Skip to main content

Setup & Security

This guide covers everything you need to configure and secure your integration with the EvenBet Gaming API: credentials, communication protocol, and request signing.

Already completed Quick Start?

If you've followed the Quick Start guide, you've already seen a simplified version of the signature process in action. This page is the complete reference, including pseudocode, code samples in multiple languages, and testing tools.

Credentials

Before you start integration, you need to get the following information from us:

CredentialDescription
API_URLThe URL to get access to the API
CLIENT_IDThe ID of your casino that will be passed in the queries
SECRET_KEYThe secret key to sign the queries

Additionally, there may be a userId value that will be passed when calling the API methods. It is the value of your internal userId or userId of your system.

warning

Please be advised that it is necessary to contact our support team in case your secret key is disclosed.

Communication Protocol

Communication via HTTP(S)-queries in JSON API format is used for integration. The query parameters can be passed in the query string (GET method) and in the query body (POST method). The response is passed in the JSON API format.

It is necessary to set the following header in your request:

Content-Type: application/json; charset=UTF-8

URL Structure

All API endpoints follow this template:

http(s)://API_URL/{methodName}?[parameterName=parameterValue]&clientId={your casino ID }&sign={QuerySign}

The following parameters are required for every query:

Parameter NameData TypeDescription
clientIdVarcharYour casino ID
signStringQuery signature

Query sample:
http(s)://API_URL/v2/app/users/:userId/balance?clientId=[clientId]&userId=[userId]&currency=[currency]

Generating the Signature

In order to ensure the API security, query signature generated with the help of the secret key is used. Query signature is validated on our server and in case it doesn't match, the error is returned.

Quick Recap

For a step-by-step walkthrough with a real example, see Quick Start: Generating the sign Header. The section below is the full algorithm reference with pseudocode and code samples.

Algorithm

Steps to generate query signature:

  1. Gather the ALL parameters (query parameters, path parameters, form parameters) into array
  2. Delete parameter clientId from array with query parameters. Other parameters that do not participate in signature generation: access-token, action, auth, channel, controller, locale, method, module, sign, version, per-page, page, sort.
  3. If a JSON string is passed, decode it into an associative array and merge it with the rest of the query parameters
  4. Sort the array by parameter names in alphabetical order. If one of the array values is an array then it should be sorted by parameter names in alphabetical order too
  5. Concatenate the array values into one string. If one of the array values is an array, then its values should be concatenated into one string too
  6. Concatenate the resulting string and your SECRET_KEY
  7. Get hash of the string using SHA256 algorithm

In the end you get the signature that can be used in queries.

Pseudocode

function generateSignature(array params, string secretKey) {
    if (exists key 'clientId' in array params) {
        delete key 'clientId' from array params;
    }
    params = sortArray(params);
    paramString = implodeArray(params);
        paramString = concatString(paramString, secretKey);
    signature = SHA256(paramString);
    return signature;      
}

function sortArray(array params) {
    sortByKeys(params);
    for each value with index key in params {
        if the value is an array {
            params[key] = sortArray(value);
        }  
    }
    return params;
}

function implodeArray(array params) {
    paramString = '';
    for each value in params {
        if the value is an array {
        paramString = concatString(paramString, implodeArray(value));
        } else {
        paramString = concatString(paramString, value);
        }
    }
    return paramString;
}

Code Examples

The Quick Start guide includes concise signature generation functions in Node.js, PHP, and Python for simple (flat) parameters.

Below are samples that demonstrate the full signature generation including recursive sorting for nested parameters.

/* function sorting the query parameters
* $array - array with the query parameters in the following format:
* {parameter_name: value}
*/
function sortArray(&$array, $sortFlags = SORT_REGULAR)
{
    if (!is_array($array)) {
        return false;
    }

    // Sort array by parameter name
    ksort($array, $sortFlags);

    // Sort nested arrays, if any
    foreach ($array as &$value) {
        sortArray($value, $sortFlags);
    }

    return true;
}

// Generate query signature

// Step 1. Get the required data
$params = []; // Query parameters
$SECRET_KEY = ''; // Your secret key

// Step 2. Delete the parameter 'clientId' from array with query parameters
if (array_key_exists('clientId', $params)) {
    unset($params['clientId']);
}

// Step 3. Sort the parameters
sortArray($params);

// Step 4. Concatenate the parameters into a string
$iterator = new RecursiveIteratorIterator(new RecursiveArrayIterator($params));
$paramString = implode('', iterator_to_array($iterator));

// Step 5. Add a secret key to the string
$paramString = $paramString . $SECRET_KEY;

// Step 6. Generate a signature using the SHA256 algorithm
$sign  = hash('sha256', $paramString);

Testing Tools

Use these tools to check your integration implementation:

ToolPurposeURL
Open Session TesterCheck your integration implementation for user authorizationtests.evenbetgaming.com/opensession/
Seamless Wallet TesterCheck your integration implementation for seamless wallet operationstests.evenbetgaming.com/seamless/

Native Application Integration

If your integration includes native desktop or mobile applications, additional configuration is required for player authentication. See the dedicated guide: Native Application Setup.

What's Next?