Skip to main content

Security

In order to ensure the API security, query signature generated with the help of the secret key is used. Query signature is validated on our server and in case it doesn’t match, the error is returned.

Please be advised that it is necessary to contact our support team in case your secret key is disclosed.

NOTE: Please use this tool to check your integration implementation for user authorization: https://tests.evenbetgaming.com/opensession/

NOTE: Please use this tool to check your integration implementation for seamless wallet operations: https://tests.evenbetgaming.com/seamless/

Generating query signature

Steps to generate query signature:

  1. Gather the ALL parameters (query parameters, path parameters, form parameters) into array
  2. Delete parameter 'clientId' from array with query parameters. Other parameters that do not participate in signature generation: 'access-token', 'action', 'auth', 'channel', 'controller', 'locale', 'method', 'module', 'sign', 'version', 'per-page', 'page', 'sort'.
  3. If a JSON string is passed, decode it into an associative array and merge it with the rest of the query parameters
  4. Sort the array by parameter names in alphabetical order. If one of the array values is an array then it should be sorted by parameter names in alphabetical order too
  5. Concatenate the array values into one string. If one of the array values is an array, then its values should be concatenated into one string too
  6. Concatenate the resulting string and your SECRET_KEY
  7. Get hash of the string using SHA256 algorithm

In the end you get the signature that can be used in queries.

Pseudocode for signature generation:

function generateSignature(array params, string secretKey) {
    if (exists key 'clientId' in array params) {
        delete key 'clientId' from array params;
    }
    params = sortArray(params);
    paramString = implodeArray(params);
        paramString = concatString(paramString, secretKey);
    signature = SHA256(paramString);
    return signature;      
}

function sortArray(array params) {
    sortByKeys(params);
    for each value with index key in params {
        if the value is an array {
            params[key] = sortArray(value);
        }  
    }
    return params;
}

function implodeArray(array params) {
    paramString = '';
    for each value in params {
        if the value is an array {
        paramString = concatString(paramString, implodeArray(value));
        } else {
        paramString = concatString(paramString, value);
        }
    }
    return paramString;
}

Sample of signature generation on PHP language:

/* function sorting the query parameters
* $array - array with the query parameters in the following format:
* {parameter_name: value}
*/
function sortArray(&$array, $sortFlags = SORT_REGULAR)
{
    if (!is_array($array)) {
        return false;
    }

    // Sort array by parameter name
    ksort($array, $sortFlags);

    // Sort nested arrays, if any
    foreach ($array as &$value) {
        sortArray($value, $sortFlags);
    }

    return true;
}

// Generate query signature

// Step 1. Get the required data
$params = []; // Query parameters
$SECRET_KEY = ''; // Your secret key

// Step 2. Delete the parameter 'clientId' from array with query parameters
if (array_key_exists('clientId', $params)) {
    unset($params['clientId']);
}

// Step 3. Sort the parameters
sortArray($params);

// Step 4. Concatenate the parameters into a string
$iterator = new RecursiveIteratorIterator(new RecursiveArrayIterator($params));
$paramString = implode('', iterator_to_array($iterator));

// Step 5. Add a secret key to the string
$paramString = $paramString . $SECRET_KEY;

// Step 6. Generate a signature using the SHA256 algorithm
$sign  = hash('sha256', $paramString);

Sample of signature generation on JavaScript language:

function sortObjectRecursive(obj) {
    var keys = Object.keys(obj).sort();
    var sortedObject = {};
    keys.forEach((key) => {
        let value = obj[key];
        if (value instanceof Object || value instanceof Array) {
            sortedObject[key] = sortObjectRecursive(value);
        } else {
            sortedObject[key] = value;
        }
    });
    return sortedObject;
}

function implodeRecursive(obj, separator = '') {
    var str = '';

    for (let key in obj) {
        if (!obj.hasOwnProperty(key)) {
            continue;
        }

        let value = obj[key];
        if (value instanceof Object || value instanceof Array) {
            str += implodeRecursive(value, separator) + separator;
        } else {
            str += value + separator;
        }
    }
    return str.substring(0, str.length - separator.length);
}

// Step 1. Get the required data
var allParams = {}; // Query parameters
const SECRET_KEY = ''; // Your secret key

// Step 2. Delete the parameter 'clientId' from array with query parameters
if (allParams.hasOwnProperty("clientId")) {
    delete allParams["clientId"];
}

// Step 3. Sort the parameters
allParams = sortObjectRecursive(allParams);

// Step 4. Concatenate the parameters into a string
var paramString = implodeRecursive(allParams);

// Step 5. Add a secret key to the string
paramString = paramString + SECRET_KEY;

// Step 6. Generate a signature using the SHA256 algorithm
var sign  = sha256(paramString);
console.log(sign);

Sample of signature generation on Python language:

import hashlib
from collections import OrderedDict

def sort_od(od):
    res = OrderedDict()
    for k, v in sorted(od.items()):
        if isinstance(v, dict):
            res[k] = sort_od(v)
        else:
            res[k] = v
    return res

def implode_recursive(arr):
    str_p = ''

    if isinstance(arr, dict):
        values = arr.values()
    else:
        values = arr

    for val in values:
        if isinstance(val, (list, tuple, dict)):
            str_p = str_p + str(implode_recursive(val)) + separator
        else:
            str_p = str_p + str(val) + separator

    return str_p[0:len(str_p) - len(separator)]

# Step 1. Get the required data
allParams = {
    'moneyType': 82,
    'amount': 100,
    'playerId': 74094,
    'locale': 'ru',
    'recursive': {
        'x': 3,
        'b': 2,
        'a': 1,
        'z': 4
    },
    'recursiveArray': [3, 2, 1, 4]
} # Query parameters

secret = '' # Your secret key
separator = ''

# Step 2. Delete the parameter 'clientId' from the array with query parameters
exceptedParams = (
    'clientId',
)
params = {}
for (key, value) in allParams.items():
    if key not in exceptedParams:
        params[key] = value

# Step 3. Sort the parameters
params = sort_od(params)

# Step 4. Concatenate the parameters into a string
strParams = implode_recursive(params)

# Step 5. Add a secret key to the string
strParams = strParams + secret

# Step 6. Generate a signature using the SHA256 algorithm
m = hashlib.sha256()
m.update(str(strParams).encode('utf-8'))
sign = m.hexdigest()

print(sign)