Gamble Hub API (1.0)

Download OpenAPI specification:

Gamble Hub API v1.0 — Integration Guide.

Environments

  • Stage and Prod are separate: logins, secret keys, IP allowlists.
  • Start on Stage. Move to Prod only after acceptance.

Required before start

  • Callback URL for seamless wallet callbacks.
  • IPs for allowlisting: separate lists for Stage and Prod.
  • Stage currency list. Callback URLs are configured per currency.

Integration models

  • Seamless: provider calls your wallet (getBalance, writeBet, rollback) with X-Signature.
  • Transfer: merchant calls POST /apiIndividualWallet/ (userCreate, userCash, userInfo). No callbacks.

Auth

Authentication and token issuance.

Obtain Access Token (login)

Login endpoint.

Request:

  • URL: POST https://office-api-dev.gamble-hub.net/auth/login
  • Content-Type: application/x-www-form-urlencoded
  • Body fields: login, password

IMPORTANT: accessToken has limited TTL. After expiry, call /auth/login again.

COMMON ERROR: do not send JSON here. Use application/x-www-form-urlencoded, otherwise expect HTTP 400 or 401.

Request Body schema: application/x-www-form-urlencoded
required
login
required
string
password
required
string

Responses

Request samples

Content type
application/x-www-form-urlencoded
login=casino_operator&password=Qx9%23mK2%21pLnR

Response samples

Content type
application/json
{
  • "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI0ODFlM2M5Yi03N2YyLTRkMWEtYjgzMi05YzVlMGY4YTJkMTQiLCJsb2dpbiI6ImNhc2lub19vcGVyYXRvciIsInJvbGUiOiJVc2VyIiwiaWF0IjoxNzQ1NzQ4MDAwLCJleHAiOjE3NDU4MzQ0MDB9.Xk2mN9pQrL4vJsT8hDfW3uCbYoKgP7nAeRtMzIqVl5c",
  • "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI0ODFlM2M5Yi03N2YyLTRkMWEtYjgzMi05YzVlMGY4YTJkMTQiLCJ0eXBlIjoicmVmcmVzaCIsImlhdCI6MTc0NTc0ODAwMCwiZXhwIjoxNzQ2MzUyODAwfQ.mP3qRsNvTcYdJkW8xBfL2eAoGhI9ZuQlXrKtDyEwH6n",
  • "user": {
    }
}

Game Catalog

Fetch available games for the user.

Get user games by currency

Authorizations:
bearerAuth
path Parameters
user_id
required
string
currencyISO
required
string

Currency in ISO format (e.g., USD, EUR).

Responses

Response samples

Content type
application/json
[]

Game Session

Open a game session (launch).

Open game (no Authorization required)

Open game session.

  • Requires X-Signature over raw JSON body.
  • demo = "1": demo mode, no wallet callbacks.
  • demo = "0": real gameplay.
  • callbackUrl: optional override for the admin-panel callback URL.
  • ip: optional player IP. Required only for some providers; ask support if your provider requires it.
header Parameters
X-Signature
required
string
Examples: 9b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d

Hex HMAC-SHA256 over raw JSON body bytes using the user secret.

Request Body schema: application/json
required
currency
required
string

Game session currency (USD, EUR etc.)

demo
required
string
Enum: "0" "1"

"1" to start demo mode (no callbacks), "0" – real gameplay.

exitUrl
required
string <uri>
gameId
required
string
language
required
string

ISO (en, es, fr, de etc.)

player_login
required
string

Login name of the player that starts the game.

user_id
required
string

API user ID.

ip
string

Optional player IP address. Some providers require it for launch, risk checks, or jurisdiction rules. Ask support if your provider requires ip.

callbackUrl
string <uri>

Override default callback URL in admin panel. Leave empty for default.

Responses

Request samples

Content type
application/json
Example
{}

Response samples

Content type
application/json
Example
{}

Webhooks

Seamless wallet callbacks: provider → merchant.

  • Every callback must include X-Signature.
  • Signature: HMAC-SHA256 over the raw body.
  • Use transactionId as the idempotency key.
  • Duplicate successful writeBet: return current balance, do not apply again.

IMPORTANT: if getBalance returns HTTP 400, do not start the spin. Do not use default or cached balance.

Balance callback (provider -> your callback URL) Webhook

Provider asks for current player balance.

  • Requires X-Signature.
  • Return HTTP 200 + status: "success" only when balance is confirmed.

IMPORTANT: HTTP 400 means Fail / retry. Do not start the spin. Do not use default or cached balance.

header Parameters
X-Signature
required
string
Examples: 9b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d

Hex HMAC-SHA256 over raw JSON body bytes using the user secret.

Request Body schema: application/json
required
cmd
required
string
Value: "getBalance"
login
required
string
sessionid
required
string

Responses

Request samples

Content type
application/json
{
  • "cmd": "getBalance",
  • "login": "alex_morozov_88",
  • "sessionid": "7d3b9e2a-4f1c-8d06-a912-c3e5f7b29041"
}

Response samples

Content type
application/json
{
  • "balance": 2500,
  • "currency": "USD",
  • "error": "",
  • "login": "alex_morozov_88",
  • "status": "success"
}

Bet/Win callback (provider -> your callback URL) Webhook

Apply bet/win to merchant wallet.

