Web Games Integration Documentation

Partner integration documentation for the web games service.

Changes

Date	Version	Description
18.05.17	0.1	Creation of the documentation
20.04.26	0.2	Documentation updated: removed unsupported methods, removed live_slot, updated GetListGames, clarified language, and added supported currencies
27.04.26	0.3	Clarified real-money launch, partner_api_url, token flow, and troubleshooting
13.05.26	0.4	Interaction diagram (Web Games API / iframe / Partner API); documented partner Credit and Debit; added extended game catalog link

Introduction

This document describes the partner integration flow for the web games service.

Integration has two parts:

• Web Games API — public service methods used to get the game list and open a game
• Partner API — partner-side methods called by the service for player authorization and wallet operations

In demo mode, the game opens without partner wallet calls. In real-money mode, the service calls Authorization before launch, then uses Credit to debit a bet and Debit to credit winnings during play.

Overview

• Protocol: HTTPS
• Public service methods use GET
• Partner API methods use POST
• POST request body format: application/json
• Successful response: code = 0

Integration flow

1. The partner's Partner API requests the game catalog using GET /GetListGames.
2. The player selects a game on the partner platform. The platform opens the game window: on desktop this is usually an iframe with the Web Games API GET /game page, and on mobile it is usually a direct link to the same page.
3. If currency=DMO, the game starts in demo mode. Partner wallet API is not called.
4. For real-money launch, the partner sends player_id and token. The service calls Partner API POST /Authorization.
5. During real-money play, the service calls POST /Credit for the bet and POST /Debit for winnings.

Actors

Actor	Role
Partner API	Represents the partner side in this flow: requests the catalog, builds the game launch URL, and receives Authorization, Credit, and Debit
Web Games API	Returns the catalog, serves the game page, and controls the game session
Player iframe	Game client in the player's browser

Getting the Catalog

The catalog is usually requested by the partner's Partner API before showing the game to the player.

Real-Money Launch

For real-money launch, the service checks the player through Partner API before returning the game page.

Operations During Play

Credit debits the bet from the player wallet on the partner side. Debit credits winnings. If there is no win, Debit may not be called.

JSON field names

Partner API responses must use lowercase keys only: code, message, balance, and so on. Keys such as Code or CODE are not accepted by our API.

Request signature

All signatures use md5.

The signature string must be built as:

<MethodName>/ + <value1> + <value2> + ... + <api_key>

Important:

• there are no separators between values
• the slash after the method name is required
• the value order must exactly match the method definition

Example for Authorization:

const crypto = require('crypto');

function calcSignature(method, values, apiKey) {
  const source = `${method}/${values.join('')}${apiKey}`;

  return crypto.createHash('md5').update(source).digest('hex');
}

const method = 'Authorization';
const values = [42, 2, 'Aj4BAnMZBepwoYqavIjwg3m3'];
const apiKey = 'secret';

const source = `${method}/${values.join('')}${apiKey}`;
const hash = calcSignature(method, values, apiKey);

console.log(source);
// Authorization/422Aj4BAnMZBepwoYqavIjwg3m3secret

console.log(hash);
// bac2df62b8873884dea9b0a918733554

1. GetListGames

Returns the list of games available to the partner.

Request

GET /GetListGames

Parameters:

Field	Type	Required	Description
partner_id	int	Yes	Partner identifier
type	string	Yes	Game type. Supported value: web_slot
hash	string	Yes	md5("GetListGames/" + partner_id + type + api_key)

Example:

GET /GetListGames?partner_id=<partner_id>&type=web_slot&hash=<md5_signature>

Successful response

{
  "code": 0,
  "message": "Ok",
  "games": [
    {
      "id": 11,
      "title": "Chicago Deluxe",
      "url": "/game",
      "icon": "/icon/novomatic-deluxe/206x206/chicago_deluxe.jpg",
      "class": "Novomatic Deluxe"
    }
  ]
}

Response fields:

Field	Type	Description
code	int	Result code
message	string	Result description
games	array	List of games
games[].id	int	Game identifier
games[].title	string	Game title
games[].url	string	Game launch URL
games[].icon	string	Game icon URL
games[].class	string	Game category or class

An additional game catalog is available in Google Sheets. It includes game IDs, providers, RTP, game features, and icon links for 206x206 and 287x193.

