Skip to main content
Integrating with the GitSlotPark Seamless Wallet API involves setting up credentials, building a callback service that handles wallet operations, and using the platform APIs to fetch games and launch authenticated sessions for your players. This guide walks through each step in order.
1

Obtain your API credentials

Contact GitSlotPark to receive the following:
  • API token — passed in every request you make to GitSlotPark
  • Secret key — used to compute the HMAC-SHA-256 signature for each request
  • agentID — your Partner ID, included in every request body
  • GitSlotPark API base URL — the root URL for all platform API calls
You also need to provide GitSlotPark with your callback service base URL — for example, https://casino.com/WalletService. GitSlotPark registers this URL and uses it to call your wallet endpoints whenever game events occur.
2

Implement your callback service

Your server must expose HTTPS endpoints for the five wallet operations. GitSlotPark sends an HTTP POST with a JSON body to each endpoint as players interact with games. Your server must always respond with HTTP 200 and a JSON body.The five required endpoints are:
  • POST /GetBalance — return the player’s current balance
  • POST /Withdraw — debit the player’s balance for a bet
  • POST /Deposit — credit the player’s balance for a win
  • POST /BetWin — process a combined bet and win in a single call
  • POST /RollbackTransaction — reverse a previously processed transaction

Callback service reference

See request fields, response fields, and examples for all five endpoints.
3

Verify your sign implementation

Every request — both from GitSlotPark to your callback service and from you to the GitSlotPark platform APIs — includes a sign field. The signature is an HMAC-SHA-256 digest of the concatenated request fields, computed using your secret key.Validate your implementation against this test vector:
FieldValue
Input stringPartner01Player0112.30474e1a293c2f4e7ab122c52d68423fcbab9c15f2efdd46278e4a56b303127234
Secret key1234567890
Expected sign475D834ACC3AB61D7DF4EA42751C6275387BC1787A098D2D0E091698D9BF2043

Data signing reference

Learn how to compute the HMAC-SHA-256 signature and see field concatenation rules for each endpoint.
4

Fetch the game list

Call POST /gameList on the GitSlotPark API to retrieve all games available to your players. The response includes each game’s gameID, which you use when launching a session.
{
  "apiToken": "your-api-token",
  "agentID": "Partner01",
  "sign": "<hmac-sha256>"
}

Game list API

View the full request and response schema for the /gameList endpoint.
5

Implement game launching

To start a game session for a player, call POST /userAuth with your API token, the player’s userID, and the gameID you want to launch. GitSlotPark returns an authenticated gameURL. Redirect the player’s browser to that URL to start the session.
{
  "apiToken": "your-api-token",
  "agentID": "Partner01",
  "userID": "player_456",
  "gameID": "game_001",
  "language": "en",
  "sign": "<hmac-sha256>"
}

Game launch guide

Step-by-step instructions for launching games and supported language codes.

User auth API

Full request and response schema for the /userAuth endpoint.
6

Test and go live

Before enabling production traffic, verify the following:
  • All five callback endpoints return HTTP 200 with the correct JSON structure
  • Your sign computation matches GitSlotPark’s expected signatures
  • Withdraw correctly rejects requests when the player has insufficient funds (result code 6)
  • RollbackTransaction returns result code 9 when the transaction was already rolled back
  • Duplicate transactionID values return result code 11 without re-processing
Once testing is complete, contact GitSlotPark to enable your production environment and begin processing live player sessions.