Integration API Reference

Single API to fetch all games, launch sessions, and manage player wallets. ECDSA P-256 authentication, 47 currencies, real-time WebSocket events, and 6 thumbnail sizes per game.

Base URL:credoragames.com/api/lobby
Auth:ECDSA P-256
Rate Limit:100 req/min
Games:3 (2 active)
Platforms:Desktop, Mobile, Tablet
Currencies:47 (fiat + crypto)
Postman Collection Try Live API
NAVIGATION
Game CatalogGame LaunchAuthentication (ECDSA)Wallet APIWebSocketResponse Status CodesGuest Session & PlayersGame OperationsBettingMulti-CurrencyPanel AuthenticationOperator/Partner PanelDealer PanelAdmin PanelECDSA GuideCode ExamplesGame RulesLive Tester

Game Catalog

Single endpoint to fetch all available games with rich metadata, thumbnails, betting markets, and integration details.

Game Launch

Two integration methods for launching games: URL-based (Type 1) or Server-to-Server (Type 2).

Authentication (ECDSA)

All operator-facing endpoints are secured with ECDSA P-256 digital signatures. Each request must include a cryptographic signature proving the operator identity.

Wallet API

Transaction endpoints called by the RGS to manage player balances. Operators implement these on their side, and the RGS calls them during gameplay.

WebSocket

Real-time game events delivered via WebSocket. Connect to receive live dice rolls, betting windows, and game settlements.

Response Status Codes

Standard status codes used across all API responses.

Guest Session & Players

Create guest sessions for demo play, retrieve guest details, and view player transaction history.

Game Operations

Create game rounds, roll dice, void rolls, and manage game state. Used by the dealer panel and automated game engine.

Betting

Place bets, retrieve bet history, and view bet statistics for active games.

Multi-Currency

Manage currencies and exchange rates. Supports 47+ currencies including crypto (BTC, ETH, USDT).

Panel Authentication

Login, signup, and session management for Admin, Partner, and Dealer panels.

Operator/Partner Panel

Partner dashboard, client management, player data, game history, financial reports, and integration info.

Dealer Panel

Dealer dashboard, active games, schedule, and profile management endpoints.

Admin Panel

Super admin endpoints for managing partners, dealers, promotions, RBAC, and platform-wide analytics.

ECDSA Authentication Guide

All operator-facing endpoints are secured using ECDSA (Elliptic Curve Digital Signature Algorithm) with the P-256 curve. This ensures mutual authentication between operators and the Credora Games RGS without sharing secrets.

Setup
  1. Generate an ECDSA P-256 key pair
  2. Register your public key with Credora during onboarding
  3. Keep your private key secure on your servers
  4. Fetch the RGS public key from /api/lobby/rgs-public-key
Signing a Request
  1. Build canonical payload: { method, path, operator_id, timestamp, body }
  2. Sort keys alphabetically, serialize as JSON (no whitespace)
  3. Sign with your ECDSA private key using SHA-256
  4. Base64-encode the signature
  5. Send as X-Signature header
JAVASCRIPT
// ECDSA Signing Example (Node.js)
const crypto = require('crypto');

function signRequest(method, path, operatorId, body, privateKeyPem) {
  const timestamp = new Date().toISOString();
  const payload = { method, path, operator_id: operatorId, timestamp };
  if (body && Object.keys(body).length > 0) payload.body = body;

  // Canonical serialization: sorted keys, no whitespace
  const canonical = JSON.stringify(payload, Object.keys(payload).sort());

  const sign = crypto.createSign('SHA256');
  sign.update(canonical);
  const signature = sign.sign(privateKeyPem, 'base64');

  return { signature, timestamp };
}

// Usage:
const { signature, timestamp } = signRequest(
  'POST', '/games/launch', 'your_operator_id',
  { operator_id: 'your_operator_id', user: 'player_123', ... },
  privateKey
);

// Add headers to your request:
// X-Operator-Id: your_operator_id
// X-Timestamp: 2026-02-10T12:00:00.000Z
// X-Signature: MEUCIQDn...
REQUIRED HEADERS FOR AUTHENTICATED ENDPOINTS
X-Operator-IdYour registered operator ID
X-TimestampISO-8601 UTC timestamp (must be within 5 minutes)
X-SignatureBase64-encoded ECDSA signature of canonical payload
Content-Typeapplication/json for POST requests

Integration Examples

Full integration examples including game catalog fetch, ECDSA signing, and game launch.

NODEJS
const crypto = require('crypto');
const axios = require('axios');

const BASE_URL = 'https://credoragames.com/api';
const OPERATOR_ID = 'your_operator_id';
const PRIVATE_KEY = `-----BEGIN EC PRIVATE KEY-----
...your ECDSA P-256 private key...
-----END EC PRIVATE KEY-----`;

// 1. Fetch all games (no auth required)
async function getGames() {
  const { data } = await axios.get(`${BASE_URL}/lobby/games`);
  console.log(`Available games: ${data.total}`);
  data.games.forEach(g => {
    console.log(`  ${g.name} (${g.game_code}) - RTP: ${g.rtp}%`);
    console.log(`    Thumbnails: ${Object.keys(g.thumbnails).join(', ')}`);
  });
  return data.games;
}

// 2. Sign a request with ECDSA
function signPayload(payload) {
  const canonical = JSON.stringify(payload, Object.keys(payload).sort());
  const sign = crypto.createSign('SHA256');
  sign.update(canonical);
  return sign.sign(PRIVATE_KEY, 'base64');
}

// 3. Launch a game (Type 2 — Server-to-Server)
async function launchGame(userId, gameCode) {
  const timestamp = new Date().toISOString();
  const body = {
    operator_id: OPERATOR_ID,
    user: userId,
    token: 'player_session_token',
    game_code: gameCode,
    currency: 'USD',
    balance: 5000,
    platform: 'mobile',
    lang: 'en',
    lobby_url: 'https://your-casino.com/lobby'
  };

  const signedPayload = {
    method: 'POST',
    path: '/games/launch',
    operator_id: OPERATOR_ID,
    timestamp,
    body
  };
  const signature = signPayload(signedPayload);

  const { data } = await axios.post(`${BASE_URL}/lobby/games/launch`, body, {
    headers: {
      'X-Operator-Id': OPERATOR_ID,
      'X-Timestamp': timestamp,
      'X-Signature': signature
    }
  });

  console.log('Game URL:', data.url);
  console.log('Session:', data.session_id);
  return data;
}

// 4. Embed in iframe
function getIframeHtml(gameUrl) {
  return `<iframe src="${gameUrl}" width="1280" height="720"
    style="border:none" allowfullscreen></iframe>`;
}

(async () => {
  const games = await getGames();
  const launch = await launchGame('player_123', 'snakes_ladders');
  console.log('Iframe:', getIframeHtml(launch.url));
})();

Game Rules

Snakes & Ladders Live

  • 4 players (Red, Blue, Green, Yellow) on a 10x10 board
  • Dice range: 1-6. 10 snakes, 6 ladders
  • 15-second betting window between each roll
  • First to square 100 wins. Must land exactly.
  • RTP: 88% | Volatility: Medium | Max Win: 5.5x

Ludo Live

  • 4 players race around a 57-step track
  • Kill-to-enter-home: must eliminate an opponent first
  • Landing on an opponent sends them back to start
  • 15-second betting window between each roll
  • RTP: 88% | Volatility: High | Max Win: 5.5x

Live API Tester

Live API Tester

Ready to Integrate?

Contact our integration team for operator onboarding, ECDSA key exchange, and staging environment access.

harshit@credoragames.com