Quick Start: Your First API Call
Welcome to the Evenbet Gaming API! This guide will walk you through the essential concepts and help you make your first successful API request. Our goal is to get you up and running in minutes.
Before You Begin
This guide walks you through a simple interaction with the EvenBet API – creating a user session. Let’s make sure you have everything ready to create your first API call.
Core Concepts
Before you dive in, let's clarify a few key terms you'll encounter throughout the documentation.
| Term | Description |
|---|---|
| clientId | Your unique public identifier, included in almost every request to identify your platform. |
| Secret Key | A private key used exclusively on your server to generate secure request signatures. Never expose this in client-side code. |
| sign | A sha256 hash required for most API calls to ensure request integrity. The signature is generated from ALL parameters (query, path, and form/body) except for a set of excluded parameters and clientId, which must be removed before signing. |
| auth token | A short-lived token required for user-specific actions, such as managing a player's balance or fetching their profile. |
Getting Your Credentials
To interact with the API, you will need a clientId and a Secret Key. To obtain your credentials for both the testing and production environments, please contact your account manager.
Security Warning
Your Secret Key grants significant access to the API. Never expose it on the client-side (in a web browser or mobile app). All requests requiring a signature must originate from a secure server environment.
Environments
We provide environments to support both development and production. Typically, you will begin on a test or staging server provided for integration process. Once your integration is complete, you will switch to the production environment, where real users play.
Base API URL Structure
All API endpoints use the following URL structure:
https://[your_api_domain]/api/web
Note
For details on your specific setup (test, staging, or production), please consult with your EvenBet account manager.
Step 1: Generating the sign Header
Most API endpoints require a sign header, which is a SHA256 hash that ensures request integrity.
How to Generate the Signature
- Collect all request parameters (query, path, form/body). If JSON strings are present, decode them.
{
"userId": "1234",
"nick": "testuser",
"lang": "en",
"currency": "USD",
"authType": "external",
"clientId": "casino123"
}
- Remove
clientIdand the excluded keys (access-token,action,auth,channel,controller,locale,method,module,sign,version,per-page,page,sort).
{
"userId": "1234",
"nick": "testuser",
"lang": "en",
"currency": "USD",
"authType": "external"
}
- Sort parameters alphabetically by key (recursively for nested arrays/objects).
{
"authType": "external",
"currency": "USD",
"lang": "en",
"nick": "testuser",
"userId": "1234"
}
- Concatenate parameter values into one string.
"externalUSDentestuser1234"
- Append your
SECRET_KEY.
"externalUSDentestuser1234MY_SECRET_KEY"
- Compute SHA256 of the result.
SHA256 ("externalUSDentestuser1234MY_SECRET_KEY") = "f3d1b1...c9a"
Interactive Testing Tool
Test the open session endpoint and observe how different values change the signature → Start Testing
Code Examples
Here are code examples for generating the signature in multiple languages.
- Node.js
- PHP
- Python
// This function generates the signature from an object of parameters.
const crypto = require('crypto');
function generateSignature(allParams, secretKey) {
// Step 1: Create a copy and remove the 'clientId' parameter.
const paramsToSign = { ...allParams };
delete paramsToSign.clientId;
// Step 2: Sort parameters alphabetically by key.
const sortedKeys = Object.keys(paramsToSign).sort();
// Step 3: Concatenate parameter values into one string.
const concatenatedString = sortedKeys.map(key => paramsToSign[key]).join('');
// Step 4: Append the secret key.
const stringToHash = concatenatedString + secretKey;
// Step 5: Compute the SHA256 hash.
return crypto.createHash('sha256').update(stringToHash).digest('hex');
}
// --- Usage Example ---
const allParams = {
"userId": "1234",
"nick": "testuser",
"authType": "external",
"lang": "en",
"currency": "USD",
"clientId": "casino123"
};
const secretKey = "secretkey";
const signature = generateSignature(allParams, secretKey);
console.log(signature);
// Expected output: f3d1b113824523318546b32817349b177a456e3437533621457e8488e0b62c9a
<?php
// This function generates the signature from an array of parameters.
function generateSignature(array $allParams, string $secretKey): string
{
// Step 1: Create a copy and remove the 'clientId' parameter.
$paramsToSign = $allParams;
unset($paramsToSign['clientId']);
// Step 2: Sort parameters alphabetically by key.
ksort($paramsToSign);
// Step 3: Concatenate parameter values into one string.
$concatenatedString = implode('', array_values($paramsToSign));
// Step 4: Append the secret key.
