API Request and Response

API Environments

We have 2 Environments: Sandbox and Production.

Sandbox Base URL is: https://sandbox-openapi.gameleme.com/**

Production Base URL is: https://openapi.gameleme.com/**

Authenticating API Requests

All our APIs are secured, and for you to be able to access them, you need to send an Authorization header containing the secret key that has been issued to you.

Set the request header:
Authorization： AppSecret
Timestamp：timestamp
Signature: generate string by querystring,body data,AppSecret

curl --location 'https://sandbox.gameleme.com' \
--header 'Content-Type: application/json' \
--header 'Authorization: {your AppSecret}' \
--header 'Timestamp: 1718707773469' \
--header 'Signature: f66d3b5a5d1d682106ecd294f56ac548a5503f77b2487c73adde14b0ad6806bc'

The value of "Timestamp" in the header must be the same as the timestamp used when generate the signature, and it cannot exceed the current time by 10 minutes. Otherwise, the request will not be successful.

Generate Signature

Extract the data from the query in the request URL and the post body, and combine them in the form of a query string. Then, use the encryption algorithm SHA256 to generate the signature.

If the signature is incorrect, the API response will be 404.

const querystring = (Object.keys(queryParams).length > 0 ? qs.stringify(queryParams) : '') + (Object.keys(bodyParams).length > 0 ? qs.stringify(bodyParams) : '');
// The value of "timestamp" must be the same as the value of "Timestamp" in the header, 
// and it should be real-time.
const signString =  timestamp + appSecret + querystring

const HmacSHA256 = crypto.createHmac('SHA256', appSecret);
const signature = HmacSHA256.update(signString).digest('hex');

/*
For example:
url: https://sandbox-openapi.gameleme.com/v1/topup?one=abc&two=1234
post data: 
{
    gameId: string;
    partition: string;
    playerId: string;
    productId: string;
    reference: string;
}
// Extract query parameters from the URL and, if it is a POST request, process the content of the POST using querystring.
querystring = 'one=abc&two=1234'
bodystring = 'gameId=1450015065&productId=1637524&playerId=5560524498&partition=1&reference=G12341231231226'

signString = timestamp + appSecret + querystring + bodystring
# signString = "17187050138024a54958bbde3753fc7f2119f53471725one=abc&two=1234gameId=1450015065&productId=1637524&playerId=5560524498&partition=1&reference=G12341231231226"

Encryption algorithm: SHA256
*/

API Responses

All our APIs have a uniform response body.

The responseCode and success fields will tell you whether the call resulted in a successful or failed response.

The responseMessage field describes the reason for whatever response was returned, be it successful or failure.

For responses that return data, the data field usually contains whatever response object. This information differs depending on what API request was sent.

//SUCCESS
{
  "status": "success",
  "code": 200,
  "data": {....}
}

//FAILED
{
  "status": "failed",
  "code": 400,
  "message": ''
}

PreviousGetting Integration credentials NextWebhook

Last updated 1 year ago