Integration Tester
The Operator Integration Tester is a self-service tool that validates your wallet callback implementation against the RGS specification. It simulates the RGS making real HTTP calls to your endpoints and reports pass/fail results in real time.
Open Integration TesterWhat It Tests
The tester runs test cases across 7 categories against your wallet callback endpoints:
Happy Path
Normal bet → win/loss flows, balance checks, and complete round lifecycles.
Idempotency
Duplicate request handling — your server should return the same response for repeated transactionId values.
Error Handling
Insufficient funds, invalid sessions, disabled players, and other rejection scenarios.
HMAC Security
Signature validation, replay attack protection, and tampered body detection.
Attack Vectors
SQL injection, XSS, negative amounts, zero amounts, and concurrent duplicate requests.
Edge Cases
Very long strings, Unicode characters, decimal precision, and rapid sequential requests.
How to Use
Open the Tester
Navigate to the Integration Tester. You'll see a configuration panel on the left and test selection on the right.
Enter Your Credentials
Fill in three fields:
| Field | Description |
|---|---|
| Wallet Base URL | Your wallet API base URL (e.g., https://your-api.com) |
| HMAC Secret | The shared HMAC secret for signing requests |
| Player ID | A test player ID that exists in your system |
Select Tests
Choose which test categories to run. Start with Happy Path tests to validate basic functionality, then progressively enable more categories. You can select individual tests or entire categories.
Run & Review
Click Run Tests. Results stream in real time — each test shows pass/fail status, assertions, and the raw HTTP request/response logs. After completion, you can save the report as a PDF using the "Save as PDF" button on the report page.
Test Categories
Happy Path
Basic operations: authenticate on launch, debit on bet, credit on win, zero-amount loss credit, balance query, rollback, and complete round flows. These should all pass before moving to other categories.
Idempotency
Sends the same transactionId twice for debit, credit, and rollback. Your server should return the cached successful response without processing the transaction again. Also tests that replaying a transaction with different parameters returns ERROR_DUPLICATE_TRANSACTION.
Error Handling
Tests your error responses: insufficient funds (ERROR_NOT_ENOUGH_MONEY), rollback of unknown transactions, and invalid player on authenticate. Your server should return the correct error status codes.
HMAC Security
Sends requests with invalid HMAC signatures, expired timestamps, and tampered request bodies. Includes authenticate endpoint HMAC validation. Your server should reject all of these with ERROR_INVALID_SIGNATURE.
Attack Vectors
Attempts SQL injection in string fields, XSS payloads, negative and zero bet amounts, and concurrent duplicate requests. Your server should handle all of these safely.
Edge Cases
Tests with very long player IDs, Unicode characters, high-precision decimal amounts, and rapid sequential requests. Validates that your server handles boundary conditions gracefully.
Debit/Rollback Ordering
Tests rollback before debit, concurrent debit and rollback, and late debit after a confirmed rollback. Validates your server's state machine logic.
Callback Endpoints Tested
The tester calls the same five callback endpoints that the RGS uses. See Wallet Callbacks for the full request/response schemas.
| Endpoint | Tested For |
|---|---|
POST /callback/authenticate |
Player verification, balance on launch, HMAC security, invalid player |
POST /callback/debit |
Bet placement, insufficient funds, idempotency, attack resistance |
POST /callback/credit |
Win crediting, zero-amount loss, idempotency |
POST /callback/balance |
Balance queries |
POST /callback/rollback |
Bet reversal, ordering constraints, non-existent transactions |