Response codes

Code	Description
0	Success
10	Hash mismatch
15	Unavailable type
101	Partner is not found
1	Internal Error

2. Game launch

Use GET /game to launch a game.

Request

GET /game

Parameters:

Field	Type	Required	Description
partner_id	int	Yes	Partner identifier
game_id	int	Yes	Game identifier
language	string	No	Game language. This parameter is optional
currency	string	Yes	Player currency
player_id	int or string	For real-money mode	Player identifier in the partner system
token	string	For real-money mode	One-time player token

Parameter names are case-sensitive. Use the names exactly as shown above: partner_id, game_id, language, currency, player_id, token.

The currency value is a currency code, for example USD or EUR, not an internal currency identifier.

Desktop and mobile launch

For desktop, the game is typically opened inside an iframe.

For mobile, it is recommended to open the direct game URL.

Demo mode

Use the DMO currency to launch the demo version.

Demo mode does not call the partner-side Authorization method and should not be used to test the real-money token flow.

Example:

GET /game?partner_id=<partner_id>&game_id=<game_id>&language=eng&currency=DMO

Real-money mode

Example:

GET /game?partner_id=<partner_id>&player_id=<player_id>&game_id=<game_id>&language=eng&currency=<currency>&token=<token>

For real-money launch, the partner must provide player_id and token.

The token is generated on the partner side. The same token must be passed in GET /game and will be sent by the service to the partner-side Authorization method.

Result

On success, the service returns the HTML page of the game.

Response codes

Code	Description
12	Game is not found
13	Partner API return null
101	Partner is not found
102	Currency is not found
1	Internal Error

3. Authorization

This method must be implemented on the partner side for real-money game launch.

Request

POST <partner_api_url>/Authorization

partner_api_url is the base URL provided by the partner. It must not include the final /Authorization part and should not end with a trailing slash.

Example:

Full Authorization endpoint	Value to provide as partner_api_url
https://example.com/callbacks/Authorization	https://example.com/callbacks

Request body:

{
  "player_id": "<player_id>",
  "game_id": "<game_id>",
  "token": "<token>",
  "hash": "<md5_signature>"
}

Signature:

md5("Authorization/" + player_id + game_id + token + api_key)

Successful response

The response must be valid JSON. Empty responses, HTML error pages, or non-JSON responses cannot be processed as a successful authorization result.

{
  "code": 0,
  "message": "Ok",
  "player_id": 42,
  "currency": "RUB",
  "nick": "Player42",
  "balance": 10000.12,
  "external_session": "session-123"
}

Response fields:

Field	Type	Description
code	int	Result code
message	string	Result description
player_id	int or string	Player identifier
currency	string	Player currency
nick	string	Player nickname
balance	number	Player balance
external_session	string	Optional external session identifier

Response codes

Code	Description
0	Success
10	Hash mismatch
11	Player not found
14	Non-valid token
1	Internal Error

4. Credit (Partner API)

Called by Web Games API during a real-money spin to deduct the bet from the player wallet on the Partner API.

Request

POST <partner_api_url>/Credit

Request body (fields):

Field	Type	Description
token	string	Same one-time token as for /Authorization
player_id	int	Partner player identifier
round_id	int	Round identifier on the partner side
game_id	int	Game identifier
transaction_id	long	Unique transaction id; retries with the same (player_id, round_id, transaction_id) must be idempotent
amount	number	Bet amount (decimal units matching Authorization balance scale)
is_close	bool	If true, round must accept no further operations
hash	string	md5 signature

Request body example:

{
  "transaction_id": 2234,
  "player_id": 1223,
  "round_id": 12,
  "token": "Aj4BAnMZBepwoYqavIjwg3m3",
  "is_close": false,
  "game_id": 3,
  "amount": 42.6,
  "hash": "556c56d640c622659d001b4f344a2814"
}

Signature:

md5("Credit/" + player_id + round_id + game_id + transaction_id + token + api_key)

Successful response

Field	Type	Description
code	int	0 success
message	string	Description
balance	number	Wallet balance after the debit
external_session_id	int	Partner-side operation reference

Duplicate retries with the same player_id, round_id, and transaction_id must return the same outcome without charging twice (idempotency).

