NAV Navbar
Logo
shell javascript

Introduction

The Kore API is a modern REST JSON API designed to be easily access the resource of the casino.

There are two major use cases:

All Endpoints

Authentication

POST ~/v3/api/auth/brand_public_credentials/token

POST ~/v3/api/auth/player_credentials/token

POST ~/v3/api/auth/player_credentials/token/mutate

DELETE ~/v3/api/auth/player_credentials

POST ~/v3/api/auth/player_credentials/token/activate

POST ~/v3/api/auth/{grant_type}/token/mutate

GET ~/v3/api/auth/player_credentials

GET ~/v3/pages/login/offline_signon?locale={locale}&mode={mode}&brandGroup={brand_group}

POST ~/v3/api/auth/offline_signon/token

Users

GET ~/v3/api/users

POST ~/v3/api/users

POST ~/v3/api/users/emailcheck

GET ~/v3/api/users/{userid}

GET ~/v3/api/users/{userid}/stats

GET ~/v3/api/users/{userid}/player_day

GET ~/v3/api/users/{userid}/email_status

GET ~/v3/api/users/{userid}/tags?categories={cat1},{cat2}

GET ~/v3/api/users/{userid}/custom

PUT ~/v3/api/users/{userId}/password

PATCH ~/v3/api/users//password

Games

GET ~/v3/api/games

GET ~/v3/api/games

GET ~/v3/api/games/{game_id}

POST ~/v3/api/games/{game_id}/launch

Tournaments

GET ~/v3/api/tournaments/news

GET ~/v3/api/tournaments

GET ~/v3/api/tournaments/{tournament-id}

POST ~/v3/api/tournaments/{tournament-id}/registration

DELETE ~/v3/api/tournaments/{tournament-id}/registration

POST ~/v3/api/tournaments/{tournament-id}/rebuys

Competitions

GET ~/v3/api/competitions?all={true|false}

GET ~/v3/api/competitions/{competitionIds}/leaderboard?limit={limit}

Bonuses

POST ~/v3/api/bonuses/claim

Progressives

GET ~/v3/api/progressives/games

Currency

GET ~/v3/api/currencies

Chats

GET ~/v3/api/chats

Users’ Activity

GET ~/v3/api/users/{user_id}/summaries?date={yyyy-mm-dd}

GET ~/v3/api/users/{user_id}

GET ~/v3/api/users/{user_id}/games

GET ~/v3/api/registrations?date={yyyy-mm-dd}

GET ~/v3/api/tracking/{tracking_id}

Signons

GET ~/v3/api/signons/{signonId}

Referrals

GET ~/v3/api/referrals

GET ~/v3/api/referrals/{referral_code}

POST ~/v3/api/referrals/claim

SignalR

GET ~/v3/api/notifications?access_token={token}

ZAR Migration Endpoints

GET ~/v3/api/migrations/{migration-id}

POST ~/v3/api/migrations/{migration-id}

Versioning

Example of X-Kore-Version header

X-Kore-Version: 1.0.25.3 (4da5cf1)

All URL endpoints are prefixed with v3, because the major version number of the API is set to 3. Additional features may be added when the minor version number is increased.

Compatibility Guarantees

These guarantees apply for going from version 3.x to version 3.y, where y is greater than x.

Incompatible Changes Policy

The following changes would cause an upgrade of the major version from 1 to 2, or 2 to 3:

If an incompatible change occurs we will migrate endpoint from v2 to v3. Existing v2 endpoints will continue to work in parallel to v3 until all operators successfully move to v3.

A previous transition from v1 to v2 has already occurred, and all v1 endpoints have been decommissioned. The API is now transitioning from v2 to v3.

Common Headers

Request Headers

How to Set Common Headers

curl -H "X-Kore-ReturnUrl: http://www.example.com" \
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer CfDJ8Kzjpmj..." 

var settings = { /* ... */ };
settings["headers"] = {
    "X-Kore-ReturnUrl": "http://www.example.com",
    "Content-Type": "application/json",
    "Authorization: Bearer CfDJ8Kzjpmj..." 
};
$.ajax(settings);
Header Description
X-Kore-ReturnUrl Required for most endpoints. URL to be used as a return URL for all _action links provided by the API.
Authorization Bearer token retrieved from ~/v3/auth/token endpoint. It is required for all endpoints except the token endpoint.
Content-Type This header must be set to application/json for POST, PUT and PATCH requests to indicate content is using the JSON format.

Response Headers

Example of Response Headers

X-Kore-Version: 1.0.25.3 (4da5cf1)
Content-Type: application/json; charset=utf-8
Header Description
X-Kore-Version Version header which indicates the exact version of the API. Always present.
X-Kore-ErrorCode Deprecated.
This header is added when the response is an Error, it describes the type of error. See error codes table.
X-Error-Code This header is added when the response is an Error, it describes the type of error. See error codes table.
It was introduced in Kore 3.16 and superedes X-Kore-ErrorCode.
Content-Type This header is usually to application/json; charset=utf-8 for most responses.

Errors

Error Type

Example of Error Response

{
  "error": "invalid_request",
  "error_description": "The return URL is not specified in the X-Kore-ReturnUrl header of the request.",
  "uuid": "7980f224-605b-4a24-b22b-051318b54fd1"
}

Example of Invalid Request Response

{
  "error": "invalid_request",
  "error_description": "Invalid values for `email`, `player_info.nickname` parameters.",
  "properties": ["email", "player_info.nickname"],
  "uuid": "7980f224-605b-4a24-b22b-051318b5add1"
}
Parameter Required? Description
error Required A short alphanumeric code describing the type of error. See error codes table.
error_description Required A short English-only developer oriented description of the error. It may contain more details than error.
uuid Optional A unique UUID that is assigned to specific instance of the error. Please communicate this uuid when contacting support.
properties Optional An array of strings which is optionally returned when error is set to invalid_request. It contains the paths of the properties which failed validation. A dot . is used for sub-properties.

Error Codes

HTTP Error Code Description
500 server_error This error indicates a problem with the Kore API. Please contact support with the uuid if the problem persist.
429 rate_limit_exceeded The request is blocked because the client has used the endpoint too frequently. Try spacing out requests. Please contact support if you need the request limits to be raised.
429 duplicate_request The request is bocked because it is a duplicate of the previous request. This is enabled on some endpoints only.
400 invalid_request The request is invalid or malformed. The description field may contain further details and explain the specific reasons for this error.
400 unsupported_play_mode The playmode is not supported.
400 missing_return_url The X-Kore-ReturnUrl header is missing in the request.
400 unsupported_grant_type The provided authorization grant type is not supported.
400 account_review The player account is locked because the account is under review.
403 account_locked The player account is locked.
429 account_temporarily_locked The player account has been temporarily locked. This may occur after entering too many consecutive invalid passwords.
403 account_password_locked The player account’s password has been locked. This may occur after entering 3 consecutive invalid passwords. This password lock feature happens only on the brands which PasswordLockSettings is enabled.
403 geoblocked The player cannot log in because the IP address belongs to a restricted country.
400 insufficient_balance The balance is not sufficient to complete the request.
400 canceled_ticket The request cannot complete because one of the provided tickets has been canceled.
400 currency_mismatch The player account cannot use the currency provided in the request.
400 invalid_voucher The voucher is invalid.
400 invalid_discount The discount is invalid.
401 invalid_credentials Authentication failed. The provided credentials were not recognized by the server. This may occur when the access token expires.
401 missing_credentials Authentication failed. No Authorization header was provided.
401 invalid_password The provided password or username is not valid.
400 password_reuse_forbidden New provided password must NOT match in last 3 passwords.
401 captcha_required Authentication failed. A CAPTCHA token is required for the request to succeed.
401 captcha_invalid Authentication failed. The provided CAPTCHA token is invalid.
401 expired_player_session The player session has expired due to player inactivity or because the player has signed in elsewhere. You should dispose of the player_credentials access token, as it is no longer valid.
401 expired_token The bearer token provided in the Authorization header has expired.
403 access_denied The provided authentication credentials do not provide sufficient access to this resource.
404 player_not_found The player could not be found. The player id is invalid or has been changed.
403 blocked_gamstop The player cannot log in because the account is registered with the GAMSTOP self-exclusion scheme.
400 player_already_registered The player is already registered.
400 nickname_already_registered The nickname is already registered.
400 firstname_profanity The provided first name is identified as a profanity.
400 lastname_profanity The provided last name is identified as a profanity.
400 nickname_profanity The provided nickname is identified as a profanity.
404 tracking_not_found The tracking information cannot be retrieved.
401 server_only_credentials Authentication failed. The grant type is for server to server backend communication and cannot be used in a web browser. The domain can be whitelisted if needed.
404 invalid_activation_code The activation code does not exist or has expired.
400 activation_failed The player account could not be activated.
404 invalid_fast_track_
registration_code		 The fast track registration code does not exist or has expired.
429 password_change_too_soon The Password was changed very recently. Try again later.

Recovery Error Codes

HTTP Error Code Description
429 recovery_email_exhausted Password recovery failed because too many attempts using the same email address have occurred. Try again later.
429 recovery_sms_exhausted Password recovery failed because too many attempts using the same mobile phone have occurred. Try again later.
400 recovery_contact_support The recovery password cannot be automated. The player should contact support.
404 recovery_not_found The password recovery attempt was not found. It may have expired.
429 recovery_code_exhausted Too many bad password recovery codes have been entered.
400 recovery_code_invalid The provided password recovery code is not valid.
429 recovery_resend_exhausted Too many password recovery codes have been sent.

Bonus Error Codes

The errors below are specific to the bonus and tournaments endpoints.