$stringToHash = $concatenatedString . $secretKey;
// Step 5: Compute the SHA256 hash.
return hash('sha256', $stringToHash);
}
// --- Usage Example ---
$allParams = [
"userId" => "1234",
"nick" => "testuser",
"authType" => "external",
"lang" => "en",
"currency" => "USD",
"clientId" => "casino123"
];
$secretKey = "secretkey";
$signature = generateSignature($allParams, $secretKey);
echo $signature;
// Expected output: f3d1b113824523318546b32817349b177a456e3437533621457e8488e0b62c9a
?>
# This function generates the signature from a dictionary of parameters.
import hashlib
def generate_signature(all_params: dict, secret_key: str) -> str:
# Step 1: Create a copy and remove the 'clientId' parameter.
params_to_sign = all_params.copy()
if 'clientId' in params_to_sign:
del params_to_sign['clientId']
# Step 2: Sort parameters alphabetically by key.
sorted_keys = sorted(params_to_sign.keys())
# Step 3: Concatenate parameter values into one string.
concatenated_string = "".join(str(params_to_sign[key]) for key in sorted_keys)
# Step 4: Append the secret key.
string_to_hash = concatenated_string + secret_key
# Step 5: Compute the SHA256 hash.
m = hashlib.sha256()
m.update(string_to_hash.encode('utf-8'))
return m.hexdigest()
# --- Usage Example ---
all_params = {
"userId": "1234",
"nick": "testuser",
"authType": "external",
"lang": "en",
"currency": "USD",
"clientId": "casino123"
}
secret_key = "secretkey"
signature = generate_signature(all_params, secret_key)
print(signature)
# Expected output: f3d1b113824523318546b32817349b177a456e3437533621457e8488e0b62c9a
Use this value as the sign header in your request.
info
For more information about the signature, see the Integration API Security Guide.
Step 2: Your First API Call
Endpoint
POST /v2/app/users/{userId}/session?clientId={clientId}
Headers
| Header | Required | Description |
|---|---|---|
| sign | Yes | SHA256 signature generated as described in Step 1 |
Request Parameters
| Parameter | Location | Required | Description |
|---|---|---|---|
| clientId | Query | Yes | Your casino identifier provided by EvenBet. |
| userId | Path + Body | Yes | Identifier of the user for whom the session is created. Must be provided in the path and as a parameter. |
| nick | Body | No | Player nickname, visible to other players. |
| authType | Body | No | external (browser) or internal (desktop/mobile app). Default: external. |
| lang | Body | No | ISO two-letter code. Default: en |
| currency | Body | No | ISO currency code (can be required if configured). |
Code Examples
- Node.js
- PHP
- Python
// This script uses the 'axios' library for making HTTP requests.
// You can install it by running: npm install axios
const axios = require('axios');
const querystring = require('querystring');
/**
* Main function to prepare and send the API request.
*/
async function sendRequest() {
// --- Request Data ---
const allParams = {
"userId": "1234",
"nick": "testuser",
"authType": "external",
"lang": "en",
"currency": "USD",
"clientId": "casino123"
};
// Note: Use the signature generated by following the steps outlined in
// "Step 1: How to Generate the Signature".
const signature = "f3d1b113824523318546b32817349b177a456e3437533621457e8488e0b62c9a";
// --- Prepare and Execute the API Call ---
// The data for the POST body must still contain userId
const postBodyData = {
"userId": allParams.userId,
"nick": allParams.nick,
"authType": allParams.authType,
"lang": allParams.lang,
"currency": allParams.currency,
};
const url = `https://int.pokerserversoftware.com/api/web/v2/app/users/${allParams.userId}/session?clientId=${allParams.clientId}`;
const headers = {
'content-type': 'application/x--form-urlencoded',
'accept': 'application/vnd.api+json',
'sign': signature,
};
console.log(`Using Signature: ${signature}`);
console.log(`Request URL: ${url}`);
console.log(`Request Body:`, postBodyData);
// Send the request
try {
const response = await axios.post(url, querystring.stringify(postBodyData), { headers });
console.log(`Response Status Code: ${response.status}`);
console.log('Response Body:', response.data);
} catch (error) {
console.error(`Error Status Code: ${error.response?.status}`);
console.error('Error Body:', error.response?.data);
}
}
// Run the main function.
sendRequest();
<?php
// --- Request Data ---
$allParams = [
"userId" => "1234",
"nick" => "testuser",
"authType" => "external",
"lang" => "en",
"currency" => "USD",
"clientId" => "casino123"
];
// Note: Use the signature generated by following the steps outlined in
// "Step 1: How to Generate the Signature".
