Webhooks & API
Subscribe to platform events and integrate with the seamless-wallet API. Full docs also at Integration.
Add endpoint
How verification works
- We send
X-Provider-SignatureandX-Provider-Timestampheaders. - The signature is
HMAC_SHA256(timestamp + "." + body)in hex. - Recompute it with your secret and compare in constant time.
- Reject timestamps skewed more than ±5 minutes to stop replays.
- Respond
2xxwithin a few seconds; we retry with backoff otherwise.
Registered endpoints
Loading…
Recent deliveries
Delivery attempts and their outcome
Loading…
Core API endpoints
Bearer token auth — see Settings for your key.
| Method | Path | Description |
|---|---|---|
| GET | /v1/games | List entitled games |
| POST | /v1/sessions | Create a launch session |
| GET | /v1/rounds | List rounds (filterable) |
| GET | /v1/rounds/:id | Round detail + receipt |
| GET | /v1/transactions | List wallet transactions |
| GET | /v1/reports/daily | Daily aggregated report |
Verify webhooks (Node.js)
import { createHmac, timingSafeEqual } from 'node:crypto';
app.post('/webhooks/provider', (req, res) => {
const sig = req.header('X-Provider-Signature') ?? '';
const ts = req.header('X-Provider-Timestamp') ?? '';
const raw = req.rawBody;
if (Math.abs(Date.now() / 1000 - Number(ts)) > 300) return res.sendStatus(401);
const expected = createHmac('sha256', WEBHOOK_SECRET)
.update(`${ts}.${raw}`)
.digest('hex');
const ok = sig.length === expected.length &&
timingSafeEqual(Buffer.from(sig), Buffer.from(expected));
if (!ok) return res.sendStatus(401);
res.sendStatus(200);
});