HTTP Error Code Description
400 bonus_dependency_unmet The Bonus Code has a prerequisite Bonus Code that has not been claimed.
400 bonus_deposit_unmet The deposit does not meet the requirements for the Bonus Code.
400 bonus_requires_invite The player does not have the required tag to use the Bonus Code. An associated invite code is required.
400 bonus_user_claims_exhausted The player has already used the Bonus Code the maximum number of times allowed.
400 bonus_user_claims_deposit The Bonus Code has already been claimed for the deposit.
400 bonus_claims_exhausted The Bonus Code has been used as much as possible and is no longer valid.
400 bonus_tag_violation The player does not have a required tag to use the Bonus code.
400 bonus_expired The Bonus Code has expired.
400 bonus_not_yet_valid The Bonus Code is not yet active.
400 bonus_invalid The Bonus Code is not valid.
400 bonus_user_restricted The player is not eligible for this bonus.
400 bonus_purchase_required The player needs to make a valid deposit to claim this bonus.
400 bonus_limit_reached The maximum number of non-deposit bonuses claimed since players last
400 bonus_invalid_invite The Invite Code is not valid.
400 bonus_withdrawal_made This bonus cannot be claimed because you have made a withdrawal.
400 bonus_affiliate_unmet The requirements for this affiliate bonus were not met by the player. This could be because the player does not have the correct affiliate token.
400 bonus_campaign_ineligible The player is not eligible for the campaign and cannot claim the associated bonus.
400 bonus_claim_in_progress Cannot claim any bonuses while another bonus claim is in progress. Please try again in a moment.

Tournament Error Codes

The errors below are specific to the tournaments endpoints.

HTTP Error Code Description
400 tournament_not_registering The tournament is not open for registration yet.
400 tournament_tag_restriction The player does not have a required tag to use the Tournament.
400 tournament_started The tournament has already started.
400 tournament_full The maximum number of players that can be registered for the tournament has been reached.
400 registration_loyalty_not_supported Registration failed. Loyalty is not a supported registration type.
400 registration_cash_not_supported Registration failed. Cash is not a supported registration type.
400 insufficient_loyalty The player does not have enough loyalty points to complete the request.
400 player_not_registered The player is not registered.
400 tournament_not_started The tournament is not in the Started state.
400 tournament_rebuys_exceeded The rebuy limits have been exceeded for the tournament.
400 tournament_balance_excessive The tournament balance is too high to complete the request.

Competitions Error Codes

The errors below are specific to the competitions endpoints.

HTTP Error Code Description
404 competition_not_found The competition could not be found.

Referrals Error Codes

HTTP Error Code Description
404 referral_disabled The referral feature is disabled.
400 referral_claim_exhausted This IP address or device has claimed too many referral codes.
400 referral_claim_failed You cannot claim the referral bonus.
404 referral_code_not_found The referral code is invalid.

Verification Error Codes

HTTP Error Code Description
404 no_pending_verification There are no pending verifications.
400 invalid_sms_code SMS Verification Code invalid.
400 too_many_verification_retries Too many verification retried attempted. Try again later.
400 invalid_sms_code_length SMS Verification Code length invalid.
400 verification_code_expired Verification code expired. Try again.
400 queued_awaiting_sms_send Verification code queued and is awaiting send. Please wait and try again.

ZAR Migration Error Codes

HTTP Error Code Description
404 migration_not_found The migration could not be found.
400 migration_not_available The player already has an existing account and cannot be migrated.
400 migration_completed The player account has already been migrated.
400 migration_expired The migration ID has expired. A new migration ID must be obtained.
500 migration_failed The migration has failed. Please contact support. This error occurs after the player account has been created.

Non Fatal Errors

Example of non-fatal validation error returned in registration response

{
  "errors": [
    {
      "error": "invalid_request",
      "error_description": "Invalid value for `device_id` parameter.",
      "properties": ["device_id"],
      "uuid": "7980f224-605b-4a24-b22b-051318b5add1"
    }
  ],
  "registration_status": "Success",
  "auth": {
    "grant_type": "player_credentials",
    "tokens": [
      {
        "type": "Bearer",
        "expiration": "2022-01-27T11:58:35Z",
        "value": "CfDJ8EoQ6g[...]"
      }
    ],
    "_links": {
      "user": {
        "href": "http://www.example.com/v3/api/users/YnNNOUFmN3Zlc3A5cFY9Y280dUFKc01PMjNjMkp3PT0.",
        "method": "GET"
      },
      "logout": {
        "href": "http://www.example.com/v3/api/auth/player_credentials",
        "method": "DELETE"
      }
    },
    "locale": "en-US"
  }
}

The Kore API is quite strict and would normally reject any invalid requests with an invalid_request error with a 400 status. However, non fatal errors were introduced in Kore 3.14.

The validation process is different when the request contains optional properties that have been explicitly marked as supporting non-fatal validation. When these properties fail validation, the API reject them by omitting them from the request; in other words the API process the request as if the invalid properties had not been set.

Non-fatal validation errors are returned in an optional errors array added to the success response. In general, this array contains a single error with an invalid_request error code. The error is the same the API would have returned if the strict request validation had been used. The API may return additional non fatal errors in the future.

Non fatal errors may be logged as usual and may contain the uuid property.

Non-fatal validation is supported for a subset of properties which are explicitly documented. At present it is only the device_id and the tracking context object from the authentication and user registration endpoints.

Links

Example of Link Collections

{
    "_links": {
        "query_me": { "href": "http://www.example.com/v3/api/some-resource" },
        "other_query_me": { "href": "http://www.example.com/v3/api/other-resource" }
    },
    "_actions": {
        "follow_me": { "href": "http://www.example.com/webpage.html" },
        "follow_me_again": { "href": "http://www.example.com/another-page.html" }
    }
}

The API returns two kinds of links which are used throughout the API.

Category JSON Description
Actions _actions These are links to web pages that are to be followed by the browser. The URL passed in the X-Kore-ReturnUrl header is used to return to the casino page.
API links _links These are API links to other resources vended by the API. These links may contain IDs.

The API returns hyperlinks in the form of JSON objects which are referred as the LinkCollection type in the rest of the documentation. Each property is a Link with property name indicating the purpose of the link.

The Link type contains a single href property.

Property Required? Type Description
href Required String URL as defined in RFC3986
method Optional String HTTP method as defined in RFC7231. If missing, it is assumed to be GET.

Example of code you MUST NOT write

var response = $.ajax({
  "url": "http://example.com/v3/api/users?platform=html&category=videoslots",
  "method": "GET",
  "headers": {
    "authorization" : `bearer ${userToken}`
  }
});

// DONT DO THIS
// There is NO guarantee that the `SessionID` will exist. 
// We can change the URL format at *any time* without notice.
var session_ids = response.games.map(x => x._actions["play"].href.match(/sessionid=([^&]+)&/)[1]

Money

Money Type

Example of Balance with 819.00 practice credits.

{
  "currency": "XXX",  
  "amount" : 81900,
  "exponent" : 2
}

How to obtain decimal representation in JavaScript.

const decimal = money.amount / Math.pow(10, money.exponent)

The amount of credits is returned as a pair of two integers: amount and exponent. In order to obtain the number of credits in decimal representation, one must divide the amount by the 10 to power of exponent.

Property Required? Type Description
currency Required String Currency code. See below.
amount Required Integer Amount of credits.
exponent Required Integer Exponent for decimal part. This is called the minor unit in ISO 4217. It represents the number of digits after the decimal point.

Decimal Money Type

Example of $0.000001

{
  "currency": "USD",  
  "decimal_amount" : 0.000001
}

The Decimal Money Type is used by endpoints which return fractional monetary amounts that are too small to be represented by the regular Money Type.

Property Required? Type Description
currency Required String Currency code. See below.
decimal_amount Required Decimal Decimal amount of credits.

Currency

Internal Currency Codes

Kore uses the following internal currency codes to represent non monetary credits.

Currency Code Exponent Description
XXX 2 Practice Credits
XTC 2 Tournament Credits.

Fiat Currency Codes

Kore also uses the following ISO 4217 currency codes to represent national currencies.

Currency Code Exponent Description
GBP 2 Pound Sterling
EUR 2 Euro
USD 2 US Dollar
CAD 2 Canadian Dollar
SEK 2 Swedish Krona
NOK 2 Norwegian Krone
DKK 2 Danish Krone
AUD 2 Australian Dollar
CNY 2 Yuan Renminbi
CZK 2 Czech Koruna
CHF 2 Swiss Franc
RUB 2 Russian Ruble
UAH 2 Ukrainian Hryvnia
TRY 2 Turkish Lira
NZD 2 New Zealand Dollar
AMD 2 Armenian Dram
PLN 2 Polish Zloty
GEL 2 Georgian Lari
MXN 2 Mexican Peso
ZAR 2 South African Rand
INR 2 Indian Rupees

Example: 125.00 mBTC

{
  "currency": "BTC",  
  "amount" : 12300000,
  "exponent" : 8
}

Example: 1 Satoshi or 0.00000001 BTC

{
  "currency": "BTC",  
  "amount" : 1,
  "exponent" : 8
}

Crypto Currency Codes

Kore uses the following crypto currencies codes.

Currency Code Exponent Description
BTC or XBT 8 Bitcoin
BCH 8 Bitcoin Cash
LTC 8 Litcoin

Get List of Currencies

The following endpoint can be used to retrieve a list of currencies active for a given brand. Active currencies are opened for registrations to new players.

The brand information is provided by the bearer token.