$sign = "f3d1b113824523318546b32817349b177a456e3437533621457e8488e0b62c9a";
// --- Prepare and Execute the API Call ---
$url = "https://int.pokerserversoftware.com/api/web/v2/app/users/{$allParams['userId']}/session?clientId={$allParams['clientId']}";
$headers = [
"content-type: application/x-www-form-urlencoded",
"accept: application/vnd.api+json",
"sign: $sign" // Use the pre-generated signature
];
$options = array(
"http" => array(
"header" => implode("\r\n", $headers),
"method" => "POST",
// The POST body should not include clientId, as it's in the URL
"content" => http_build_query([
"userId" => $allParams['userId'],
"nick" => $allParams['nick'],
"authType" => $allParams['authType'],
"lang" => $allParams['lang'],
"currency" => $allParams['currency']
])
)
);
$context = stream_context_create($options);
$response = file_get_contents($url, false, $context);
echo "Using Signature: " . $sign . "\n";
echo "API Response: " . $response . "\n";
?>
# This script uses the 'requests' library for making HTTP requests.
# You can install it by running: pip install requests
import requests
# --- Request Data ---
all_params = {
"userId": "1234",
"nick": "testuser",
"authType": "external",
"lang": "en",
"currency": "USD",
"clientId": "casino123"
}
# Note: Use the signature generated by following the steps outlined in
# "Step 1: How to Generate the Signature".
signature = "f3d1b113824523318546b32817349b177a456e3437533621457e8488e0b62c9a"
# --- Prepare and Execute the API Call ---
# The data for the POST body must still contain userId
post_body_data = {
"userId": all_params["userId"],
"nick": all_params["nick"],
"authType": all_params["authType"],
"lang": all_params["lang"],
"currency": all_params["currency"],
}
url = f"https://int.pokerserversoftware.com/api/web/v2/app/users/{all_params['userId']}/session?clientId={all_params['clientId']}"
headers = {
"content-type": "application/x-www-form-urlencoded",
"accept": "application/vnd.api+json",
"sign": signature,
}
print(f"Using Signature: {signature}")
print(f"Request URL: {url}")
print(f"Request Body: {post_body_data}")
# Send the request
try:
response = requests.post(url=url, data=post_body_data, headers=headers)
response.raise_for_status() # Raises an exception for bad status codes (4xx or 5xx)
print(f"Response Status Code: {response.status_code}")
print(f"Response Body: {response.json()}")
except requests.exceptions.RequestException as e:
print(f"An error occurred: {e}")
if e.response:
print(f"Error Response Body: {e.response.text}")
Step 3: Responses
Successful Response (200 OK)
{
"data": {
"id": "FA10BD21EE1C86A4B40FAAC6308DF04A",
"type": "session",
"attributes": {
"user-id": "100",
"redirect-url": "https://your_api_domain/html5/?auth=FA10BD21EE1C86A4B40FAAC6308DF04A&lang=en",
"auth": "FA10BD21EE1C86A4B40FAAC6308DF04A",
"session-id": "EXT8593417090E2DB871728D7A16F882DED"
}
}
}
Key Response Attributes
| Attribute | Description |
|---|---|
| redirect-url | URL to open the lobby or game for the player |
| session-id | Unique identifier of the created session |
| user-id | ID of the user the session belongs to |
| auth | Short-lived authorization token |
Common Errors
Common API Error Responses
- 400 Bad Request
- 404 Not Found
- 422 Unprocessable Entity
- 5xx Errors
Incorrect or missing signature validation.
Solution: Verify your signature calculation, and ensure all required parameters are included.
Example Response:
{
"errors": [
{
"detail": "Not Valid Request Signature",
"status": 400,
"title": "Bad Request"
}
]
}
Player or resource does not exist in the system.
Solution: Check that the player ID is correct.
Invalid authType or missing required currency field.
Solution: Use valid authType (session/token/credentials) and include required currency field.
Example Response:
{
"errors": [
{
"source": {
"pointer": "/data/attributes/currency"
},
"detail": "Currency not found"
}
]
}
Something went wrong on our end (this is rare, but occasionally our servers encounter unexpected issues).
Solution: Wait a moment and try again - if it persists, contact our tech support team.
What's Next?
🎉 Congratulations, you've made your first successful API call!
- Use the
redirect-urlto launch the lobby for your players. - Validate your integration using the testing tool.
- Explore more endpoints in the Swagger Documentation.