Callbacks
Game Provider does not use asynchronous webhooks (fire-and-forget event streams). Every game event is delivered as a synchronous HTTP POST from Game Provider to your backend, where your response body is part of the same transaction.
The full contract for these callbacks (auth, withdraw, deposit, balance, rollback) is specified in:
- Wallet API — request/response schemas, endpoints, idempotency, retries
- Authentication & Security — HMAC-SHA256 signature validation
Summary of Operator-Facing Callbacks
| Direction | Endpoint | Purpose |
|---|---|---|
| Game Provider → Operator | POST /auth |
Validate session and fetch player info |
| Game Provider → Operator | POST /withdraw |
Place a bet (or free bet) |
| Game Provider → Operator | POST /deposit |
Credit a win, free-bet win, or rollback refund |
| Game Provider → Operator | POST /balance |
Query current player balance |
The Operator's base URL for these callbacks is supplied during onboarding and stored per-tenant on Game Provider's side. The same four endpoints serve classic iframe games (e.g. Chicken Race) and server-driven games (e.g. Aviadrone).