ROCKET RUSH X · DOCSStart integration

Integration Documentation

REST + iframe SDK. Server-to-server wallet calls are HMAC-signed and idempotent. Sandbox available before go-live.

Game Launch URL

Mint a one-time signed URL on your backend and redirect (or iframe) the player to it.

GET https://play.rocketrushx.com/launch
  ?operator_id=acme
  &token=<one-time JWT>
  &currency=BTC
  &lang=en
  &mode=real          // real | demo
  &return_url=https://casino.example/lobby
  &session_id=<your-session>
  &nonce=<uuid>
  &sig=<hmac-sha256(secret, query_without_sig)>

Token TTL: 60s. Currency must match the player's wallet currency. mode=demo bypasses the wallet API and uses fun-money.

Wallet API (S2S)

Rocket Rush X calls your wallet for every bet and win. All requests are signed and idempotent via Idempotency-Key.

POST /wallet/balance
{ "operator_id": "acme", "player_id": "p_123", "currency": "BTC" }
→ 200 { "balance": "0.04210000" }

POST /wallet/debit         // place bet
{ "operator_id":"acme", "player_id":"p_123",
  "round_id":"r_88f", "amount":"0.00010000",
  "currency":"BTC", "game":"rocket-rush-x" }
Headers: Idempotency-Key: bet_r_88f
→ 200 { "balance":"0.04200000", "tx_id":"tx_a91" }

POST /wallet/credit        // win
{ "operator_id":"acme", "player_id":"p_123",
  "round_id":"r_88f", "amount":"0.00025000",
  "multiplier":"2.50", "currency":"BTC" }
Headers: Idempotency-Key: win_r_88f
→ 200 { "balance":"0.04225000", "tx_id":"tx_a92" }

POST /wallet/rollback      // any failure / dispute
{ "operator_id":"acme", "tx_id":"tx_a91", "reason":"timeout" }
→ 200 { "rolled_back": true }

Same Idempotency-Key MUST return the same response without double-debiting.

Webhooks (round events)

Optional. We POST every settled round to your URL configured at /integrate.

POST {your webhook URL}
X-RRX-Signature: t=1730000000, v1=<hex>
{
  "event": "round.settled",
  "round_id": "r_88f",
  "player_id": "p_123",
  "bet": "0.00010000",
  "win": "0.00025000",
  "multiplier": "2.50",
  "selected_rocket": "blue",
  "winning_rocket": "blue",
  "server_seed_hash": "...",
  "server_seed": "...",
  "client_seed": "...",
  "nonce": 4711,
  "settled_at": "2026-10-27T18:22:01Z"
}

Retries: exponential backoff 1m → 5m → 30m → 2h → 12h (5 attempts). Return any 2xx.

Signature scheme

HMAC-SHA256 over {timestamp}.{raw_body} with your shared secret.

const signed = `${ts}.${rawBody}`;
const v1 = crypto.createHmac("sha256", secret).update(signed).digest("hex");
// Reject if |now - ts| > 5 min, or v1 mismatch (timingSafeEqual).

Error codes

400  bad_request             Invalid params
401  invalid_signature       HMAC or TS check failed
402  insufficient_funds      Wallet returned no balance
404  unknown_player          Player not provisioned
409  duplicate_tx            Same Idempotency-Key, different body
410  round_closed            Bet placed after round lock
423  game_frozen             Operator paused the game
429  rate_limited            Slow down — retry-after header
451  jurisdiction_blocked    Player country/region restricted
503  wallet_unavailable      Your wallet did not respond in 3s

JavaScript SDK (iframe embed)

<script src="https://play.rocketrushx.com/sdk.js"></script>
<script>
  const game = RocketRushX.mount({
    el: "#rrx",
    launchUrl: "<signed launch URL>",
    onEvent: (e) => {
      // e.type: "round.start" | "bet.placed" | "cashout" | "round.end" | "error"
    },
  });
  game.resize();      // responsive
  game.destroy();
</script>

Environments

Sandbox:  https://sandbox.rocketrushx.com
Prod:     https://play.rocketrushx.com
Status:   https://status.rocketrushx.com

Sandbox uses fake funds, lower RTP variance, and the same signature scheme — perfect for E2E tests.

Rate limits

Per operator: 500 req/s sustained, 2,000 req/s burst (5s). Wallet timeout: 3s. Game session: 4h max idle.