❌
Operator API Documentation v2
  • Overview
  • API Reference
    • API Key Setup
    • API Security
    • API Endpoints
    • API Response Statuses
    • Languages
    • Currencies
    • Platforms
    • Glossary
Powered by GitBook
On this page
  • Transport Layer Encryption
  • Authentication
  • X-Signature
Export as PDF
  1. API Reference

API Security

This page explains the security requirements enforced by Game Aggregator.

Before integration starts, Operator must request API credentials from Game Aggregator.

  • API Key - A unique 64 characters alphanumeric string to identify the Operator.

  • API Secret - A unique 64 characters alphanumeric string that is used to sign request body.

Transport Layer Encryption

All communications between Operator and Game Aggregator must be secured through HTTPS.

This is to protect against man-in-the-middle attacks and eavesdropping.

Authentication

All API calls from Operator to Game Aggregator must include X-API-Key and X-Signature in the header.

This is to allow the Game Aggregator system to verify the Operator's identity.

X-Signature

This value provided in the request header is used to prevent data tampering.

The signature is generated using HMAC-SHA256 algorithm.

Request Body:

{
    "traceId": "f8c3de3d-1fea-4d7c-a8b0-29f63c4c3455",
    "username": "bob12345",
    "gameId": 1,
    "language": "zh",
    "platform": "web",
    "currency": "CNY"
}

API Secret:

813e9cb10f35c37a059c2761465781275ad641d3cb85436cdd17f08b0a6b50bf
echo -n "{\"traceId\":\"f8c3de3d-1fea-4d7c-a8b0-29f63c4c3455\",\"username\":\"bob12345\",\"gameId\":1,\"language\":\"zh\",\"platform\":\"web\",\"currency\":\"CNY\"}" | openssl dgst -sha256 -hmac "813e9cb10f35c37a059c2761465781275ad641d3cb85436cdd17f08b0a6b50bf"

Signature generated

d6b093eef96f5f2557589bd188f49d030eed994b69612fbaf3690b2b8b897362
PreviousAPI Key SetupNextAPI Endpoints

Last updated 1 year ago