GET ~/v3/api/currencies

curl -X GET -H "Content-Type: application/json" \Ge
   -H "X-Kore-ReturnUrl: http://www.example.com/" \
   -H "Authorization: Bearer {brand_token}" \
   "http://example.com/v3/api/currencies"

$.ajax({
  "url": "http://example.com/v3/api/currencies",
  "method": "GET",
  "headers": {
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {brand_token}"
  }
});

Response:

{
    "currencies": [
        {
            "currency": "EUR",
            "symbol": "€",
            "iso_exponent": 2,
            "display_exponent": 0,
            "display_decimals": 2
        },
        {
            "currency": "USD",
            "symbol": "$",
            "iso_exponent": 2,
            "display_exponent": 0,
            "display_decimals": 2
        },
        {
            "currency": "BTC",
            "symbol": "mɃ",
            "iso_exponent": 8,
            "display_exponent": 3,
            "display_decimals": 2
        },        
        {
            "currency": "XBT",
            "symbol": "mɃ",
            "iso_exponent": 8,
            "display_exponent": 3,
            "display_decimals": 3
        },
        {
            "currency": "INR",
            "symbol": "₹",
            "iso_exponent": 2,
            "display_exponent": 0,
            "display_decimals": 0
        }
    ]
}

HTTP Request

GET ~/v3/api/currencies

   
HTTP Method GET
Path ~/v3/api/currencies
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type brand_public_credentials or player_credentials

HTTP Response

This endpoint returns a currencies array which contains Currency objects.

Property Required? Type Description
currencies Required Array of Currency objects List of supported currencies for the brand.

Each Currency object contains a single currency property which points to one of the currency codes from above.

Property Required? Type Description
currency Required String A currency country code from the list above.
symbol Required String The currency symbol normally used to display the currency.
iso_exponent Required Number An integer which represents the maximum number of decimals possible for the target currency. This is the exponent used by the Money objects returned by the API. It follows ISO 4217.
display_exponent Required Number An integer which is used for some crypto currencies. It is normally set to 0 for fiat currencies, 3 for “milli” and 6 for “micro” variants of crypto currencies.
display_decimals Required Number The number of decimals required to be displayed in the UI. The provided amounts are guaranteed to fit. The number of digits may be less than what is possible following the relevant ISO 4217 or crypto currency specification.

Example: format XBT using GET ~/v3/api/currencies info

money = { amount: 123400, exponent: 8, currency: "XBT" }
currency = { symbol: "mɃ", display_exponent: 3, display_decimals: 3 }
decimal_amount = money.amount / Math.pow(10, money.exponent) = 1234
scale_amount = decimal_amount / Math.pow(10, decimal_exponent) = 1.234
str_amount = "1.234"
display_amount = "mɃ1.234"
display_amount_fr = "1,234 mɃ"

Example: format INR

money = { amount 4200, exponent: 2, currency: "INR" }
currency = { symbol: "₹", display_exponent: 0, display_decimals: 0 }
decimal_amount = money.amount / Math.pow(10, money.exponent) = 42
scale_amount = decimal_amount / Math.pow(10, decimal_exponent) = 42
display_amount = "₹ 42"

The demo code associated to the Kore API typically loads up the currencies upon startup. Since the information is unlikely to change often, the result from this call could easily be cached or embedded into client code.

The currency information can be used to turn Money objects into a displayable strings.

A naïve version of a display algorithm would work as follows:

  1. Convert Money object to decimal representation: decimal_amount = money.amount / Math.pow(10, money.exponent).
  2. Scale using the display exponent: scaled_amount = decimal_amount / Math.pow(10, display_exponent).
  3. Render amount as a string with display decimals using the correct local specific symbols for the decimal points and thousand separators.
  4. Append currency symbol in the correct position (left or right) with or without a space.

The demo site offers an implementation of the display algorithm which requires no external dependencies other than lodash. It is possible to use Intl.NumberFormat but it gets tricky to deal with crypto currencies correctly.

Authentication

Authorization Header

Example of Authorization Header

Authorization: Bearer CfDJ8PDvwkpMOppOnlGDa1p5Ii/pmOx8xvVaErpsQtNRbQuahQUDDHDDxjgQ3eDoq5Wjre+UVHmhGhybfoUFm9UqyZ1aM2S39mk+Qlj3qyjabMG0dvk1oslKPvhc0LaEaJyyfcIWIedYlNmSrplisvxfMDnRuMcxxsj7YsiC07Z1UC37ZqVaLswTZoF92HWOr3RiLoZtOCDhXylPDbAdwYJrZ2GPrW0+9VUQbpEPODchLqei1VJvVaXneP+pjJ6cFJiytx1/Al80frncrsX5yt1k+0U97jNrRZzdaBmQHQq2oy9gtrhs0928aDMZLC+5mFYIRKG29/+S5dROcjdGqsQQfXKk4wzm/PCsCl7RMFg3cw5Q+CKUdjW82fFTDJRpMMAwDA==

All calls to the Kore API except some authentication endpoints under ~/v3/api/auth require authentication.

Authentication is provided through the use of bearer tokens which are passed to the API using the Authorization header. Authentication tokens are obtained by sending requests to specific unauthenticated ~/v3/api/auth/{grant_type}/token endpoints.

Each token has an associated grant type. Each grant type has a different set of requirements and provide a different set of permissions. Access to endpoints is typically restricted to specific grant types.

Grant Types

The API currently provide the following of grant types:

grant_type Description
brand_public_credentials Identifies a particular brand and locale. This is a low privilege access that requires no shared secret.
player_credentials Identifies a logged-in user. This access requires the user email and password.
brand_credentials Privileged. Provide access to all privileged endpoints.
restricted_activity_subscriber Privileged. Provide access to all user activity endpoints.
tracking Privileged. Provide access to the tracking debugging endpoint.
leaderboard Privileged. Provide access to the competition leaderboard endpoint without any of the limits that would normally apply.
player_verification_credentials Identifies a logged-out user. The token can only be used on the endpoints to enter the SMS code or resend the code.
player_change_password Identifies a logged-out user. The token can only be used to force the player to change its password on the password change endpoint.
launch_game Identifies a token which can be used only to launch a game. This is specific to the obtain launch token endpoint.

Token Object

Example of tokens array

{
  "tokens": [
    {
      "type": "Bearer",
      "expiration": "2020-07-12T08:08:41Z",
      "value": "CfDJ8KBChYue…"
    },
    {
      "type": "Auth",
      "expiration": "2020-08-12T08:08:41Z",
      "value": "Askuwkdl…"
    }
  ]
}

Most authentication endpoint return a tokens array which contain Token objects that vend the following properties:

Property Required? Type Description
type Required String

Bearer for a token that can be provided to the API via the Authorization header.

Auth for a token that can be provided to the API as a POST parameter of an authorization endpoint.

Launch is a special type for launch tokens passed via window.postMessage see obtain launch token
expiration Required String Expiration of the token as a ISO 8601 UTC Date (yyyy-mm-ddThh:mm:ssZ). The token is no longer valid after expiration.
value Required String Value of the token to be provided to the API.

Obtain a Privileged Brand Token

POST ~/v3/api/auth/{grant_type}/token

   
HTTP Method POST
Path ~/v3/api/auth/{grant_type}/token
Required Headers Content-Type
Grant Type None 
curl -X POST -H "Content-Type: application/json" -d '{  \
  "brand_id": "CasinoBrand",                            \
  "locale": "en-US",                                    \
  "secret": "SuperSecretThing"                          \
}' "http://example.com/v3/api/auth/restricted_activity_secret/token"

Path Parameters

The following parameters are provided in the URL path.

Property Required? Type Description
grant_type Required String Must be set to brand_credentials or restricted_activity_subscriber. See authentication types.

POST Parameters

The parameters must be sent as JSON.

Property Required? Type Description
brand_id Required String Pass the Brand ID that identifies the casino.
locale Required String Locale code defined in Locales.
secret Required String Secret used to authenticate the brand.

Response:

{
  "grant_type": "restricted_activity_subscriber",  
  "tokens": [
    {
        "type": "Bearer",
        "expiration": "2020-07-12T08:08:41Z",
        "value": "CfDJ8KBChYue…"
    }
  ]
}

HTTP Response

Property Required? Type Description
grant_type Required String Convenience. Set to the grant_type provided in the request.
tokens Required Array of Tokens Array of Tokens. Contains at least one token whose type is Bearer.

Expiration Policy

Typically privileged tokens are valid until date and time reach the returned expiration. The life time of tokens is typically set to 24 hours.

If you get a expired_token error or any 401 error when using a token, you should stop using the token and consider it invalid. You may obtain a new fresh token by re-using the endpoint.

Obtain a Public Brand Token

A brand_public_credentials bearer token ties all further calls to the API to a particular brand. Since this is a low privilege access that requires no shared secret, you may obtain the bearer token using JavaScript running inside an HTML page.

HTTP Request

POST ~/v3/api/auth/brand_public_credentials/token

   
HTTP Method POST
Path ~/v3/api/auth/brand_public_credentials/token
Required Headers X-Kore-ReturnUrl, Content-Type
Grant Type None

POST ~/v3/api/auth/brand_public_credentials/token

curl -X POST -H "Content-Type: application/json"        \
  -H "X-Kore-ReturnUrl: http://www.example.com/" -d '{  \
  "grant_type": "brand_public_credentials",             \
  "brand_id": "CasinoBrand",                            \
  "locale": "en-US"                                     \
}' "http://example.com/v3/api/auth/brand_public_credentials/token"

var payload = {
    "brand_id": "CasinoBrand",
    "locale": "en-US"
};
$.ajax({
  "url": "http://example.com/v3/api/auth/brand_public_credentials/token",
  "method": "POST",
  "headers": {
    "content-type": "application/json",
    "x-kore-returnurl": "http://www.example.com/"
  },  
  "data": JSON.stringify(payload)
});

POST Parameters

The parameters must be sent as JSON.

Property Required? Type Description
brand_id Required String Pass the Brand ID that identifies the casino.
locale Required String Locale code defined in Locales.
tracking Optional TrackingContext User tracking context.
Non fatal validation is used.

