Fizzy Bubbly Operator API
1.0.0
BASE_URL
This document describes the process of integrating with the Fizzy Bubbly system.
- Wallet API: API implemented by the operator
- Games API: API implemented by Fizzy Bubbly
- History API: API implemented by Fizzy Bubbly
- Free spins API: API implemented by Fizzy Bubbly
- Jackpot API: API implemented by Fizzy Bubbly
Terms and abbreviations
Term | Description |
---|---|
Fizzy Bubbly | Games provider |
Operator | Operator |
Brand | Operator site or sub-site |
Staging | Environment where integration is tested |
Private key | Secret key to generate HMAC_SHA256 hash |
Public key | Plain text API key |
Outline of the integration flow
Fizzy Bubbly provides operator
- Endpoint for Games API
- Public key
- Private key
- Outgoing IP addresses for whitelisting
Operator implements Wallet API and provides Fizzy Bubbly:
- Endpoint for Wallet API
- Testing environment details (site, test users)
- Configuration details (max exposure, enabled currencies per brand)
- Outgoing IP addresses for staging environment
Fizzy Bubbly and operator perform testing and sign-off in staging environment
Ready for production deployment
Authentication
Authentication is handled via public api key and request signing.
Every request must contain two HTTP Headers:
Public-Key
: Public key provided by Fizzy Bubbly
Signature
: Signature computed using private key provided by Fizzy Bubbly. See Request signing for more details.
Request signing
Request signing is used to ensure that the request is coming from the operator and that the request has not been tampered with. The signature is computed using the HMAC_SHA256 algorithm. Signature generation is required for all requests to the Fizzy Bubbly API and the signing algorithm is identical for all endpoints. Signature validation is required for all requests to the Wallet API. Information to generate the request signature:
- Request body. This must be a raw HTTP request body bytes.
- HTTP Method. The uppercase HTTP method of the request e.g. POST.
- HTTP URI. The full URI of the request including scheme, host, port, path and query parameters if any e.g. https://api.casino.com/n2/wallet/balance.
- Private Key. The secret API key provided by Fizzy Bubbly.
Signature must be computed on the raw HTTP request body bytes. This means that the request object should be serialized into bytes first and then the signature should be computed.
Pseudo-code to generate the signature:
String md5 = MD5.generate(requestBody).toUpperCase();
String toSign = String.format("%s\n%s\n%s", httpMethod, httpUri, md5);
String signature = HMAC_SHA256.generate(toSign, privateKey);
Test-case for generating signature:
Private key: XmsbLjUNrT4Ktj5YCBFdXvrR3EA6dMpB
Method: POST
Uri: https://api.casino.com/n2/wallet/balance
Body: {"sessionId":"HyvN1Sd2Pm3LAAzd9HV5","playerId":"b2996ddb9a51","currency":"EUR"}
MD5 of body:
E3760D425889FB7F9DF770FEEFF2018C
toSign:
POST
https://api.casino.com/n2/wallet/balance
E3760D425889FB7F9DF770FEEFF2018C
Expected signature:
1fa24ceaff03a97aff58c23d5a41b72a6c24c2abe20dcfb41a03c5e4c9bd939c
Request idempotency
Wallet API withdraw, deposit and rollback requests must be idempotent.
All these requests have a field transactionId
. Requests with same transactionId
must be
processed only once and in case of retries the original response is expected.
Session handling
Validation of the active session is required for all withdraw requests. Deposit and rollback requests must be accepted without having an open session to ensure reconciliation.
Retry
The default behaviour for retries is following:
- withdraw: Errors are not retried, rollback will be called.
- deposit, rollback: Requests are first retried 3 times with 1500ms delay, after that requests are retried with exponentially increasing intervals until successful response is received.
Free Spins Campaigns
Free spins campaigns are managed via separate API. See Free spins API for more details. There are two modes of free spins handling:
- Transaction per free spin mode. In this mode every free spin is sent as a separate transaction for both bets and wins. This is the default mode.
- Aggregation mode. In this mode only final deposit with the total win amount will be sent. Total win amount is calculated as a sum of all free spins wins. Free spins that were not consumed by a player on time (before consumeBefore) will be voided and not sent to the operator. The free spins mode has to be agreed with Fizzy Bubbly before the integration starts.
There are two fields related to free spins in the transaction request:
freeSpinsCampaignId
- Id of the free spins campaign that the transaction relates to.isFreeSpinsConsumed
- Flag to indicate if the free spins are consumed and no more free spins are expected for the campaign. This flag will only be sent for the final DEPOSIT transaction.
Error handling
Errors are handled via HTTP status codes and custom error codes. All requests with HTTP status code 200 OK are expected to be handled successfully. All other HTTP status codes are expected to have body with following structure:
{
"code": "{Error Code}",
"message": "{Message to describe the error in more detail}",
"traceId": "Internal id to track the request-response"
}
Error Code | Description |
---|---|
ERROR_UNKNOWN_ERROR |
General error codes for errors without specific code |
ERROR_BAD_REQUEST |
Request body is invalid |
ERROR_BAD_REQUEST_PLAYER_BLOCKED |
Player is blocked |
ERROR_BAD_REQUEST_DUPLICATE |
The resource already exists |
ERROR_INVALID_PUBLIC_KEY |
Request public key header is invalid |
ERROR_INVALID_SIGNATURE |
Request signature is invalid |
ERROR_INVALID_SESSION |
Invalid session id is provided |
ERROR_SESSION_EXPIRED |
Session has expired |
ERROR_TIMEOUT |
Handling the request took too long time |
ERROR_TRANSACTION_DUPLICATE |
Duplicate transaction id was provided with new parameters (amount, currency, gameRoundId, playerId |
ERROR_TRANSACTION_WITHDRAW_NOT_FOUND |
Withdraw transaction not found for deposit request |
ERROR_TRANSACTION_INSUFFICIENT_FUNDS |
User wallet has insufficient fund for a withdraw request |
ERROR_TRANSACTION_LIMIT_EXCEEDED |
Player has exceeded any kind of playing limit |
ERROR_ROLLBACK_TRANSACTION_NOT_FOUND |
Withdraw transaction not found for rollback request. If such rollback was sent, further withdraw requests with the same transactionId (originalTransactionId in rollback request) are expected to be declined with ERROR_BAD_REQUEST error code. |
ERROR_GAME_NOT_ACTIVE |
Problem with finding an active game. Message will contain an exact reason, why the game could not be fetched |
Game client communication
Game client API is an HTML wrapper that embeds a game client into iframe and acts as a middleware to facilitate in-browser communication between the game client and a casino web page to provide better game experience. Communication is handled via Window object. See https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage for more details.
Support of client communication events can be different based on the game provider. Please confirm with us before using the supported events. Game client communication is an optional feature and will be enabled only when requested.
Game client exposed messages
All game client exposed messages have the following structure:
{
"messageType": "{messageType}",
"payload": {}
}
Message Type | Description | Payload |
---|---|---|
n2.pr.balanceUpdated | In-game balance has changed. | { "balance": 100.00 } |
Game client consumed messages
All game client consumed messages have the following structure:
{
"messageType": "{messageType}",
"payload": {}
}
Message Type | Description | Payload |
---|---|---|
n2.op.pingBalance | Notify game to fetch new balance from the wallet. | {} |
n2.op.stopAutoPlay | Stop game auto-play. | {} |
This is version 1.0.0
of this API documentation.
Last update on Dec 20, 2024.