Account Info.

Operator identity, access key, and quick profile summary.

Operator Name

-

Display Name

-

Operator ID

-

Operator Public ID

-

Access Key

-

Access key is masked by default. Enter your password to reveal it.

Games

Select a game to manage tables.

Game catalog

Pick a game to manage tables.

No games available yet.

How to launch a game

Give your players a seamless handoff from your lobby to the GoLetsPlay game client.

Player signs in on your operator site and selects a game.
Your server creates a short-lived launchToken and builds the launch URL with your operatorPublicId.
The browser opens the game client. The client sends launchToken + operatorPublicId to the game server for authorization.

Launch URL template

https://{gameClientBaseUrl}/launch.html?game={gameCode}&token={launchToken}&operatorPublicId={operatorPublicId}

Tip: copy the Operator Public ID from the Account Info tab.

Need a dedicated game client base URL? Contact GoLetsPlay support to enable a branded launcher for your domain.

API

Configure your operator endpoints, follow the integration flow, and test your APIs directly from the GoLetsPlay dashboard. Use the tabs below to focus on one part at a time.

Operator API endpoints

These endpoints are called by the GoLetsPlay game server to authorize players, read balances, and process wallet actions for Poker.

Signing Secret

**** **** **** ****

Shared secret used to verify signed requests. Your operator API must validate X-Signature, X-Timestamp, and X-Nonce on every protected request.

OpenAI API Key (AI Bot)

**** **** **** ****

Used by the game server AI bot layer for behavior decisions. Stored encrypted and fetched server-to-server only.

Game server endpoint (OpenAI key)

GET /api/game/operators/public/{operatorPublicId}/openai-api-key
Header: X-Game-Server-Token: {gameServerToken}

Response

{
  "openAiApiKey": "sk-...",
  "openAiApiKeyLast4": "abcd"
}

Signed request format

Required headers:
Content-Type: application/json
X-Signature: {base64_hmac_sha256}
X-Timestamp: {unix_time_ms_utc}
X-Nonce: {unique_random_value}
X-Provider-Code: GoLetsPlay

Signing message:
{timestamp}.{nonce}.{method}.{pathAndQuery}.{rawBody}

Notes

- Validate signature, timestamp window, and nonce replay on every request.
- Keep the signing secret server-to-server only.
- Always use HTTPS between the game server and your operator endpoints.
- Treat X-Signing-Secret as legacy only if you still allow migration fallback.

How to generate X-Signature

1. Read your operator Signing Secret from the GoLetsPlay API page.
2. Build the signing message exactly:
   {timestamp}.{nonce}.{method}.{pathAndQuery}.{rawBody}
3. Compute HMAC-SHA256 using:
   key = Signing Secret
   message = signing message
4. Convert the HMAC output to Base64.
5. Send that Base64 string in the X-Signature header.

Formula:
X-Signature = Base64(HMACSHA256(SigningSecret, signingMessage))

Example

timestamp = 1774453268283
nonce = ed0bcd52fc034671b3f40e8e71ec7080
method = POST
pathAndQuery = /api/player/authorize
rawBody = {"launchToken":"4737c68b-d74c-4677-9165-cea1c8449af9"}

signingMessage =
1774453268283.ed0bcd52fc034671b3f40e8e71ec7080.POST./api/player/authorize.{"launchToken":"4737c68b-d74c-4677-9165-cea1c8449af9"}

Base URL

Base domain used when the paths below are relative.

Example: https://wallet.operator.com

Usage

Full endpoint = Base URL + relative path
Example: https://wallet.operator.com/api/balance/get

Authorize URL

Validate the launch token and return player profile and balance.

Example: POST /api/player/authorize

Headers

Content-Type: application/json
X-Signature: {base64_hmac_sha256}
X-Timestamp: {unix_time_ms_utc}
X-Nonce: {unique_random_value}
X-Provider-Code: GoLetsPlay

Request body

{
  "launchToken": "GUID"
 }

Note: only launchToken is required in the request body.

Success response

{
  "playerId": 2,
  "operatorPublicId": "GUID",
  "displayName": "player1",
  "gameId": 1,
  "currencyCode": "PHP",
  "languageCode": "en-PH",
  "countryCode": "PH",
  "balance": 1000.00
}

Error response

{
  "error": "Invalid or expired launch token."
}

Balance URL

Return player balance and currency.

Example: POST /api/balance/get

Headers

Content-Type: application/json
X-Signature: {base64_hmac_sha256}
X-Timestamp: {unix_time_ms_utc}
X-Nonce: {unique_random_value}
X-Provider-Code: GoLetsPlay

Request body

{
  "playerId": 1
 }

Success response

{
  "playerId": 1,
  "currencyCode": "PHP",
  "balance": 1000.00
}

Error response

{
  "error": "Player not found."
}

Bet URL

Debit a bet amount (idempotent by transactionId).