Response:

{
  "grant_type": "brand_public_credentials",  
  "locale": "en-US",
  "tracking_id": "6507763a-70aa-45ec-a523-162c0325d043",
  "tokens": [
    {
        "type": "Bearer",
        "expiration": "2020-07-12T08:08:41Z",
        "value": "CfDJ8KBChYue…"
    }
  ]
}

HTTP Response

Property Required? Type Description
grant_type Required String Convenience. Set to brand_public_credentials.
locale Required String Set to the locale value provided in the request.
tokens Required Array of Tokens Array of Tokens. Contains at least one token whose type is Bearer.
tracking_id Optional String Tracking ID. See TrackingContext.
_actions Optional LinkCollection A link collection containing a actions relevant to the brand.
errors Optional Array of errors Returned if a non fatal error has occurred.

Actions

Link Name Required? Description
landing Optional Landing URL associated to the mid in the Affiliate Manager. See TrackingContext.

Expiration Policy

The access token typically expires after 24 hours. All calls to the API with an expired token will result in a expired_token error being returned.

When the brand_public_credentials bearer token expires, you can obtain a new one by using the ~/v3/api/auth/brand_public_credentials/token endpoint.

Obtain a Player Token

A player_credentials bearer token ties all further calls to the API to a particular player.

HTTP Request

POST ~/v3/api/auth/player_credentials/token

   
HTTP Method POST
Path ~/v3/api/auth/player_credentials/token
Required Headers X-Kore-ReturnUrl, Content-Type
Grant Type None
Rate Limits 20 requests per minute; 100 requests per 10 minutes; 300 requests per hour

POST ~/v3/api/auth/player_credentials/token

curl -X POST 
  -H "Content-Type: application/json" \
  -H "X-Kore-ReturnUrl: http://www.example.com" \
  -d '{ \
    "brand_id": "TestBrand", \
    "locale": "en-US", \
    "email": "bob@example.com", \
    "password": "correct horse battery staple", \
    "play_mode": "Practice", \
    "device_id": "W4TifY3XvBP2ZftnrKZo", \
    "captcha": { \
      "type": "reCAPTCHAv2", \
      "token": "03AGdB…" \
    }  \
  }' \
  "http://example.com/v3/api/auth/player_credentials/token"

var payload = {
  brand_id: "TestBrand",
  locale: "en-US",
  email: "bob@example.com",
  password: "correct horse battery staple",
  play_mode: "Practice",
  captcha: {
    type: "reCAPTCHAv2",
    token: "03AGdB…"
  },
  device_id: "W4TifY3XvBP2ZftnrKZo"
};

$.ajax({
  "url": "http://example.com/v3/api/auth/player_credentials/token",
  "method": "POST",
  "headers": {
    "content-type": "application/json",
    "x-kore-returnurl": "http://www.google.com"
  },
  "data": JSON.stringify(payload)
});

POST Parameters

The parameters must be sent as JSON.

Property Required? Type Description
brand_id Required String Pass the Brand ID that identifies the casino.
locale Required String Locale code defined in Locales.
email Required String Email of the user.
password Required String Password for the user.
play_mode Required String Practice or Real.
tracking Optional TrackingContext User tracking context.
Non fatal validation is used.
captcha Optional* CAPTCHA Token The CAPTCHA token is usually not required unless a captcha_required error is returned and the CAPTCHA Status marks CAPTCHA tokens as mandatory.
device_id Optional String (max 20 chars) This value corresponds to the visitorId returned by the FingerprintJS Pro API.
Non fatal validation is used.

HTTP Responses

There are many types of responses possible from the API.

They are documented in the Player Token Response section below.

Player Token Response

Overview

The main provider for this response is the login endpoint.

In addition the following endpoints return an auth property which follows the exact same structure

Outcomes

Name Grant type Expected Action
Login Success player_credentials Store in a cookie. Call any endpoints that require play authentication.
Follow Link None Follow the URL provided in the response. This is a legacy behavior but it still possible to trigger it.
Follow Link + Activation None Do NOT follow the URL. Use activation endpoint.
Change Password player_change_password You MUST use the password change endpoint.
SMS Verification player_verification_credentials You MUST use the SMS verification endpoint endpoint.
Capture Player Info extra_player_info You MUST use the amend user info endpoint.
ZAR Migration None You MUST issue pass the returned migration ID to the new casino. The new casino shall use migration endpoint to complete the migration.

Follow and Activation

Response containing follow action

{
  "_actions": {
    "follow": { "href": "http://www.example.com/go-there" }
  },
  "activation": {
    "code": "8F88577B61D2DE940269B4AB99E1B351",
    "expiration": "2022-10-10T20:34:10Z",
    "brands": [ "MyCasino", "MyOtherCasino" ],
    "reset_password": {
      "href": "https://www.casino.com/forgotten_password?email=bob@example.com",
      "method": "GET"
    },
    "password_required": false
  }
}

A response containing a follow action link to a web page. This page would be shown if further validation of the player account is required before they can log in.

Property Required? Type Description
_actions Required LinkCollection A link collection containing a follow action.
activation Optional Activation object The activation object may be returned along side some follow actions.

The follow action is only present when the tokens are not issued in the response.

An activation object may also be returned, since Kore version 3.17.

You should make the user’s browser navigate to the page. The URL passed in X-Kore-ReturnUrl is used to go back to the Casino’s page. Upon return from this page, it should be possible to obtain a player_credentials token.

Migration Response

The migration response indicates that the player’s account needs to be migrated to a different casino.

Example of migration response

{
    "migration": {
        "target_brand": "SomeCasino",
        "expiration": "2024-11-22T11:03:03Z",
        "migration_id": "52RAZ94yYpiGeSS3RAcpS3xeBE15mzB6U1dKE9Z_XkYAuY4Vlm3lfJrpdIAPR_Q."
    }
}
Property Required? Type Description
target_brand Required String The brand ID of the casino where the player account needs to be migrated to
expiration Required String Expiration date for the migration ID in ISO 8601 format (yyyy-mm-ddThh:mm:ssZ)
migration_id Required String A base64 encoded string that contains the migration ID.

When a migration outcome is received, no authentication tokens are issued and the player must complete the migration process.

The migration_id is used to complete the migration process. The new casino will use the migration endpoints to complete the migration.

Token Response

Response containing tokens array with a player_credentials grant type.

{
  "grant_type": "player_credentials",
  "locale": "en-US",
  "tokens": [
    {
        "type": "Bearer",
        "expiration": "2020-07-12T08:08:41Z",
        "value": "CfDJ8KBChYue…"
    }
  ],  
  "_links": { 
    "user": { 
      "href": "http://www.example.com/v3/api/users/{userid}",
      "method": "GET"
    },
    "logout": {
      "href": "http://www.example.com/v3/api/auth/player_credentials",
      "method": "DELETE"
    }
  }
}

Response containing a tokens array with a player_verification_credentials grant type

{
  "grant_type": "player_verification_credentials",
  "tokens": [
    {
      "type": "Bearer",
      "expiration": "2024-03-07T09:37:11Z",
      "value": "CfDJ8FheFto…"
    }
  ],
  "tracking_id": "37e22704-39c5-4662-a4a6-48c0f15a3437",
  "_links": {
    "verification": {
      "href": "https://example.com/v3/api/users/ZjJDdW1hTjY4UFRJamw2N1E0YWhEQ1hTMVJCQ0x3PT0./verification",
      "method": "POST"
    },
    "verification_retry": {
      "href": "https://example.com/v3/api/users/ZjJDdW1hTjY4UFRJamw2N1E0YWhEQ1hTMVJCQ0x3PT0./verification/retry",
      "method": "POST"
    }
  },
  "locale": "en-US",
  "email": "bob@example.com",
  "registration_status": "HardSmsVerificationRequired"
}

A response containing a valid tokens array.

You are only fully logged in if the grant_type is set to player_credentials. If the grant type is different please refer to the above outcomes section.

Property Required? Type Description
grant_type Required String Convenience. Set to player_credentials, player_verification_credentials or player_change_password
locale Required String Convenience. Set to the locale provided in the request.
tracking_id Optional String Tracking ID. See TrackingContext.
tokens Required Array of Tokens Array of Tokens. Contains at least one token whose type is Bearer.
_links Required LinkCollection A link collection containing a link to the current user.
errors Optional Array of errors Returned if a non fatal error has occurred.
registration_status Optional RegistrationStatusEnum Returned when brand is enabled for SMS verification prior to login and player hasn’t verified his/her phone.
missing_player_info Optional‡ MissingPlayerInfo Returned when the grant type is extra_player_info to indicate which info are missing for the user.

The user link is only present when the tokens array is present.

Link Name Required? Description
user Optional† Link to GET ~/v3/api/users/{userid}, which provides access to player’s information.
Required for player_credentials grant type.
logout Optional† Link to DELETE ~/v3/api/auth/player_credentials endpoint.
Required for player_credentials grant type.
verification Optional† Link to POST ~/v3/api/users/{user_id}/verification endpoint.
Required for player_verification_credentials grant type.
verification_retry Optional† Link to POST ~/v3/api/users/{user_id}/verification/retry endpoint.
Required for player_verification_credentials grant type.
change_password Optional† Link to PUT ~/v3/api/users/{user_id}/password endpoint.
Required for player_change_password grant type.
extra_player_info Optional† Link to PATCH ~/v3/api/users/{user_id} endpoint.
Required for extra_player_info grant type.

Missing Player Info

Example of response with missing_player_info

{
    "grant_type": "extra_player_info",
    "tokens": [
        {
            "type": "Bearer",
            "expiration": "2024-09-08T14:19:04Z",
            "value": "CfDJ8G..."
        }
    ],
    "tracking_id": "412976f3-3d93-4f97-83c2-931e3823ee4d",
    "_links": {
        "amend_user": {
            "href": "https://example.com/QXFwZEZKTUtLN1hxT3hYN2owbzZxemNpOThMSFNRPT0.",
            "method": "PATCH"
        }
    },
    "locale": "en-US",
    "email": "bob@example.com",
    "missing_player_info": [
        "Address"
    ]
}

The missing_player_info is an array of string enumerations, returned in the body of the PlayerTokenResponse object to denote which properties need to be captured. This array is mandatory whenever the grant_type is set to extra_player_info.

