Quick Start
Get your integration running in four steps.
Prerequisites
- An operator UUID and HMAC secret (provided during onboarding)
- A backend server that can receive HTTPS POST callbacks
- A frontend that can embed iframes
Integration Steps
Implement Wallet Callbacks
Set up five POST endpoints on your backend. The RGS calls these to authenticate players and process wallet transactions.
| Endpoint | Purpose |
|---|---|
/callback/authenticate |
Verify player and return balance on session launch |
/callback/debit |
Deduct bet amount from player balance |
/callback/credit |
Credit winnings to player balance |
/callback/balance |
Return current player balance |
/callback/rollback |
Reverse a failed bet |
All callbacks are signed with HMAC-SHA256 — verify the signature on every request.
See Wallet Callbacks for full request/response schemas.
Launch a Session
Call POST /operator/launch with HMAC authentication to create a game session.
BODY='{"playerId":"player-1","currency":"USD","gameCode":"dice-alpha","countryCode":"US"}'
SECRET="your-hmac-secret"
TIMESTAMP=$(date +%s)
SIG=$(echo -n "${TIMESTAMP}${BODY}" | openssl dgst -sha256 -hmac "$SECRET" | awk '{print $2}')
curl -X POST https://rgs.example.com/operator/launch \
-H "Content-Type: application/json" \
-H "X-Operator-ID: your-operator-uuid" \
-H "X-Timestamp: $TIMESTAMP" \
-H "X-HMAC-SHA256: $SIG" \
-d "$BODY"
import hmac, hashlib, json, time, requests
operator_id = "your-operator-uuid"
secret = "your-hmac-secret"
payload = {"playerId": "player-1", "currency": "USD", "gameCode": "dice-alpha", "countryCode": "US"}
body = json.dumps(payload, separators=(",", ":"))
timestamp = str(int(time.time()))
signature = hmac.new(
secret.encode(), (timestamp + body).encode(), hashlib.sha256
).hexdigest()
resp = requests.post(
"https://rgs.example.com/operator/launch",
json=json.loads(body),
headers={
"X-Operator-ID": operator_id,
"X-Timestamp": timestamp,
"X-HMAC-SHA256": signature,
},
)
const crypto = require("crypto");
const operatorId = "your-operator-uuid";
const secret = "your-hmac-secret";
const body = JSON.stringify({
playerId: "player-1",
currency: "USD",
gameCode: "dice-alpha",
countryCode: "US",
});
const timestamp = Math.floor(Date.now() / 1000).toString();
const signature = crypto
.createHmac("sha256", secret)
.update(timestamp + body)
.digest("hex");
const resp = await fetch("https://rgs.example.com/operator/launch", {
method: "POST",
headers: {
"Content-Type": "application/json",
"X-Operator-ID": operatorId,
"X-Timestamp": timestamp,
"X-HMAC-SHA256": signature,
},
body,
});
body, _ := json.Marshal(map[string]string{
"playerId": "player-1",
"currency": "USD",
"gameCode": "dice-alpha",
"countryCode": "US",
})
timestamp := strconv.FormatInt(time.Now().Unix(), 10)
mac := hmac.New(sha256.New, []byte("your-hmac-secret"))
mac.Write([]byte(timestamp))
mac.Write(body)
signature := hex.EncodeToString(mac.Sum(nil))
req, _ := http.NewRequest("POST",
"https://rgs.example.com/operator/launch",
bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
req.Header.Set("X-Operator-ID", "your-operator-uuid")
req.Header.Set("X-Timestamp", timestamp)
req.Header.Set("X-HMAC-SHA256", signature)
The response contains a sessionToken and launchUrl:
{
"sessionToken": "a1b2c3d4...",
"launchUrl": "https://play.jackpot.studio/dice?sessionToken=a1b2c3d4...&id=dice-alpha"
}
Embed the Game
Embed the launchUrl as an iframe in your platform. The game client handles everything from there — placing bets, displaying results, and managing the player experience.
<iframe
src="https://play.jackpot.studio/dice?sessionToken=a1b2c3d4...&id=dice-alpha"
width="100%"
height="600"
frameborder="0"
allow="fullscreen">
</iframe>
The game client communicates directly with the RGS using the session token. Your backend only needs to handle wallet callbacks.
Handle the Game Flow
Once the iframe is live, the flow is automatic:
- Player places a bet in the game UI
- RGS calls your
/callback/debitto deduct the bet amount - RGS runs provably fair game logic
- If the player wins, RGS calls your
/callback/creditwith winnings - If the round fails after debit, RGS calls your
/callback/rollback - Game result is displayed to the player
You can re-launch at any time — if an active session exists for the same player, game, and country, the existing session is returned.
Next Steps
AuthenticationHMAC-SHA256 request signing details
Wallet CallbacksFull callback request/response schemas