Example: POST /api/bet/place

Headers

Content-Type: application/json
X-Signature: {base64_hmac_sha256}
X-Timestamp: {unix_time_ms_utc}
X-Nonce: {unique_random_value}
X-Provider-Code: GoLetsPlay

Request body

{
  "playerId": 1,
  "gameId": 1,
  "roundId": "R-001",
  "transactionId": "T-001",
  "amount": 10.00,
  "currencyCode": "PHP"
}

Success response

{
  "playerId": 1,
  "currencyCode": "PHP",
  "balance": 990.00,
  "transactionId": "T-001"
}

Error response

{
  "error": "Insufficient funds."
}

Win/Settle URL

Credit winnings or settle the round.

Example: POST /api/bet/settle

Headers

Content-Type: application/json
X-Signature: {base64_hmac_sha256}
X-Timestamp: {unix_time_ms_utc}
X-Nonce: {unique_random_value}
X-Provider-Code: GoLetsPlay

Request body

{
  "playerId": 1,
  "gameId": 1,
  "roundId": "R-001",
  "transactionId": "T-002",
  "amount": 25.00,
  "currencyCode": "PHP"
}

Success response

{
  "playerId": 1,
  "currencyCode": "PHP",
  "balance": 1015.00,
  "transactionId": "T-002"
}

Error response

{
  "error": "Duplicate transaction."
}

Rollback URL

Reverse a previous bet/settle transaction.

Example: POST /api/bet/rollback

Headers

Content-Type: application/json
X-Signature: {base64_hmac_sha256}
X-Timestamp: {unix_time_ms_utc}
X-Nonce: {unique_random_value}
X-Provider-Code: GoLetsPlay

Request body

{
  "playerId": 1,
  "gameId": 1,
  "roundId": "R-001",
  "transactionId": "T-003",
  "originalTransactionId": "T-001",
  "amount": 10.00
}

Success response

{
  "playerId": 1,
  "currencyCode": "PHP",
  "balance": 1000.00,
  "transactionId": "T-003"
}

Error response

{
  "error": "Transaction not found."
}

Tip URL

Deduct a tip amount from the player's wallet.

Example: POST /api/tip/place

Headers

Content-Type: application/json
X-Signature: {base64_hmac_sha256}
X-Timestamp: {unix_time_ms_utc}
X-Nonce: {unique_random_value}
X-Provider-Code: GoLetsPlay

Request body

{
  "playerId": 1,
  "gameId": 1,
  "roundId": "R-001",
  "transactionId": "T-010",
  "amount": 5.00,
  "currencyCode": "PHP"
}

Success response

{
  "playerId": 1,
  "currencyCode": "PHP",
  "balance": 995.00,
  "transactionId": "T-010"
}

Error response

{
  "error": "Insufficient balance."
}

Rake URL

Notify the operator about rake deducted from the pot.

Example: POST /api/rake/notify

Headers

Content-Type: application/json
X-Signature: {base64_hmac_sha256}
X-Timestamp: {unix_time_ms_utc}
X-Nonce: {unique_random_value}
X-Provider-Code: GoLetsPlay

Request body

{
  "gameId": 1,
  "matchId": "match-123",
  "handId": "match-123-000001",
  "tableId": "table-01",
  "amount": 12.50,
  "currencyCode": "PHP",
  "payloadJson": "{...}"
}

Success response

{
  "gameRakeEventId": 1001
}

Error response

{
  "error": "MatchId is required."
}

Optional endpoints (not required for Poker)

Session Close URL

Close a session when the game ends.

Example: POST /api/session/close

Headers

Content-Type: application/json
X-Signature: {base64_hmac_sha256}
X-Timestamp: {unix_time_ms_utc}
X-Nonce: {unique_random_value}
X-Provider-Code: GoLetsPlay

Request body

{
  "playerId": 1,
  "gameId": 1,
  "roundId": "R-001"
 }

Success response

{
  "status": "Closed"
 }

Error response

{
  "error": "Session not found."
 }

Free Bet URL

Redeem bonus/free-bet credits.

Example: POST /api/freebet/redeem

Headers

Content-Type: application/json
X-Signature: {base64_hmac_sha256}
X-Timestamp: {unix_time_ms_utc}
X-Nonce: {unique_random_value}
X-Provider-Code: GoLetsPlay

Request body

{
  "playerId": 1,
  "gameId": 1,
  "roundId": "R-001",
  "transactionId": "T-004",
  "amount": 5.00
 }

Success response

{
  "playerId": 1,
  "currencyCode": "PHP",
  "balance": 1005.00,
  "transactionId": "T-004"
 }

Error response

{
  "error": "Bonus is not available."
 }

Jackpot Contribute URL

Add contributions to a jackpot pool.

