Quick Start
Get your integration running in four steps.
Prerequisites
- An operator UUID and HMAC secret (see Onboarding)
- A backend server that can receive HTTPS POST callbacks
Integration Steps
Implement Wallet Callbacks
Set up five POST endpoints on your backend. The RGS calls these to authenticate players and process wallet transactions.
| Endpoint | Purpose |
|---|---|
/callback/authenticate |
Verify player and return balance on session launch |
/callback/debit |
Deduct bet amount from player balance |
/callback/credit |
Credit winnings to player balance |
/callback/balance |
Return current player balance |
/callback/rollback |
Reverse a debit if it was applied |
All callbacks are signed with HMAC-SHA256 — verify the signature on every request.
See Wallet Callbacks for full request/response schemas.
Launch a Session
Call POST /operator/launch with HMAC authentication to create a game session.
BODY='{"playerId":"player-1","currency":"USD","gameCode":"dice-alpha","countryCode":"US"}'
SECRET="your-hmac-secret"
TIMESTAMP=$(date +%s)
PATH_="/operator/launch"
SIG=$(echo -n "${TIMESTAMP}${PATH_}${BODY}" | openssl dgst -sha256 -hmac "$SECRET" | awk '{print $2}')
curl -X POST https://rgs.example.com/operator/launch \
-H "Content-Type: application/json" \
-H "X-Operator-ID: your-operator-uuid" \
-H "X-Timestamp: $TIMESTAMP" \
-H "X-HMAC-SHA256: $SIG" \
-d "$BODY"
const crypto = require("crypto");
const operatorId = "your-operator-uuid";
const secret = "your-hmac-secret";
const body = JSON.stringify({
playerId: "player-1",
currency: "USD",
gameCode: "dice-alpha",
countryCode: "US",
});
const timestamp = Math.floor(Date.now() / 1000).toString();
const path = "/operator/launch";
const signature = crypto
.createHmac("sha256", secret)
.update(timestamp + path + body)
.digest("hex");
const resp = await fetch("https://rgs.example.com/operator/launch", {
method: "POST",
headers: {
"Content-Type": "application/json",
"X-Operator-ID": operatorId,
"X-Timestamp": timestamp,
"X-HMAC-SHA256": signature,
},
body,
});
body, _ := json.Marshal(map[string]string{
"playerId": "player-1",
"currency": "USD",
"gameCode": "dice-alpha",
"countryCode": "US",
})
timestamp := strconv.FormatInt(time.Now().Unix(), 10)
path := "/operator/launch"
mac := hmac.New(sha256.New, []byte("your-hmac-secret"))
mac.Write([]byte(timestamp))
mac.Write([]byte(path))
mac.Write(body)
signature := hex.EncodeToString(mac.Sum(nil))
req, _ := http.NewRequest("POST",
"https://rgs.example.com/operator/launch",
bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
req.Header.Set("X-Operator-ID", "your-operator-uuid")
req.Header.Set("X-Timestamp", timestamp)
req.Header.Set("X-HMAC-SHA256", signature)
import hmac, hashlib, json, time, requests
operator_id = "your-operator-uuid"
secret = "your-hmac-secret"
payload = {"playerId": "player-1", "currency": "USD", "gameCode": "dice-alpha", "countryCode": "US"}
body = json.dumps(payload, separators=(",", ":"))
timestamp = str(int(time.time()))
path = "/operator/launch"
signature = hmac.new(
secret.encode(), (timestamp + path + body).encode(), hashlib.sha256
).hexdigest()
resp = requests.post(
"https://rgs.example.com/operator/launch",
json=json.loads(body),
headers={
"X-Operator-ID": operator_id,
"X-Timestamp": timestamp,
"X-HMAC-SHA256": signature,
},
)
The response contains a sessionToken and launchUrl:
{
"sessionToken": "a1b2c3d4...",
"launchUrl": "https://play.jackpot.studio/dice?sessionToken=a1b2c3d4...&id=dice-alpha"
}
Demo mode — Add "demo": true to the request body to launch a session with virtual balance. The playerId field is optional in demo mode — the RGS generates a temporary player automatically. Demo sessions route all wallet callbacks to a preconfigured demo operator instead of your wallet, so players can try games without real money. No changes to your integration are needed.
Embed the Game
Embed the launchUrl as an iframe in your platform. The game client handles everything from there — placing bets, displaying results, and managing the player experience.
<iframe
src="https://play.jackpot.studio/dice?sessionToken=a1b2c3d4...&id=dice-alpha"
width="100%"
height="600"
frameborder="0"
allow="fullscreen">
</iframe>
The game client communicates directly with the RGS using the session token. Your backend only needs to handle wallet callbacks.
Handle the Game Flow
Once the iframe is live, the flow is automatic:
- Player places a bet in the game UI
- RGS calls your
/callback/debitto deduct the bet amount - RGS runs provably fair game logic
- RGS calls your
/callback/credit— the amount is the payout, or"0"if the player lost (the RGS always sends a credit, even on losses) - If a debit callback fails (500 response, timeout, etc.), the RGS calls
/callback/rollbackto reverse the debit if it was applied, ensuring the player doesn't lose money
A round is always closed by either a /callback/credit or a /callback/rollback — never by a debit alone.
You can re-launch at any time — if an active session exists for the same player, game, and country, the existing session is returned.
Next Steps
AuthenticationHMAC-SHA256 request signing details
Wallet CallbacksFull callback request/response schemas