Currently the only type of information about capturing the address, so the only possible value is Address.

Enum Value Description
Address The address details are insufficient. This may be because the Address was never provided or is deemed to be incomplete.

Expiration Policy

A player_credentials token’s expiration property is typically set 24 hours in the future. However, this value merely represents a maximum that is unlikely to be reached in practice.

The underlying player session that underpins player_credentials tokens would normally expire sooner:

When attempting to use a player_credentials token whose underlying session has expired, as explained above, the API issues a expired_player_session error. When this error is encountered, or any other 401 error, you should stop using the token and consider it invalid. You may also attempt to obtain a new player_credentials token and, consequently, prompt the player to enter their credentials again.

Errors

The invalid_password, account_review and account_password_locked errors can also be returned from this endpoint. An optional errors array may also be returned in success responses, in case a non fatal error has occurred.

See errors.

Mutate a Player Token

You can use this endpoint to obtain a new token with the same player_credentials grant type for the same player without the need to provide the player’s credentials.

In order to this endpoint, you must have obtained a player_credentials token previously, as documented above.

This endpoint is typically used to switch between play modes or locales without requesting the player’s credentials.

POST ~/v3/api/auth/player_credentials/token/mutate

curl -X POST 
  -H "Content-Type: application/json" \
  -H "X-Kore-ReturnUrl: http://www.example.com" \
  -H "Authorization: Bearer {user-token}" \
  -d '{ \
    "play_mode": "Practice" \
  }' \
  "http://example.com/v3/api/auth/player_credentials/token/mutate"

var payload = {
  "play_mode": "Practice"
};

$.ajax({
  "url": "http://example.com/v3/api/auth/player_credentials/token/mutate",
  "method": "POST",
  "headers": {
    "Content-Type": "application/json",
    "X-Kore-ReturnUrl": "http://www.google.com",
    "Authorization: Bearer {user-token}"
  },
  "data": JSON.stringify(payload)
});

HTTP Request

POST ~/v3/api/auth/player_credentials/token/mutate

   
HTTP Method POST
Path ~/v3/api/auth/player_credentials/token/mutate
Required Headers X-Kore-ReturnUrl, Content-Type and Authorization
Grant Type player_credentials

Response containing a tokens array

{
  "grant_type": "player_credentials",
  "locale": "en-US",
  "tokens": [
    {
        "type": "Bearer",
        "expiration": "2020-07-12T08:08:41Z",
        "value": "CfDJ8KBChYue…"
    }
  ],  
  "_links": { 
    "user": { 
      "href": "http://www.example.com/v3/api/users/{userid}",
      "method": "GET"
    },
    "logout": {
      "href": "http://www.example.com/v3/api/auth/player_credentials",
      "method": "DELETE"
    }
  }
}

POST Parameters

The parameters must be sent as JSON.

Property Required? Type Description
play_mode Optional String Practice or Real.
locale Optional String Locale code defined in Locales.
tracking Optional TrackingContext User tracking context.
Non fatal validation is used.

You must provide either play_mode or locale for the request to be valid.

HTTP Response

This request generates a response of the same kind than what is described in the obtain a new player token section.

The returned tokens from this endpoint should supersede any previously obtained tokens for the player.

Sign out a Player Token

The sign out endpoint can be used to destroy the underlying game service session. That means no further games or web application page can be accessed by following links provided by Kore before the session was closed. Pages of web application and games that have already been opened will also stop working upon further actions. The Kore API will start emitting expired_player_session errors on endpoints that depends on the validity of the attached player credentials token.

DELETE ~/v3/api/auth/player_credentials

curl -X DELETE 
  -H "Content-Type: application/json" \
  -H "X-Kore-ReturnUrl: http://www.example.com" \
  -H "Authorization: Bearer {user-token}" \  
  "http://example.com/v3/api/auth/player_credentials"

$.ajax({
  "url": "http://example.com/v3/api/auth/player_credentials",
  "method": "DELETE",
  "headers": {
    "content-type": "application/json",
    "x-kore-returnurl": "http://www.google.com",
    "Authorization: Bearer {user-token}"
  }
});

HTTP Request

DELETE ~/v3/api/auth/player_credentials

   
HTTP Method DELETE
Path ~/v3/api/auth/player_credentials
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials

HTTP Response

If the call succeeds you receive a 200 HTTP status. Please note that you will receive a expired_player_session error if you have already logged out (or logged in elsewhere due to single sign on), or the regular authentication errors expired_token, access_denied, missing_credentials for using invalid tokens.

Activate Player Account

The activation endpoint is used to activate an account that exists with another brand.

It is necessary to obtain an Activation object before using this endpoint.

curl -X POST 
  -H "Content-Type: application/json" \
  -H "X-Kore-ReturnUrl: http://www.example.com" \
  -H "Authorization: Bearer {user-token}" \
  -d '{ \
    "brand_id": "MyCasino", \
    "locale": "en-US", \
    "code": "43A71C94CEDA47CE4EC6CB2171E0BF14", \
    "play_mode": "Real", \
    "password": "TopSecret!"
  }' \
  "http://example.com/v3/api/auth/player_credentials/token/activate"

var payload = {
  "brand_id": "MyCasino",
  "locale": "en-US",
  "code": "43A71C94CEDA47CE4EC6CB2171E0BF14",
  "play_mode": "Real",
  "password": "TopSecret!"
};

$.ajax({
  "url": "http://example.com/v3/api/auth/player_credentials/token/activate",
  "method": "POST",
  "headers": {
    "Content-Type": "application/json",
    "X-Kore-ReturnUrl": "http://www.google.com",
    "Authorization: Bearer {user-token}"
  },
  "data": JSON.stringify(payload)
});

HTTP Request

POST ~/v3/api/auth/player_credentials/activate

   
HTTP Method POST
Path ~/v3/api/auth/player_credentials/activate
Required Headers X-Kore-ReturnUrl, Content-Type,
Grant Type public_brand_credentials
Rate Limits 20 requests per minute; 100 requests per 10 minutes; 300 requests per hour

POST Parameters

The parameters must be sent as JSON.

Property Required? Type Description
brand_id Required String Pass the Brand ID that identifies the casino.
locale Required String Locale code defined in Locales.
code Required String The code from the Activation object.
play_mode Required String Practice or Real.
password Optional* String The password from the existing player’s account.
This property should only be provided if email_required is set to true in the Activation object.
tracking Optional TrackingContext User tracking context.
Non fatal validation is used.
device_id Optional String (max 20 chars) This value corresponds to the visitorId returned by the FingerprintJS Pro API.
Non fatal validation is used.
welcome Optional Welcome Object containing additional information about the welcome pages.
Non fatal validation is used.

Response with Auth Tokens

{
  "grant_type": "player_credentials",
  "locale": "en-US",
  "tokens": [
    {
        "type": "Bearer",
        "expiration": "2020-07-12T08:08:41Z",
        "value": "CfDJ8KBChYue…"
    }
  ],  
  "_links": { 
    "user": { 
      "href": "http://www.example.com/v3/api/users/{userid}",
      "method": "GET"
    },
    "logout": {
      "href": "http://www.example.com/v3/api/auth/player_credentials",
      "method": "DELETE"
    }
  }
}

HTTP Response

In case of failure, the endpoint returns an error with an associated 4xx or 5xx HTTP status code. Typically an invalid_activation_code or activation_failed error. The latter is generally returned when the passwords do not match, or if the account has already been activated.

In case of success, the endpoint returns a 200 HTTP status response with the same body as the GET ~/v3/api/auth/player_credentials/token endpoint response.

Obtain an Offline Signon Token

This authentication method is only suitable for an app. The authentication is valid for all brands in the brand group.

The credentials are not provided directly to the API. Instead the player is invited to load the following Web page and the authentication tokens are returned to the App via specific JavaScript callbacks.

HTTP Request

GET ~/v3/pages/login/offline_signon?locale={locale}&mode={mode}&brandGroup={brand_group}

   
HTTP Method GET
Path ~/v3/pages/login/offline_signon
Required Headers None
Grant Type offline_signon

Query Parameters

Property Required? Type Description
locale Required string Only en-US is supported at the moment.
mode Required string Only the value MobileApp is acceptable.
brandGroup Required string The internal name of the brand group. Typically uses a PascalCase naming convention.

Example of JavaScript callback implementation

window.app = {
    onLoginSuccess: function(response) { 
        console.info("Login success!");        
        const bearer_token = response.tokens.filter(x=>x.type === "Bearer")[0].value;
        console.info("Bearer Token: " + bearer_token);
        const auth_token = response.tokens.filter(x=>x.type === "Auth")[0].value;
        console.info("Auth Token: " + auth_token);        
    },
    onLoginError: function(error) { 
        console.error("Login failed!");
        console.error(error);
    }
}

JavaScript Callbacks

The pages communicates the results of the authentication to the calling app, by calling specific JavaScript functions, exposed in the window.app interface. It is the responsibility of the App to implement all the callbacks of the interface as described below.

Callback Signature Description
onLoginError (error: Error) => void The function is called in case an unexpected error occurs. Expected errors such as invalid_password are handled by the web page. The callback accepts a single parameter which is the Error used by the Kore API.
onLoginSuccess (auth: SignonResponse) => void The function is called when the player successfully authenticates. The callback accepts a single SignonResponse parameter.

Example of onLoginSuccess() callback

{
   "grant_type": "offline_signon",
   "locale": "en-US",
   "tokens": [
      {
         "type": "Bearer",
         "expiration": "2020-09-17T09:18:26Z",
         "value": "CfDJ8A...rGLq89Y="
      },
      {
         "type": "Auth",
         "expiration": "2020-12-15T09:18:26Z",
         "value": "CfDJ...CRI="
      }
   ],
   "_links": {
      "sign_on": {
         "href": "https://example.com/v3/api/signons/OnBPcrCv0uXrrpFUxbMtMQ",
         "method": "GET"
      }
   }
}

Signon Response

Property Required? Type Description
grant_type Required String Convenience. Set to offline_signon
locale Required String Convenience. Set to the locale provided in the query parameter
tokens Required Array of Tokens Array of Tokens. Contains at least one token whose type is Bearer and one Auth
_links Required LinkCollection A link collection containing a link to the signon.
Link Name Required? Description
signon Required Link to ~/v3/api/signon/{signonId}, which provides access to signon’s information.