Rules:

  • Accept: HTTP 2xx + status: "success".
  • Reject: HTTP 400+ + status: "fail".
  • Idempotency key: transactionId.
  • Duplicate successful transactionId: return HTTP 200, current balance, do not apply again.

IMPORTANT: if player balance is insufficient for the bet, reject writeBet. Providers do not calculate or reserve funds using getBalance.

IMPORTANT: successful response balance must be after applying the operation, not before.

header Parameters
X-Signature
required
string
Examples: 9b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d

Hex HMAC-SHA256 over raw JSON body bytes using the user secret.

Request Body schema: application/json
required
cmd
required
string
Value: "writeBet"
bet
required
number
win
required
number
login
required
string
sessionid
required
string
transactionId
required
string

Unique transaction ID of each callback. Must not repeat.

gameId
string

Unique game ID forwarded from openGame request.

round_finished
required
boolean

Round was finished.

info
required
string

Bet and win details from providers.

Responses

Request samples

Content type
application/json
Example
{
  • "cmd": "writeBet",
  • "bet": 25,
  • "win": 0,
  • "login": "alex_morozov_88",
  • "sessionid": "7d3b9e2a-4f1c-8d06-a912-c3e5f7b29041",
  • "transactionId": "txn_a3f7c912-d0e5-b841-9f2c-3e6a7d8b01c4",
  • "round_finished": false,
  • "info": "{\"gameType\":\"slots\",\"betPerLine\":1.25,\"lines\":20,\"roundId\":\"r_9f4a2c7b\"}"
}

Response samples

Content type
application/json
Example
{
  • "balance": 2475,
  • "currency": "USD",
  • "error": "",
  • "login": "alex_morozov_88",
  • "status": "success"
}

Rollback callback (provider -> your callback URL) Webhook

Roll back the original bet.

  • transactionId must match the original bet transaction ID.
  • Restore balance only once.
header Parameters
X-Signature
required
string
Examples: 9b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d

Hex HMAC-SHA256 over raw JSON body bytes using the user secret.

Request Body schema: application/json
required
cmd
required
string
Value: "rollback"
bet
required
number

The rollback amount matches the bet amount when the wager was accepted.

win
required
number

win (0)

login
required
string
sessionid
required
string
transactionId
required
string

The rollback transaction matches the bet transaction (same transaction ID).

round_finished
required
boolean

(true)

info
required
string
gameId
required
string

Responses

Request samples

Content type
application/json
{
  • "cmd": "rollback",
  • "bet": 25,
  • "win": 0,
  • "login": "alex_morozov_88",
  • "sessionid": "7d3b9e2a-4f1c-8d06-a912-c3e5f7b29041",
  • "transactionId": "txn_a3f7c912-d0e5-b841-9f2c-3e6a7d8b01c4",
  • "round_finished": true,
  • "info": "{\"reason\":\"provider_timeout\",\"originalRound\":\"r_9f4a2c7b\"}",
  • "gameId": "integration_a:provider_a:game_001"
}

Response samples

Content type
application/json
{
  • "balance": 2500,
  • "currency": "USD",
  • "error": "",
  • "login": "alex_morozov_88",
  • "status": "success"
}

Transfer Wallet

Transfer wallet: merchant → Gamble Hub.

  • Endpoint: POST /apiIndividualWallet/
  • Commands: userCreate, userCash, userInfo
  • Signing: same X-Signature flow as openGame and webhooks.

Transfer wallet command endpoint

Transfer wallet command endpoint.

Required fields: cmd, user_login, user_id.

Commands:

  • userCreate: create player wallet.
  • userCash: change balance (operation = in|out).
  • userInfo: return current balance.

Signing:

  • Header: X-Signature
  • Secret: player-specific secret_api_key by user_id
  • Payload: exact raw JSON body bytes
  • Algorithm: HMAC-SHA256, hex digest

userCash.cash must be a decimal string with 2 fractional digits.

header Parameters
X-Signature
required
string
Examples: 9b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d8b7c2b6e0f5d

Hex HMAC-SHA256 over the exact raw JSON body using the player-specific secret_api_key.

Request Body schema: application/json
required
cmd
required
string
Enum: "userCreate" "userCash" "userInfo"

Transfer wallet command.

  • userCreate creates a player wallet.
  • userCash changes the player balance.
  • userInfo returns the current player balance.
user_login
required
string

Player login within the merchant hall.

user_id
required
string

User identifier.

operation
string
Enum: "in" "out"

Required for userCash.

  • in deposits money to the player wallet.
  • out withdraws money from the player wallet.
cash
string (TransferMoneyAmountString)

Monetary amount in Decimal(12,2) string form.

Responses

Request samples

Content type
application/json
Example
{
  • "cmd": "userCreate",
  • "user_login": "test_player",
  • "user_id": "481e3c9b-77f2-4d1a-b832-9c5e0f8a2d14"
}

Response samples

Content type
application/json
Example
{
  • "status": "success",
  • "microtime": 0.004074077606201,
  • "date_time": "2024-04-12 12:01:40",
  • "error": "",
  • "content": {
    }
}