Sessions

Sessions are created via POST /operator/launch and scoped to a single player, game, currency, and country. The game client uses the session token (Bearer token) to authenticate all game-facing requests.

Lifecycle

stateDiagram-v2
    [*] --> Active: POST /operator/launch
    Active --> Active: POST /session/refresh (new token)
    Active --> Active: POST /game/play (activity)
    Active --> Expired: 1 hour inactivity
    Expired --> [*]

TTL: 1 hour of inactivity
Refresh: Call POST /session/refresh to reset the expiration timer
Expiry: After expiry, in-progress credit/rollback callbacks still complete, but the player needs a new session for additional bets

Session Reuse

If POST /operator/launch is called for the same player, game, currency, and country while a session is already active, the existing session is returned instead of creating a new one. This prevents duplicate sessions and preserves in-progress game state.

Session reuse means you can safely retry launch calls without worrying about creating orphaned sessions. The same token is returned every time until it expires.

Refreshing

The game client calls POST /session/refresh periodically. Each refresh creates a new session token and returns it along with the new expiry time. The old token lingers for 1 minute to allow in-flight requests to complete.

{
  "sessionToken": "new-rotated-token...",
  "expiresAt": "2025-01-01T01:00:00Z"
}

Once a session expires, the player must go through the full launch flow again. The game client handles refresh automatically — no operator-side action needed.

Wallet Callbacks

Available Games