Tokens

The Bearer token can passed to the API via the Authorization header in order to access endpoints which require an offline_signon grant type.

The Bearer token has a much shorter lifetime than the Auth token. The Auth token can only be used to refresh the values of both tokens via a dedicated API endpoint.

Both token typically remain valid until they expire. The tokens do not become invalid as consquence of the single sign on policy nor due to idleness. Therefore, great care should be used to store these tokens securily. It is recommended to use the device’s KeyChain on iOS and KeySore on Android.

Typically the Auth token is valid for up to three months. However, tokens become invalid if the player changes their passwords.

Refresh an Offline Signon Token

POST ~/v3/api/auth/offline_signon/token

curl -X POST -H "Content-Type: application/json" -d '{  \
  "token": "CfDJ...CRI=",              \
}' "http://example.com/v3/api/auth/offline_signon/token"

var payload = {
    "token": "CfDJ...CRI="
};
$.ajax({
  "url": "http://example.com/v3/api/auth/offline_signon/token",
  "method": "POST",
  "headers": {
    "content-type": "application/json"
  },  
  "data": JSON.stringify(payload)
});

This is a regular API endpoint. It should be used when the Bearer token obtained via the Authentication Page has expired. The caller should update the value of both the Bearer and Auth tokens using this endpoint.

HTTP Request

POST ~/v3/api/auth/offline_signon/token

   
HTTP Method POST
Path ~/v3/api/auth/offline_signon/token
Required Headers Content-Type
Grant Type offline_signon

POST Parameters

Property Required? Type Description
token Required String The value of the Auth token obtained in the via the Authentication Page

Response - Same schema as onLoginSuccess() callback

{
   "grant_type": "offline_signon",
   "locale": "en-US",
   "tokens": [
      {
         "type": "Bearer",
         "expiration": "2020-09-17T09:18:26Z",
         "value": "CfDJ8A...rGLq89Y="
      },
      {
         "type": "Auth",
         "expiration": "2020-12-15T09:18:26Z",
         "value": "CfDJ...CRI="
      }
   ],
   "_links": {
      "sign_on": {
         "href": "https://example.com/v3/api/signons/OnBPcrCv0uXrrpFUxbMtMQ",
         "method": "GET"
      }
   }
}

HTTP Response

The response uses the same Signon Response JSON object than the Authentication Page

Error Handling

If the endpoint returns a 401 error, the caller should delete the token provided in the request and prompt the user to enter their credentials again via the Authentication Page.

Check CAPTCHA Status

The GET ~/v3/api/auth/player_credentials endpoint can be used to check whether CAPTCHA tokens are mandatory when trying to obtain a player_credentials token.

GET ~/v3/api/auth/player_credentials

curl -X GET 
  -H "Content-Type: application/json" \
  "http://example.com/v3/api/auth/player_credentials"

$.ajax({
  "url": "http://example.com/v3/api/auth/player_credentials",
  "method": "GET",
  "headers": {
    "content-type": "application/json"
  }
});

HTTP Request

GET ~/v3/api/auth/player_credentials

   
HTTP Method GET
Path ~/v3/api/auth/player_credentials
Required Headers Content-Type and Authorization
Grant Type None

Response when CAPTCHAs are not mandatory

{
  "recaptcha": {
    "type": "none"
  }
}

Response when CAPTCHAs are mandatory

{
  "recaptcha": {
    "type": "reCAPTCHAv2",
    "siteKey": "6Lf8F68ZAAAAAGzA7ofqztYeMAI5zvx3OnqrMJro"
  }
}

HTTP Response

The response is simple JSON object which contains a single captcha property.

Property Required? Type Description
catpcha Required CATPCHA Status The CAPTCHA Status.

CATPCHA Status

The return captcha property indicates whether a CAPTCHA token is mandatory for player_credentials authentication or not.

Property Required? Type Description
type Required string none or reCAPTCHAv2.
site_key Optional* string Required if type is set to reCAPTCHAv2.

CAPTCHA Token

Example of CAPTCHA Token in request

{
  "captcha": {
    "type": "reCAPTCHAv2",
    "token": "03AGdB…"
  }
}

The CAPTCHA Token is used by the login endpoint, the registration endpoint, and the email availability check endpoint.

The CAPTCHA Token object contains the following properties:

Property Required? Type Description
type Required String Must be set to reCAPTCHAv2.
token Required String The value of the CAPTCHA token as obtained via the reCAPTCHA v2 API.

Tracking Context

Example of tracking context created from a persistent cookie:

{
    "tracking_id": "6637ebbb-9916-49c8-a8b8-52280c3b1e1d"
}

Example of tracking context created from query parameters:

{
    "url": "https://www.example.com?cid=9V147K&mid=22JC0492",
    "referrer": "https://casino-referrer.example.com/thebest.html"
}

The TrackingContext object is used to communicate the user tracking context to the ~/v3/api/auth/{grant_type}/token endpoints. The provided data is obtained from different sources: persistent browser storage (e.g. cookies), query URL parameters, or through the use of third party libraries. The collected data is then used by the fraud prevention and the affiliate marketing systems.

Property Required? Type Size Range Description
tracking_id Optional* string [1..36] Tracking ID. Received from previous ~/v3/api/auth/{grant_type}/token response.
url Optional* string [1..1000]* Landing URL used to navigate to the Kore enabled site. The query of the URL may contain pixel tracking parameters such as rt, mid, cid, TrackingToken, etc… The url property may be omitted if the URL contains no query parameters.
referrer Optional string [1..1000]* URL of affiliate page that links to casino site. This may be retrieved via the document.referrer property in JavaScript.
user_agent Optional string [1..1000]* User Agent used by the player (navigator.userAgent). If omitted the API reads the User-Agent header from the request instead.

Tracking ID persistence policy

The tracking_id field is populated with the tracking_id value previously returned by the API.

The tracking_id should be stored in a long-lived persistent storage mechanism (such as browser cookies) and provided to all subsequent requests to the ~/v3/api/auth/token endpoint. You must always use the latest version of the tracking_id returned by the API.

If no tracking_id is returned, then you must delete the existing id from the persistent storage and stop using it in all future requests to the API.

If the same tracking_id is returned, the expiration of the storage should not be extended.

The query URL parameter tg can be injected in the URL. If present, it should take precedence over any tracking_id you may have previously received and stored. This can be used by Mobile Apps.

Use Cases

Pseudo code: how set up tracking context

1. Set `tracking_id` to `tg` query URL parameter if present. 
Otherwise, set `tracking_id` to whatever value (if any) 
was stored from previous responses (probably as cookies).

2. Set `url` parameter with the URL of the site. If the URL
contains no query parameters, you may omit it. Typically 
this `url` is read from `window.location.href`.

3. Set `referrer` to the page which landed in the casino. 
This may be `document.referrer` unless you have internal 
redirections on your site.

4. Every time you use the API, update the stored value
of `tracking_id` with what was returned from the API.
If none was returned, delete it.

Here some of the major use cases to consider:

  1. A player lands on the casino site without any tracking parameters in the query string of the URL, and no tracking_id was persisted in the browser. In this case, no tracking data is to be sent to the ~/v3/api/auth/token endpoint.

  2. A player lands on the casino site, and the URL contains query URL parameters. In this case, a tracking object containing the url, and optionally the referrer parameters is constructed and passed to the ~/v3/api/auth/token endpoint.

  3. A tracking_id was previously returned by ~/v3/api/auth/token and persisted in the browser. In this case, a tracking object containing the tracking_id is passed to the ~/v3/api/auth/token endpoint.

  4. If you integrate with the Mobile Apps the tracking_id may be retrieved by the APp and injected into the query URL by appending a tg parameter to the menu URL. You should parse tg and populate tracking_id with the corresponding value.

Activation

{
  "activation": {
    "code": "8F88577B61D2DE940269B4AB99E1B351",
    "expiration": "2022-10-10T20:34:10Z",
    "brands": [ "MyCasino", "MyOtherCasino" ],
    "reset_password": {
      "href": "https://www.casino.com/forgotten_password?email=bob@example.com",
      "method": "GET"
    },
    "password_required": true
  }
}

An Activation object may be returned by some authentication and registration endpoints:

The Activation object is returned when a player attempts to create multiple accounts, using the same email address, on different brands belonging to the same brand group.

The returning activation code can be passed to the activation endpoint to activate the existing account with another brand that belong to the same brand group.

Property Required? Type Description
code Required string A random activation code.
expiration Required string Expiration date for the activation code.
It uses ISO 8601 format yyyy-mm-ddThh:mm:ssZ
brands Required array of strings List of brands with which the player already has an account.
No specific order. The array cannot be empty.
password_required Required boolean Indicates whether the activation endpoint requires the player’s password or not.
reset_password Required Link A link to the password forgotten recovery page.
Uses the first brand from the brands array.

Locales

Kore locale codes use IETF language tags specified in RFC 5645 and RFC 4647.

Currently only the following restricted values are accepted by the Kore API:

Code Description
en-US English as used in United States
en-ZA English as used in South Africa
fr-FR French as used in France
de-DE German as used in Germany
it-IT Italian as used in Italy
es-ES Spain as used in Spain
el-GR Modern Greek as used in Greece
da-DK Danish as used in Denmark
sv-SE Swedish as used in Sweden
nb-NO Norwegian Bokmål as used in Norway

Users

This endpoint can be used to retrieve links to resources that apply to all players, whether they are registered or not.

