Skip to main content

Security

The API security is provided by the use of secret key is used to sign requests. A request signature has to be validated on your server, and an error should be returned in case it does not match.

Please note that if your secret key is compromised, you need to immediately notify the EvenBet support service. To ensure better security, please, request changes to your key from time to time.

NOTE: Please use this tool to check your integration implementation for seamless wallet operations: https://tests.evenbetgaming.com/seamless/

Forming a Request

To form up a request for signature to JSON - SECRET_KEY is added to the string of the request, afterwards SHA256 algorithm is applied.

NOTE: SECRET_KEY should be different for test and production environments.

A PHP example of forming a signature:

    // Step 1. Gathering the required data
	$SECRET_KEY = ''; // Your secret key
	$jsonMessage = '{}'; // JSON string

	// Step 2. Adding a secret key to the string and forming a signature using SHA256 algorithm
	$sign  = hash(‘sha256’, $jsonMessage . $SECRET_KEY);

IP whitelist

It is required to create the IP whitelist on the production environment for security purposes for both sides (IP white list on the Evenbet side will be configured by our specialists, and you have to create yours on your side). We will provide our IPs for your list, and you have to send us your IPs. All requests and callbacks should be done from these IPs only. IP whitelist is not necessary for the test environment.

In order to change the list, please, contact your account manager.