Web Games Integration Documentation
Partner integration documentation for the web games service.
Changes
| Date | Version | Description |
|---|---|---|
| 18.05.17 | 0.1 | Creation of the documentation |
| 20.04.26 | 0.2 | Documentation updated: removed unsupported methods, removed live_slot, updated GetListGames, clarified language, and added supported currencies |
| 27.04.26 | 0.3 | Clarified real-money launch, partner_api_url, token flow, and troubleshooting |
Introduction
This document describes the partner integration flow for the web games service.
It covers the methods required to get the game list, launch the demo mode, and launch real-money games through partner-side authorization.
Overview
- Protocol:
HTTPS - Public service methods use
GET - Partner API methods use
POST POSTrequest body format:application/json- Successful response:
code = 0
Integration flow
- The partner requests the list of available games using
GET /GetListGames - The partner opens a game using
GET /game - For real-money launch, the partner side must expose the
POST /Authorizationmethod
Request signature
All signatures use md5.
The signature string must be built as:
<MethodName>/ + <value1> + <value2> + ... + <api_key>Important:
- there are no separators between values
- the slash after the method name is required
- the value order must exactly match the method definition
Example signature helper:
function calcSignature(method, data, apiKey) {
let sign = method + '/';
for (const key in data) {
sign += data[key];
}
sign += apiKey;
return crypto.createHash('md5').update(sign).digest('hex');
}1. GetListGames
Returns the list of games available to the partner.
Request
GET /GetListGames
Parameters:
| Field | Type | Required | Description |
|---|---|---|---|
partner_id | int | Yes | Partner identifier |
type | string | Yes | Game type. Supported value: web_slot |
hash | string | Yes | md5("GetListGames/" + partner_id + type + api_key) |
Example:
GET /GetListGames?partner_id=<partner_id>&type=web_slot&hash=<md5_signature>Successful response
{
"code": 0,
"message": "Ok",
"games": [
{
"id": 11,
"title": "Chicago Deluxe",
"url": "/game",
"icon": "/icon/novomatic-deluxe/206x206/chicago_deluxe.jpg",
"class": "Novomatic Deluxe"
}
]
}Response fields:
| Field | Type | Description |
|---|---|---|
code | int | Result code |
message | string | Result description |
games | array | List of games |
games[].id | int | Game identifier |
games[].title | string | Game title |
games[].url | string | Game launch URL |
games[].icon | string | Game icon URL |
games[].class | string | Game category or class |
Response codes
| Code | Description |
|---|---|
0 | Success |
10 | Hash mismatch |
15 | Unavailable type |
101 | Partner is not found |
1 | Internal Error |
2. Game launch
Use GET /game to launch a game.
Request
GET /game
Parameters:
| Field | Type | Required | Description |
|---|---|---|---|
partner_id | int | Yes | Partner identifier |
game_id | int | Yes | Game identifier |
language | string | No | Game language. This parameter is optional |
currency | string | Yes | Player currency |
player_id | int or string | For real-money mode | Player identifier in the partner system |
token | string | For real-money mode | One-time player token |
Parameter names are case-sensitive. Use the names exactly as shown above: partner_id, game_id, language, currency, player_id, token.
The currency value is a currency code, for example USD or EUR, not an internal currency identifier.
Desktop and mobile launch
For desktop, the game is typically opened inside an iframe.
For mobile, it is recommended to open the direct game URL.
Demo mode
Use the DMO currency to launch the demo version.
Demo mode does not call the partner-side Authorization method and should not be used to test the real-money token flow.
Example:
GET /game?partner_id=<partner_id>&game_id=<game_id>&language=eng¤cy=DMOReal-money mode
Example:
GET /game?partner_id=<partner_id>&player_id=<player_id>&game_id=<game_id>&language=eng¤cy=<currency>&token=<token>For real-money launch, the partner must provide player_id and token.
The token is generated on the partner side. The same token must be passed in GET /game and will be sent by the service to the partner-side Authorization method.
Result
On success, the service returns the HTML page of the game.
Response codes
| Code | Description |
|---|---|
12 | Game is not found |
13 | Partner API return null |
101 | Partner is not found |
102 | Currency is not found |
1 | Internal Error |
3. Authorization
This method must be implemented on the partner side for real-money game launch.
Request
POST <partner_api_url>/Authorization
partner_api_url is the base URL provided by the partner. It must not include the final /Authorization part and should not end with a trailing slash.
Example:
| Full Authorization endpoint | Value to provide as partner_api_url |
|---|---|
https://example.com/callbacks/Authorization | https://example.com/callbacks |
Request body:
{
"player_id": "<player_id>",
"game_id": "<game_id>",
"token": "<token>",
"hash": "<md5_signature>"
}Signature:
md5("Authorization/" + player_id + game_id + token + api_key)Successful response
The response must be valid JSON. Empty responses, HTML error pages, or non-JSON responses cannot be processed as a successful authorization result.
{
"code": 0,
"message": "Ok",
"player_id": 42,
"currency": "RUB",
"nick": "Player42",
"balance": 10000.12,
"external_session": "session-123"
}Response fields:
| Field | Type | Description |
|---|---|---|
code | int | Result code |
message | string | Result description |
player_id | int or string | Player identifier |
currency | string | Player currency |
nick | string | Player nickname |
balance | number | Player balance |
external_session | string | Optional external session identifier |
Response codes
| Code | Description |
|---|---|
0 | Success |
10 | Hash mismatch |
11 | Player not found |
14 | Non-valid token |
1 | Internal Error |
4. Real-money launch troubleshooting
If real-money launch does not open correctly, first verify the partner-side Authorization endpoint.
Common checks:
partner_api_urlis the base URL and does not include the final/Authorizationor a trailing slash- the endpoint is publicly reachable from the internet
- firewalls or IP allowlists allow incoming requests from the service
- the endpoint accepts
POSTrequests withapplication/json - the endpoint returns JSON for both successful and failed authorization attempts
player_idandtokenare present inGET /gamefor real-money launch
Partner API return null usually means that the service did not receive a valid JSON response from the partner-side Authorization endpoint.
5. Supported currencies
Currently, 122 currency codes are supported:
AED, ALL, AMD, AOA, ARS, AUD, AZN, BAM, BDT, BGN, BHD, BOB, BRL, BSX, BTC, BYN, CAD, CDF, CFA, CHF, CLP, CNY, COP, CZK, DASH, DEEX, DKK, DMO, DOP, DTC, DZD, EGP, ETB, ETH, EUR, FAU, FBu, GAME, GBP, GEL, GHS, GMC, GMD, GNF, HC, HKD, HRK, HTG, HUF, IDR, ILS, INR, IQD, IRR, ISK, JOD, JPY, KES, KGS, KM, KRW, KWD, KZT, LBP, LTC, MAD, MDL, MKD, MMK, MNT, MVR, MXN, MYR, MZN, NGN, NIS, NOK, NZD, OMR, PEN, PHP, PICK, PKR, PLN, PRB, PYG, QAR, RON, RSD, RUB, RUR, SAR, SDG, SEK, SGD, THB, TJS, TMT, TND, TRY, TWD, TZS, UAH, UGX, USD, USDC, USDT, UYU, UZS, VEF, VND, XAF, XEM, XMR, XOF, ZAR, ZEC, ZMW, ZWL, mBT, mETH, uBTC
Notes:
DMOis used for demo launch- additional currencies can be added on request