Integration Documentation
REST + iframe SDK. Server-to-server wallet calls are HMAC-signed and idempotent. Sandbox available before go-live.
Game Launch URL
Mint a one-time signed URL on your backend and redirect (or iframe) the player to it.
GET https://play.rocketrushx.com/launch
?operator_id=acme
&token=<one-time JWT>
¤cy=BTC
&lang=en
&mode=real // real | demo
&return_url=https://casino.example/lobby
&session_id=<your-session>
&nonce=<uuid>
&sig=<hmac-sha256(secret, query_without_sig)>Token TTL: 60s. Currency must match the player's wallet currency. mode=demo bypasses the wallet API and uses fun-money.
Wallet API (S2S)
Rocket Rush X calls your wallet for every bet and win. All requests are signed and idempotent via Idempotency-Key.
POST /wallet/balance
{ "operator_id": "acme", "player_id": "p_123", "currency": "BTC" }
→ 200 { "balance": "0.04210000" }
POST /wallet/debit // place bet
{ "operator_id":"acme", "player_id":"p_123",
"round_id":"r_88f", "amount":"0.00010000",
"currency":"BTC", "game":"rocket-rush-x" }
Headers: Idempotency-Key: bet_r_88f
→ 200 { "balance":"0.04200000", "tx_id":"tx_a91" }
POST /wallet/credit // win
{ "operator_id":"acme", "player_id":"p_123",
"round_id":"r_88f", "amount":"0.00025000",
"multiplier":"2.50", "currency":"BTC" }
Headers: Idempotency-Key: win_r_88f
→ 200 { "balance":"0.04225000", "tx_id":"tx_a92" }
POST /wallet/rollback // any failure / dispute
{ "operator_id":"acme", "tx_id":"tx_a91", "reason":"timeout" }
→ 200 { "rolled_back": true }Same Idempotency-Key MUST return the same response without double-debiting.
Webhooks (round events)
Optional. We POST every settled round to your URL configured at /integrate.
POST {your webhook URL}
X-RRX-Signature: t=1730000000, v1=<hex>
{
"event": "round.settled",
"round_id": "r_88f",
"player_id": "p_123",
"bet": "0.00010000",
"win": "0.00025000",
"multiplier": "2.50",
"selected_rocket": "blue",
"winning_rocket": "blue",
"server_seed_hash": "...",
"server_seed": "...",
"client_seed": "...",
"nonce": 4711,
"settled_at": "2026-10-27T18:22:01Z"
}Retries: exponential backoff 1m → 5m → 30m → 2h → 12h (5 attempts). Return any 2xx.
Signature scheme
HMAC-SHA256 over {timestamp}.{raw_body} with your shared secret.
const signed = `${ts}.${rawBody}`;
const v1 = crypto.createHmac("sha256", secret).update(signed).digest("hex");
// Reject if |now - ts| > 5 min, or v1 mismatch (timingSafeEqual).Error codes
400 bad_request Invalid params
401 invalid_signature HMAC or TS check failed
402 insufficient_funds Wallet returned no balance
404 unknown_player Player not provisioned
409 duplicate_tx Same Idempotency-Key, different body
410 round_closed Bet placed after round lock
423 game_frozen Operator paused the game
429 rate_limited Slow down — retry-after header
451 jurisdiction_blocked Player country/region restricted
503 wallet_unavailable Your wallet did not respond in 3sJavaScript SDK (iframe embed)
<script src="https://play.rocketrushx.com/sdk.js"></script>
<script>
const game = RocketRushX.mount({
el: "#rrx",
launchUrl: "<signed launch URL>",
onEvent: (e) => {
// e.type: "round.start" | "bet.placed" | "cashout" | "round.end" | "error"
},
});
game.resize(); // responsive
game.destroy();
</script>Environments
Sandbox: https://sandbox.rocketrushx.com
Prod: https://play.rocketrushx.com
Status: https://status.rocketrushx.comSandbox uses fake funds, lower RTP variance, and the same signature scheme — perfect for E2E tests.
Rate limits
Per operator: 500 req/s sustained, 2,000 req/s burst (5s). Wallet timeout: 3s. Game session: 4h max idle.