Account Info.
Operator identity, access key, and quick profile summary.
Operator Name
-
Display Name
-
Operator ID
-
Operator Public ID
-
Access Key
-
Access key is masked by default. Enter your password to reveal it.
Games
List games and update per-operator settings.
Security
Access keys are hashed in the database. Keep them private and rotate when needed.
Operator API endpoints
Provide the operator wallet and session endpoints used by the game server.
Signing Secret
**** **** **** ****
Used to compute request signatures. Save this secret in your operator server.
Signing rules (HMAC-SHA256)
stringToSign = METHOD + "\n" + PATH + "\n" + BODY + "\n" + TIMESTAMP signature = Base64( HMAC_SHA256(secret, stringToSign) )
Required headers
Content-Type: application/json
X-Provider-Id: GLP
X-Signature: {signature}
X-Timestamp: 2026-01-22T01:00:00Z
Notes
- TIMESTAMP must be UTC ISO8601. - Server accepts +/- 5 minutes drift. - Body must be raw JSON without extra whitespace changes.
Base domain used when the paths below are relative.
Example: https://wallet.operator.com
Usage
Full endpoint = Base URL + relative path Example: https://wallet.operator.com/api/balance/get
Validate player/session and return profile and limits.
Example: POST /api/player/authorize
Headers
Content-Type: application/json
X-Provider-Id: GLP
X-Signature: {hmac}
X-Timestamp: 2026-01-22T01:00:00Z
Request body
{
"operatorId": 1,
"playerId": "P12345",
"sessionId": "S12345",
"gameId": "slot-001",
"currency": "USD"
}
Success response
{
"playerId": "P12345",
"status": "OK",
"balance": 120.50,
"currency": "USD",
"limits": { "minBet": 0.1, "maxBet": 100 }
}
Error response
{
"errorCode": "PLAYER_BLOCKED",
"message": "Player is not allowed."
}
Return player balance and currency.
Example: POST /api/balance/get
Headers
Content-Type: application/json
X-Provider-Id: GLP
X-Signature: {hmac}
X-Timestamp: 2026-01-22T01:00:00Z
Request body
{
"operatorId": 1,
"playerId": "P12345",
"sessionId": "S12345",
"currency": "USD"
}
Success response
{
"balance": 118.75,
"currency": "USD",
"status": "OK"
}
Error response
{
"errorCode": "SESSION_NOT_FOUND",
"message": "Session is invalid."
}
Debit a bet amount (idempotent by transactionId).
Example: POST /api/bet/place
Headers
Content-Type: application/json
X-Provider-Id: GLP
X-Signature: {hmac}
X-Timestamp: 2026-01-22T01:00:00Z
Request body
{
"operatorId": 1,
"playerId": "P12345",
"sessionId": "S12345",
"roundId": "R10001",
"transactionId": "T20001",
"amount": 1.50,
"currency": "USD"
}
Success response
{
"status": "OK",
"balance": 117.25,
"transactionId": "T20001"
}
Error response
{
"errorCode": "INSUFFICIENT_FUNDS",
"message": "Balance too low."
}
Credit winnings or settle the round.
Example: POST /api/bet/settle
Headers
Content-Type: application/json
X-Provider-Id: GLP
X-Signature: {hmac}
X-Timestamp: 2026-01-22T01:00:00Z
Request body
{
"operatorId": 1,
"playerId": "P12345",
"sessionId": "S12345",
"roundId": "R10001",
"transactionId": "T20001",
"amount": 3.75,
"currency": "USD"
}
Success response
{
"status": "OK",
"balance": 121.00,
"transactionId": "T20001"
}
Error response
{
"errorCode": "DUPLICATE_TRANSACTION",
"message": "Transaction already processed."
}
Reverse a previous bet/settle transaction.
Example: POST /api/bet/rollback
Headers
Content-Type: application/json
X-Provider-Id: GLP
X-Signature: {hmac}
X-Timestamp: 2026-01-22T01:00:00Z
Request body
{
"operatorId": 1,
"playerId": "P12345",
"sessionId": "S12345",
"roundId": "R10001",
"transactionId": "T20001",
"reason": "Timeout"
}
Success response
{
"status": "OK",
"balance": 118.75,
"transactionId": "T20001"
}
Error response
{
"errorCode": "TRANSACTION_NOT_FOUND",
"message": "No matching transaction."
}
Close a session when the game ends.
Example: POST /api/session/close
Headers
Content-Type: application/json
X-Provider-Id: GLP
X-Signature: {hmac}
X-Timestamp: 2026-01-22T01:00:00Z
Request body
{
"operatorId": 1,
"playerId": "P12345",
"sessionId": "S12345",
"gameId": "slot-001"
}
Success response
{
"status": "OK"
}
Error response
{
"errorCode": "SESSION_NOT_FOUND",
"message": "Session is invalid."
}
Redeem bonus/free-bet credits.
Example: POST /api/freebet/redeem
Headers
Content-Type: application/json
X-Provider-Id: GLP
X-Signature: {hmac}
X-Timestamp: 2026-01-22T01:00:00Z
Request body
{
"operatorId": 1,
"playerId": "P12345",
"bonusId": "B90001",
"amount": 2.00,
"currency": "USD"
}
Success response
{
"status": "OK",
"balance": 120.75,
"bonusId": "B90001"
}
Error response
{
"errorCode": "BONUS_EXPIRED",
"message": "Bonus is expired."
}
Add contributions to a jackpot pool.
Example: POST /api/jackpot/contribute
Headers
Content-Type: application/json
X-Provider-Id: GLP
X-Signature: {hmac}
X-Timestamp: 2026-01-22T01:00:00Z
Request body
{
"operatorId": 1,
"playerId": "P12345",
"roundId": "R10001",
"amount": 0.10,
"currency": "USD"
}
Success response
{
"status": "OK",
"contributionId": "C10001"
}
Error response
{
"errorCode": "POOL_CLOSED",
"message": "Jackpot pool is closed."
}
Payout a jackpot winner and finalize the round.
Example: POST /api/jackpot/payout
Headers
Content-Type: application/json
X-Provider-Id: GLP
X-Signature: {hmac}
X-Timestamp: 2026-01-22T01:00:00Z
Request body
{
"operatorId": 1,
"playerId": "P12345",
"roundId": "R10001",
"amount": 1250.00,
"currency": "USD"
}
Success response
{
"status": "OK",
"payoutId": "P90001"
}
Error response
{
"errorCode": "PAYOUT_FAILED",
"message": "Unable to process payout."
}
Next actions
- Rotate API keys with a dedicated endpoint.
- Enable IP allowlists for production traffic.
- Add 2FA for operator admins.