This API offers the possibility to create Freeplay tokens to selected users.
\nOur server will use JSON as the request body format to be consistent with responses.
\nResponses will always be in JSON format.
\nAll endpoints in this API requires authentication in order to be accessed.
\nAuthentication is HMAC-signature based.\nUpon registering as a partner with Colossus Bets, you'll receive an api_auth_key and an api_auth_secret.
Please follow the steps below to sign your requests.
\nThere are some important headers that needs to be provided in all your requests:
\nDate: this is the HTTP timestamp of the request in the RFC 1123/2822 Internet Standard. For security reasons, our API will reject the request when the HTTP timestamp is too much in the past (currently set to 15 minutes max).\nValue example: Mon, 23 Jan 1984 03:29:56 GMT.
Authorization: this is the header that will contain the HMAC signature. The format will be APIAuth-HMAC-SHA256 {{api_auth_key}}:{{signature}}. You'll need to substitute api_auth_key and signature. The former will be provided by us while the latter will need to be calculated (see below in Signature Generation paragraph).
(Optional) Content-MD5: this is the standard header which is the Base64 encoding of the MD5 hash of the request body. It's optional in case of an empty body or a GET request.
\n(Optional) Content-Type: this is the standard header which will tell the api how to read the request body. It's optional in case of an empty body or a GET request.
\nIn order to calculate the signature, you'll first need to generate the canonical string. The format for it is the following:
{{HTTP_METHOD}},[Content-Type],[Content-MD5],{{RequestURI}},{{Date}}
GET, POST, DELETE or any other HTTP method.path part of your request URL, including the querystring parameters.The elements between {{ }} are mandatory, while the ones between [ ] are optional. All commas are mandatory, even when an element is missing.
Once you calculated the canonical string based on the request, you can proceed calculating the signature from it. This can be achieved with the following 2 steps:
\napi_auth_secret (provided by us).We'll now guide you through an example for a request authentication.
\nLet's assume Colossus Bets provided you with the following details:
\nLet's assume that for this test we want to call the POST /F2PConsole/api/FreeToPlay/GiveTokensToUsers endpoint and the body of the request will be something like:
[\n {\n \"user_id\" : \"john23\",\n \"plays\" : \"2\"\n },\n {\n \"user_id\" : \"amy27\",\n \"plays\" : \"1\"\n },\n {\n \"user_id\" : \"2376890\",\n \"plays\" : \"2\"\n }\n]\nWe will then calculate the content-MD5 header, from the body (y1OKcElbEvKAljAHcXtwEA==) and we should compute the following canonical string: POST,application/json,y1OKcElbEvKAljAHcXtwEA==,/f2pconsole/api/freetoplay/givetokenstousers,Thu, 22 Mar 2018 15:23:15 GMT, from which we can calculate the Base64 encoding of the SHA256 HMAC hash, using the api_secret, which give us oapdEIG5iqI7a/9POrbLUuC4i2PAgQxYBKGWZYWWd6U=. The final Authorization header will then be: APIAuth-HMAC-SHA256 api_key:oapdEIG5iqI7a/9POrbLUuC4i2PAgQxYBKGWZYWWd6U=.
It gives to the specified users a FreeToPlay token, containing the corresponding number of plays or it will increase the current number of plays in an already valid token if in the same ApiCampaign.
At the moment, the first available ApiCampaign is used.
An ApiCampaign can be created via the FreeToPlay console access provided by Colossus Bets.
An array of hashes containing 2 keys:
\nuser_id - the id of the user in your system (the one that Colossus receives from the user authentication/user info endpoint on your wallet)plays - the amount of plays(nr of lines) that the user can play for freeIt gives to the specified users a FreeToPlay token, containing the corresponding number of plays or it will increase the current number of plays in an already valid token if in the same chosen campaign.
\nAn ApiCampaign can be created via the FreeToPlay console access provided by Colossus Bets.
campaign_id - the id of the created campaign in the consoleusers - an array of hashes (an empty array is valid as well, no tokens are assigned in that case) containing:user_id - the id of the user in your system (the one that Colossus received or will receive from the user authentication/user info endpoint on your wallet)plays - the amount of plays(nr of lines) that the user can play for freeSuccess responses:
\n201 created All tokens have been assigned.Client error responses: (some of them are accompanied by a readable error message)
\n400 bad request In any of the following cases: 401 unauthorized APIauth authentication failed or wrong merchant credentials404 not found The campaign was not found.Server error responses:
\n500 internal server error Usually this means the partner configuration is absent, in this case please contact us.It gives the amount of plays (number of lines) that the user can play for free. It can be used to show the number of free plays available for a customer outside of the iframe.
\nid - the id of the user in your system (the one that Colossus receives from the user authentication/user info endpoint on your wallet)Success responses:
\n200 OK{freeplays: 3}Error responses:
\n404 Not Found{code: \"COULDN'T FIND USER\"}It gives a list of campaigns. #WIP