Common response codes

Code	Description
0	Success
2	Insufficient funds
4	Player blocked
5	Round closed
8	Round not found
10	Hash mismatch
11	Player not found
14	Non-valid token
1	Internal Error

5. Debit (Partner API)

Called by Web Games API when winnings must be credited to the Partner API wallet.

Request

POST <partner_api_url>/Debit

Request body (fields):

Field	Type	Description
token	string	Same token as session
player_id	int	Partner player identifier
round_id	int	Round identifier on the partner side
game_id	int	Game identifier
transaction_id	long	Unique transaction id
amount	number	Win amount
bet_amount	number	Related bet amount (Web Games API sends this field)
is_close	bool	If true, round must accept no further operations
hash	string	md5 signature

Request body example:

{
  "transaction_id": 2235,
  "player_id": 1223,
  "round_id": 12,
  "token": "Aj4BAnMZBepwoYqavIjwg3m3",
  "is_close": true,
  "game_id": 3,
  "bet_amount": 42.6,
  "amount": 20,
  "hash": "82a9d01a912b3562b5496c74d7f9fcc8"
}

Signature:

md5("Debit/" + player_id + round_id + game_id + transaction_id + token + api_key)

Successful response

Same shape as Credit: code, message, balance, external_session_id.

The same idempotency rule applies as for Credit (player_id, round_id, transaction_id).

Common response codes

Code	Description
0	Success
4	Player blocked
5	Round closed
8	Round not found
10	Hash mismatch
11	Player not found
14	Non-valid token
1	Internal Error

6. Real-money launch troubleshooting

If real-money launch does not open correctly, first verify the partner-side Authorization endpoint.

Common checks:

• partner_api_url is the base URL and does not include the final /Authorization or a trailing slash
• the endpoint is publicly reachable from the internet
• firewalls or IP allowlists allow incoming requests from the service
• the endpoint accepts POST requests with application/json
• the endpoint returns JSON for both successful and failed authorization attempts
• player_id and token are present in GET /game for real-money launch

Partner API return null usually means that the service did not receive a valid JSON response from the partner-side Authorization endpoint.

When contacting the integration chat about a launch issue, send the full URL used to open the iframe, including all query parameters. This allows both sides to reproduce the same request and verify the same parameters.

7. Supported currencies

Currently, 122 currency codes are supported:

AED, ALL, AMD, AOA, ARS, AUD, AZN, BAM, BDT, BGN, BHD, BOB, BRL, BSX, BTC, BYN, CAD, CDF, CFA, CHF, CLP, CNY, COP, CZK, DASH, DEEX, DKK, DMO, DOP, DTC, DZD, EGP, ETB, ETH, EUR, FAU, FBu, GAME, GBP, GEL, GHS, GMC, GMD, GNF, HC, HKD, HRK, HTG, HUF, IDR, ILS, INR, IQD, IRR, ISK, JOD, JPY, KES, KGS, KM, KRW, KWD, KZT, LBP, LTC, MAD, MDL, MKD, MMK, MNT, MVR, MXN, MYR, MZN, NGN, NIS, NOK, NZD, OMR, PEN, PHP, PICK, PKR, PLN, PRB, PYG, QAR, RON, RSD, RUB, RUR, SAR, SDG, SEK, SGD, THB, TJS, TMT, TND, TRY, TWD, TZS, UAH, UGX, USD, USDC, USDT, UYU, UZS, VEF, VND, XAF, XEM, XMR, XOF, ZAR, ZEC, ZMW, ZWL, mBT, mETH, uBTC

Notes:

• DMO is used for demo launch
• additional currencies can be added on request