API Docs | Operator and Game Integration Methods

Game API

Core B2B integration methods: operator authentication, authorization, and iframe launch payload resolution.

POSTEndpoint Spec

Authentication

Method: POST
Path: /api/v1/operator/auth/authenticate
Auth: None
Headers: Content-Type: application/json

Request Body

{
  "operatorId": "operator",
  "apiKey": "operator-secret"
}

Success Response (200)

{
  "status": "ok",
  "operatorId": "operator"
}

Error Codes

400 Bad Request | 401 Unauthorized | 429 Too Many Requests

POSTEndpoint Spec

Authorization

Method: POST
Path: /api/v1/operator/auth/authorize
Auth: None (or upstream OAuth in production gateway)
Headers: Content-Type: application/json

Request Body

{
  "operatorId": "operator",
  "playerId": "player-123",
  "gameId": "1"
}

Success Response (200)

{
  "status": "ok",
  "scope": "launch"
}

Error Codes

400 Bad Request | 401 Unauthorized | 403 Forbidden

GETEndpoint Spec

Get iframe URL (demo launch payload)

Method: GET
Path: /api/v1/operator/iframe/demo/{launchToken}
Auth: Launch token required in path
Headers: Origin: https://your-casino.example

Request Body

N/A

Success Response (200)

{
  "operatorId": "operator",
  "playerId": "player-123",
  "gameId": "1",
  "sessionId": "session-abc",
  "token": "access-token",
  "currency": "USD",
  "backendUrl": "https://api.rollix.io",
  "allowedParentOrigins": ["https://your-casino.example"],
  "expiresAt": "2026-05-17T12:00:00Z"
}

Error Codes

400 Bad Request | 401 Unauthorized | 403 Forbidden | 404 Not Found | 409 Conflict

Integration Resources

Move from API contract review to implementation, architecture validation, and launch-readiness.

Bonus Engine Product Game Studio Demo Flow Platform Technologies Game Portfolio Request Integration Call

Integration endpoints

Game API

Authentication

Authorization

Get iframe URL (demo launch payload)

Integration Resources