GET ~/v3/api/users

curl -X GET -H "Content-Type: application/json" \
   -H "X-Kore-ReturnUrl: http://www.example.com/" \
   -H "Authorization: Bearer {brand_token}" \
   "http://example.com/v3/api/users"

$.ajax({
  "url": "http://example.com/v3/api/users",
  "method": "GET",
  "headers": {
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {brand_token}"
  }
});

Response:

{
  "_actions": {
    "register": {
      "href": "https://example-webapps-saucify7.aristx.net/public/RegisterUser.aspx?ClientType=Web&Brand=example&Locale=en-US&ReturnUrl=http%3A%2F%2Fwww.google.com"
    },
    "reset_password": {
      "href": "https://example-webapps-saucify7.aristx.net/account/ForgottenPassword.aspx?ClientType=Web&Locale=en-US&Brand=example&ReturnUrl=http%3A%2F%2Fwww.google.com"
    }, 
    "help_chat": {
      "href": "https://example-webapps-saucify7.aristx.net/public/Chat.aspx?ReturnUrl=http%3A%2F%2Fwww.google.com&SkillGroup=support@example.com&Locale=en-US&Context=WebClient"
    }
  },
  "_links": {
    "register": {
      "href": "https://example.com/v3/api/users",
      "method": "POST"
    }
  }
}

HTTP Request

GET ~/v3/api/users

   
HTTP Method GET
Path ~/v3/api/users
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type brand_public_credentials or player_credentials

HTTP Response

This endpoint returns register and reset_password action links.

Property Required? Type Description
_actions Required LinkCollection User actions.
_links Optional LinkCollection Downloadable resources.

Actions

Action Required? Description
register Required Link to a web page where the registration process can occur.
reset_password Required Link to a web page where the user can reset a forgotten password.
help_chat Required Link to the chat page as a guest user. It is recommended you open this link in a new page.
Link Required? Description
register Mandatory Link to the registration API endpoint.
download_apk Optional Link to Android APK file. This includes affiliate tracking.
download_app_store Optional Link to iOS App Store. This includes affiliate tracking.

Create User Account

This endpoint can be used to create a new player and automatically log in as the player.

POST ~/v3/api/users

curl --request POST 'http://example.com/v3/api/users' \
--header 'X-Kore-ReturnUrl: http://www.example.com' \
--header 'Authorization: Bearer {brand_public_credentials_token}' \
--header 'Content-Type: application/json' \
--data-raw '{
  "user_type": "player",
  "affiliate_tag": "MyUserTag"

  "email": "bob@example.com",
  "password": "BatteryStappleHorse",
  "play_mode": "Real",
  "currency": "USD",
  "device_id": "W4TifY3XvBP2ZftnrKZo",

  "player_info": {
    "firstname": "Bob",
    "lastname": "Marley",
    "nickname": "Tuff Gong",
    "birth_date": "1945-02-06",

    "mobile_phone": "+1 1234 654987",
    "home_phone": "+1 1234 654987",
    "work_phone": "+1 1234 654987",
    "title": "Mr.",

    "address": {
      "first_line": "999 Sunse Blvd",
      "second_line": "Apt 23. Bldg B.",
      "city": "West Columbia",
      "zip_code": "29169",
      "state_code": "SC",
      "country_code": "US"
    }
  }
}'

var payload = {
  user_type: "player",
  affiliate_tag: "MyUserTag",

  email: "bob@example.com",
  password: "BatteryStappleHorse",
  play_mode: "Real",
  currency: "USD",
  device_id: "W4TifY3XvBP2ZftnrKZo",

  player_info: {
    firstname: "Bob",
    lastname: "Marley",
    nickname: "Tuff Gong",
    birth_date: "1945-02-06",

    mobile_phone: "+1 1234 654987",
    home_phone: "+1 1234 654987",
    work_phone: "+1 1234 654987",
    title: "Mr.",

    address: {
      first_line: "999 Sunse Blvd",
      second_line: "Apt 23. Bldg B.",
      city: "West Columbia",
      zip_code: "29169",
      state_code: "SC",
      country_code: "US"
    }
  }
}
$.ajax({
  "url": "http://example.com/v3/api/users",
  "method": "POST",
  "headers": {
    "X-Kore-ReturnUrl": "http://www.example.com/",
    "Authorization" : "Bearer {brand_public_credentials_token}",
    "Content-Type": "application/json"
  },
  "data": JSON.stringify(payload)
});

Fast track registration using code

curl --request POST 'http://example.com/v3/api/users' \
--header 'X-Kore-ReturnUrl: http://www.example.com' \
--header 'Authorization: Bearer {brand_public_credentials_token}' \
--header 'Content-Type: application/json' \
--data-raw '{
  "user_type": "player",
  "affiliate_tag": "MyUserTag"

  "email": "bob@example.com",
  "password": "BatteryStappleHorse",
  "play_mode": "Real",
  "device_id": "W4TifY3XvBP2ZftnrKZo",

   "fast_track_registration_code": "ftr8F88577B61D2DE940269B4AB99E1B351"
}'

var payload = {
  user_type: "player",
  affiliate_tag: "MyUserTag",

  email: "bob@example.com",
  password: "BatteryStappleHorse",
  play_mode: "Real",
  device_id: "W4TifY3XvBP2ZftnrKZo",

  fast_track_registration_code: "ftr8F88577B61D2DE940269B4AB99E1B351"
}
$.ajax({
  "url": "http://example.com/v3/api/users",
  "method": "POST",
  "headers": {
    "X-Kore-ReturnUrl": "http://www.example.com/",
    "Authorization" : "Bearer {brand_public_credentials_token}",
    "Content-Type": "application/json"
  },
  "data": JSON.stringify(payload)
});

HTTP Request

POST ~/v3/api/users

   
HTTP Method POST
Path ~/v3/api/users
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type brand_public_credentials or player_credentials

POST Parameters

The parameters must be sent as JSON.

Property Required? Type Max Size Description
user_type Mandatory String N/A Must be set to player.
email Mandatory String 254 The user’s email address as defined in section 3.4.1 of RFC-5322. Unicode characters are not supported. You must use Punycode encoding if necessary.
password Mandatory String 20 The password of the account. The minimum size is 8 characters.
play_mode Mandatory String N/A Either Real or Practice. This is used to perform the login if the registration is successful.
currency Mandatory† String 6 A valid currency code. The list can be retrieved from the GET ~/v3/api/currencies endpoint.
captcha Optional* CAPTCHA Token N/A The CAPTCHA token is usually not required unless a captcha_required error is returned and the CAPTCHA Status marks CAPTCHA tokens as mandatory.
player_info Mandatory† PlayerInfo N/A Object containing additional information about the player.
ip Optional String 15 IPv4 address of the client in numerical format x.x.x.x. If omitted the IP address of the connection to the API is used instead.
device_id Optional String 20 This value corresponds to the visitorId returned by the FingerprintJS Pro API.
Non fatal validation is used.
affiliate_tag Optional String 128 ASCII Only. Name of an affiliate tag to automatically apply to the player’s account. No longer needed; see comment below.
fast_track_
registration_code		 Optional† String 128 Special code returned by the email availability check endpoint. When the code is used, the currency, player_info, and nickname properties are optional. Any properties in the request overrides the ones from the code.
welcome Optional Welcome N/A Object containing additional information about the welcome pages.
Non fatal validation is used.

Player Info

Minimal player_info object

{
  "nickname": "ASCII_16_len_max"
}

Full player_info

{
  "firstname": "Scrooge",
  "lastname": "McDuck",
  "nickname": "Uncle Scrooge",
  "birth_date": "1947-12-15",

  "mobile_phone": "+44 7701 900 123",
  "home_phone": "+44 141 496 1010",
  "work_phone": "+44 141 496 9999",
  "title": "Mr.",

  "address": {
    "first_line": "McDuck Castle",
    "second_line": "Rannoch Station",
    "city": "Highland Perthshire",
    "zip_code": "PH17 2QA",
    "state_text": "Scotland",
    "country_code": "GB"
  },

  "identification": {
    "country": "ZA",
    "type": "Id",
    "number": "8801235111088"
    },
    "fund_source": "Pension"
}
Property Required? Type Max Size Description
nickname Optional String 16 The nickname of the player as shown in tournaments and competitions.
Not required for fast track registration.
firstname Optional String 50 The first name of the player.
lastname Optional String 50 The last name of the player.
title Optional String 50 The title of the player, which should prefix the name, such as Mr., Mrs., Ms.. It is up to the API client to decide which titles are appropriate.
birth_date Optional String N/A Date of birth of the player in yyyy-mm-dd format.
home_phone Optional String 50 Home telephone number in E.164 format.
work_phone Optional String 50 Work telephone number in E.164 format.
mobile_phone Optional‡ String 50 Mobile telephone number in E.164 format.
address Optional Address N/A The home address of the player.
identification Optional‡ Identification N/A The identification document number of the player.
fund_source Optional String 50 A valid Identification type.
Following are the string enums supported: Salary, SelfEmployed, Inheritance, Savings, InvestmentIncome, Pension.