Example: POST /api/jackpot/contribute

Headers

Content-Type: application/json
X-Signature: {base64_hmac_sha256}
X-Timestamp: {unix_time_ms_utc}
X-Nonce: {unique_random_value}
X-Provider-Code: GoLetsPlay

Request body

{
  "playerId": 1,
  "gameId": 1,
  "roundId": "R-001",
  "transactionId": "T-005",
  "amount": 1.00
 }

Success response

{
  "playerId": 1,
  "currencyCode": "PHP",
  "balance": 999.00,
  "transactionId": "T-005"
 }

Error response

{
  "error": "Jackpot pool is closed."
 }

Jackpot Payout URL

Payout a jackpot winner and finalize the round.

Example: POST /api/jackpot/payout

Headers

Content-Type: application/json
X-Signature: {base64_hmac_sha256}
X-Timestamp: {unix_time_ms_utc}
X-Nonce: {unique_random_value}
X-Provider-Code: GoLetsPlay

Request body

{
  "playerId": 1,
  "gameId": 1,
  "roundId": "R-001",
  "transactionId": "T-006",
  "amount": 100.00
 }

Success response

{
  "playerId": 1,
  "currencyCode": "PHP",
  "balance": 1099.00,
  "transactionId": "T-006"
 }

Error response

{
  "error": "Payout failed."
 }

How GoLetsPlay connects to your operator system

Use this step-by-step flow when implementing your operator APIs for GoLetsPlay Poker.

Save your required operator endpoints above: authorize, balance, bet, settle, rollback, tip, and rake.
Generate your operator Signing Secret and store it securely on your server only.
Your player logs in on your operator system and your server issues a short-lived launchToken.
The game client opens with launchToken and operatorPublicId.
The GoLetsPlay game server resolves your saved endpoint URLs using operatorPublicId.
The game server calls your APIs with signed headers: X-Signature, X-Timestamp, X-Nonce, and X-Provider-Code.
Your operator API validates the request signature and returns JSON responses in the expected format.

Authorize endpoint

POST /api/player/authorize

Authorize request body

{
  "launchToken": "GUID"
}

Authorize response fields required by GoLetsPlay

playerId
operatorPublicId
displayName
gameId
currencyCode
languageCode
countryCode
balance

Required wallet endpoints for Poker

POST /api/balance/get
POST /api/bet/place
POST /api/bet/settle
POST /api/bet/rollback
POST /api/tip/place
POST /api/rake/notify

Example authorize success response

{
  "playerId": 2,
  "operatorPublicId": "GUID",
  "displayName": "player1",
  "gameId": 1,
  "currencyCode": "PHP",
  "languageCode": "en-PH",
  "countryCode": "PH",
  "balance": 1000.00
}

Example authorize error responses

{
  "error": "Invalid or expired launch token."
}
{
  "error": "Player not found."
}

Tip: keep launch tokens short-lived. For all protected APIs, validate the signed headers and reject replayed nonce or expired timestamp requests.

Test operator API endpoints

Send signed sample requests from this dashboard to your operator API. If the browser blocks the request, allow CORS from the GoLetsPlay dashboard origin on your operator server.

Endpoint to test

Signing Secret

Used only in your browser to generate signed test headers.

Provider code

Resolved test URL

Select an endpoint to preview the resolved URL.

Request body (JSON)

Last request and response

No test request sent yet.

Game history API (audit)

These GoLetsPlay endpoints let operators fetch Poker match history for audit, player support, and reconciliation.

Copy your Operator Public ID from the Account Info tab.
Use game id 1 for Poker.
Call the list endpoint to fetch match summaries.
Use matchId from the list response to fetch one match detail.
Use handId from the match detail response to fetch hand events.
Optionally use playerId to filter history for a single player.

List matches (paged)

GET /api/portal/operators/{operatorPublicId}/games/1/history?limit=100

Optional filters:
- playerId=PLAYER_ID
- sinceUtc=2026-02-14T00:00:00Z

Paging (cursor):
- beforeUtc=2026-02-14T05:00:00Z&beforeGameMatchId=12345

Use the next cursor from the response to fetch the next page.

Get match details (players + hands summary)

GET /api/portal/operators/{operatorPublicId}/games/1/history/{matchId}

Get a hand + events

GET /api/portal/operators/{operatorPublicId}/games/1/history/{matchId}/hands/{handId}?limit=200

Optional:
- sinceUtc=2026-02-14T05:00:00Z

Paging response shape

{
  "items": [ ... ],
  "next": {
    "beforeUtc": "2026-02-14T05:00:00Z",
    "beforeGameMatchId": 12345
  }
}

All timestamps are UTC ISO-8601 strings with a trailing Z.

Test Poker history API

Run the GoLetsPlay Poker history endpoints directly from this dashboard and inspect the JSON response.

Operator Public ID

Player ID (optional)

Limit

Match ID

Hand ID

Last history response

No history request sent yet.