency: providers may retry callbacks — use transactionId to ensure you don't apply the operation twice.

On error: return HTTP status 400+ and set status: "fail".

header Parameters
X-Signature
required
string
Examples: 9b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d

Hex HMAC-SHA256 computed over raw JSON body bytes using the user secret.

Request Body schema: application/json
required
cmd
required
string
Value: "writeBet"
bet
required
number
win
required
number
login
required
string
sessionid
required
string
transactionId
required
string

Unique transaction ID of each callback. Must not repeat.

round_finished
required
boolean

Round was finished.

info
required
string

Bet and win details from providers.

Responses

Request samples

Content type
application/json
Example
{
  • "cmd": "writeBet",
  • "bet": 25,
  • "win": 0,
  • "login": "alex_morozov_88",
  • "sessionid": "7d3b9e2a-4f1c-8d06-a912-c3e5f7b29041",
  • "transactionId": "txn_a3f7c912-d0e5-b841-9f2c-3e6a7d8b01c4",
  • "round_finished": false,
  • "info": "{\"gameType\":\"slots\",\"betPerLine\":1.25,\"lines\":20,\"roundId\":\"r_9f4a2c7b\"}"
}

Response samples

Content type
application/json
Example
{
  • "balance": 2475,
  • "currency": "USD",
  • "error": "",
  • "login": "alex_morozov_88",
  • "status": "ok"
}

Rollback callback (provider -> your callback URL) Webhook

transactionId matches the original bet transaction ID.

header Parameters
X-Signature
required
string
Examples: 9b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d

Hex HMAC-SHA256 computed over raw JSON body bytes using the user secret.

Request Body schema: application/json
required
cmd
required
string
Value: "rollback"
bet
required
number

The rollback amount matches the bet amount when the wager was accepted.

win
required
number

win (0)

login
required
string
sessionid
required
string
transactionId
required
string

The rollback transaction matches the bet transaction (same transaction ID).

round_finished
required
boolean

(true)

info
required
string
gameId
required
string

Responses

Request samples

Content type
application/json
{
  • "cmd": "rollback",
  • "bet": 25,
  • "win": 0,
  • "login": "alex_morozov_88",
  • "sessionid": "7d3b9e2a-4f1c-8d06-a912-c3e5f7b29041",
  • "transactionId": "txn_a3f7c912-d0e5-b841-9f2c-3e6a7d8b01c4",
  • "round_finished": true,
  • "info": "{\"reason\":\"provider_timeout\",\"originalRound\":\"r_9f4a2c7b\"}",
  • "gameId": "integration_a:provider_a:game_001"
}

Response samples

Content type
application/json
{
  • "balance": 2500,
  • "currency": "USD",
  • "error": "",
  • "login": "alex_morozov_88",
  • "status": "ok"
}

Transfer Wallet

Transfer model: the wallet is managed through the command endpoint POST /apiIndividualWallet/.

Wallet commands covered here:

  1. userCreate — create a player wallet.
  2. userCash — deposit or withdraw (operation = in|out).
  3. userInfo — fetch current player balance.

Request signing: transfer wallet requests use the same X-Signature flow as openGame and seamless wallet callbacks. The signature algorithm is described in the Security: Request Signing (HMAC-SHA256) section of this guide.

Transfer wallet command endpoint

Single entry point for transfer wallet operations.

The cmd field defines which operation must be executed:

  • userCreate creates a player record and returns the initial balance.
  • userCash performs a balance operation using operation = in|out.
  • userInfo returns the current balance without modifying it. Required request fields: cmd, userLogin, user_id.

Request signing uses the same flow as openGame and seamless wallet callbacks:

  • send the signature in the X-Signature header
  • resolve the player-specific secret_api_key using user_id
  • compute HMAC-SHA256 over the exact raw JSON body bytes
  • send the hex-encoded digest in X-Signature

For userCash, the cash value is a decimal string with 2 fractional digits.

header Parameters
X-Signature
required
string
Examples: 9b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d

Transfer wallet request signature. Hex-encoded HMAC-SHA256 computed over the exact raw JSON body using the player-specific secret_api_key.

Request Body schema: application/json
required
cmd
required
string
Enum: "userCreate" "userCash" "userInfo"

Transfer wallet command.

  • userCreate creates a player wallet.
  • userCash changes the player balance.
  • userInfo returns the current player balance.
userLogin
required
string

Player login within the merchant hall.

user_id
required
string

User identifier.

operation
string
Enum: "in" "out"

Required for userCash.

  • in deposits money to the player wallet.
  • out withdraws money from the player wallet.
cash
string (TransferMoneyAmountString)

Monetary amount in Decimal(12,2) string form.

Responses

Request samples

Content type
application/json
Example
{
  • "cmd": "userCreate",
  • "userLogin": "test_player",
  • "user_id": "481e3c9b-77f2-4d1a-b832-9c5e0f8a2d14"
}

Response samples

Content type
application/json
Example
{
  • "status": "success",
  • "microtime": 0.004074077606201,
  • "dateTime": "2024-04-12 12:01:40",
  • "error": "",
  • "content": {
    }
}