Address

Valid state_code values for US

"AK", "AL", "AR", "AS", "AZ", "CA", "CO", "CT", "DC", "DE", 
"FL", "FM", "GA", "GU", "HI", "IA", "ID", "IL", "IN", "KS", 
"KY", "LA", "MA", "MD", "ME", "MH", "MI", "MN", "MO", "MP", 
"MS", "MT", "NC", "ND", "NE", "NH", "NJ", "NM", "NV", "NY", 
"OH", "OK", "OR", "PA", "PR", "PW", "RI", "SC", "SD", "TN", 
"TX", "UT", "VA", "VI", "VT", "WA", "WI", "WV", "WY"

Valid state_code values for AU

"ACT", "NSW", "NT", "QLD", "SA", "TAS", "VIC", "WA"

Valid state_code values for CA

"AB", "BC", "MB", "NB", "NL", "NS", "NT", "NU", 
"ON", "PE", "QC", "SK", "YT"

Valid state_code values for ZA

"EC",  "FS",  "GP",  "KZN",  "LP",  "MP",  "NC",  "NW",  "WC"
Property Required? Type Max Size Description
first_line Optional String 50 First line of the postal address.
second_line Optional String 50 Second line of the postal address.
city Optional String 50 Name of the town or city.
zip_code Optional String 50 ZIP Code or Post Code.
country_code Mandatory String 2 A valid ISO_3166-1_alpha-2 country code. Uppercase.
state_code Optional String 3 A valid state or province code. Uppercase. Only applies to US, CA, AU an ZA. The codes follow respectively the standards from USPS, Canada Post, Australia Post (see last page) and ISO_3166-2:ZA.
state_text Optional String 50 A textual description of the state or province. This field should be used for other countries than US, CA and AU, or for special cases where the normal state_code abbreviations cannot be used.

Identification

Valid SA ID for a person born on 1990-07-14 

{
    "country": "ZA",
    "type": "Id",
    "number": "9007141234084"
}

Valid Passport ID for a person 

{
    "country": "IN",
    "type": "Passport",
    "number": "L1558624"
}

Example of Follow response

{
  "_actions": {
    "follow": {
      "href": "https://webapps.example.com/public/UserActivation.aspx?ReturnUrl=http%3A%2F%2Fwww.example.com&ClientType=Web&Brand=CasinoBrand&Locale=en-US&Email=bob@example.com",
      "method": "GET"
    }
  },
  "activation": {
    "code": "8F88577B61D2DE940269B4AB99E1B351",
    "expiration": "2022-10-10T20:34:10Z",
    "brands": [
      "GrandEagle",
      "MandarinPalace",
      "TreasureMile"
    ],
    "reset_password": {
      "href": "https://GrandEaglecasino-webapps-saucify3.aristx.net/account/ForgottenPassword.aspx?ClientType=Web&Locale=en-US&Brand=GrandEagle&ReturnUrl=https%3A%2F%2Fdemo-kore3.aristx-external.net%2FLuckyCreek",
      "method": "GET"
    },
    "password_required": true
  }
}
Property Required? Type Max Size Description
country Mandatory String 2 A valid ISO_3166-1_alpha-2 country code. Uppercase.
For SA ID, Only ZA is currently supported. For Passport, all countries are allowed.
type Mandatory String 50 A valid Identification type.
Only Id and Passport are currently supported.
number Mandatory String 13 Identification number of the ID document.
Type ID is valid for only SA ID number following the South African specifications. Alternative documentation. If the document is Passport it must be in alphanumeric character with following regex: ^[A-Z0-9]{6,13}$

HTTP Responses

Example of Success response

{
  "registration_status": "Success",
  "auth": {
    "grant_type": "player_credentials",
    "tokens": [
      {
        "type": "Bearer",
        "expiration": "2020-11-19T18:00:12Z",
        "value": "CfDJ8A9gjaMNK1FDsBTJEa5WnXS/pAcE48Sr+UhE3wqGnL7o7LJdsU0LoPqzXBy1ayYB5SHpV5sHWMsdSr/4NlrnQS9MzEgP9T4abgSeJ6NV55Ux8pFY09GADdobZjJW1CcmzetKt9gREMJVjunXrLJ6eALyfO/W16ur27v59Eb7e2Wu3BajGWDmrhilZltx3jFnipoWp0oP1jlskm4aniZnP6azK+uvUbUReZiEyzS7tElMycB9u0qLVN0TYPb3f8vwX2NYGYTuC2fj/JgiufBmzQyvMzuhPgWi9i6DHGtNgFREo2yS/jn3nwYnF+A0lTpnaSsxMHv1KVfEV8KN47NlHh0t2y7q1gjIvRv6lXRmZ3rXHrTiH51sMLSVNmbSqZsj/ktApHVKlstyCMV4WiMVUsLcbTDXQeNy89En99gJNmMY7ut5D8M/1iTJ7M2E0Pi16TypeI+NTQjvhg//kS4I4PneumKHUFhZzbO7XETi0u5oRap4sgJ+YBEjPYsUq7AEONct3Bai4SQMwkZvj9CpkXVyCyppix4BSiKlTX6vKlZl+jiYyykCXQKvHyD5KNC36Q=="
      }
    ],
    "_links": {
      "user": {
        "href": "https://example.com/v3/api/users/MzU3aXZQakV5Z2Q3WnRIZ285dW9hOWRrbG4vbk5RPT0.",
        "method": "GET"
      },
      "logout": {
        "href": "https://example.com/v3/api/auth/player_credentials",
        "method": "DELETE"
      }
    },
    "locale": "en-US"
  }
}

Example of MobilePhoneVerificationRequired response

{
  "registration_status": "MobilePhoneVerificationRequired",
  "auth": {
    "grant_type": "player_verification_credentials",
    "tokens": [
      {
        "type": "Bearer",
        "expiration": "2024-03-07T09:37:11Z",
        "value": "CfDJ8FheFtoFfxRIrg3qiACFurFtsmiA4vu1tfmJmBOWgIoikbFt52rk6RFvNulR5Hmbz5v5kVJyAYt4m0cp592uQYkXZ1LPt3DmJg+Bs4ttxWjr6D+kGocmV412LaPdWTCBBp57jLXjgYvRbKKD+n19rhh3BrNU6IA9t5HY4RCgrs/sCv5D4BcC3aeFekDprXKaYGe5oMOw8J/6lf/TZ3wX6m3RmkqZxAFWmfg59EECEKB4nBuCrqm2fvD3xjzi3O73SRcon8LRbUwM/Nys+RwKTSsdPtAxlTI7Z0KAmjbtz66q0eyX/M585d7ojKnSZPKyXgmnrMS0pIJ3bN4HVj7jG7u+vKdFRC6af7DTLT1xAsLRutYQMUCjTmHEYk6rmHnCYSAXgsjiuHYI/WWizntN9551O6+n/tSqx7Vg7XDrX6NtTj8bS8jzX40LNcNguMVoGeXqBrqg2V5ZDrThH/55DaaKS9YVP0TQCZ0Cu9VuAjQmCdq+lWEq6uaUkJoIb9wKlnkCvs9F9m1AvsubfRGdJWPAQq9dr2E66712QTJD0NkILwmaqm3JmaF5C35QZbuH0OP/+mWCTRVLACvsquZ2MiU="
      }
    ],
    "tracking_id": "37e22704-39c5-4662-a4a6-48c0f15a3437",
    "_links": {
      "verification": {
        "href": "https://example.com/v3/api/users/ZjJDdW1hTjY4UFRJamw2N1E0YWhEQ1hTMVJCQ0x3PT0./verification",
        "method": "POST"
      },
      "verification_retry": {
        "href": "https://example.com/v3/api/users/ZjJDdW1hTjY4UFRJamw2N1E0YWhEQ1hTMVJCQ0x3PT0./verification/retry",
        "method": "POST"
      }
    },
    "locale": "en-US",
    "email": "bob@example.com",
    "registration_status": "HardSmsVerificationRequired"
  }
}

Example of MissingPlayerInfo response

{
  "registration_status": "MissingPlayerInfo",
  "auth": {
    "grant_type": "extra_player_info",
    "missing_player_info": ["Address"],
    "locale": "en-US"    
    "tokens": [
      {
        "type": "Bearer",
        "expiration": "2020-11-19T18:00:12Z",
        "value": "CfDJ8A9gjaMNK1FDsBTJEa5WnXS/pAcE48Sr+UhE3wqGnL7o7LJdsU0LoPqzXBy1ayYB5SHpV5sHWMsdSr/4NlrnQS9MzEgP9T4abgSeJ6NV55Ux8pFY09GADdobZjJW1CcmzetKt9gREMJVjunXrLJ6eALyfO/W16ur27v59Eb7e2Wu3BajGWDmrhilZltx3jFnipoWp0oP1jlskm4aniZnP6azK+uvUbUReZiEyzS7tElMycB9u0qLVN0TYPb3f8vwX2NYGYTuC2fj/JgiufBmzQyvMzuhPgWi9i6DHGtNgFREo2yS/jn3nwYnF+A0lTpnaSsxMHv1KVfEV8KN47NlHh0t2y7q1gjIvRv6lXRmZ3rXHrTiH51sMLSVNmbSqZsj/ktApHVKlstyCMV4WiMVUsLcbTDXQeNy89En99gJNmMY7ut5D8M/1iTJ7M2E0Pi16TypeI+NTQjvhg//kS4I4PneumKHUFhZzbO7XETi0u5oRap4sgJ+YBEjPYsUq7AEONct3Bai4SQMwkZvj9CpkXVyCyppix4BSiKlTX6vKlZl+jiYyykCXQKvHyD5KNC36Q=="
      }
    ],
    "_links": {
      "amend_user": {
        "href": "https://example.com/v3/api/users/MzU3aXZQakV5Z2Q3WnRIZ285dW9hOWRrbG4vbk5RPT0.",
        "method": "PATCH"
      }
    }
  }
}

There are two types of responses possible from the API:

Property Required? Type Description
_actions Required LinkCollection A link collection containing a follow action.
activation Optional Activation object The activation object may be returned along side some follow actions.
Property Required? Type Description
registration_status Mandatory String The values may be Success, AccountUnderReview, MissingPlayerInfo, EmailVerificationRequired or HardSmsVerificationRequired.
auth Optional PlayerTokenResponse The same object that is returned from the login endpoint.
errors Optional Array of errors Returned if a non fatal error has occurred.

Check Email Availability

This endpoint is used to check the availability of an email address.

It is typically used in conjunction with the create user account endpoint.

POST ~/v3/api/users/emailcheck

curl --request POST 'http://example.com/v3/api/users/emailcheck' \
--header 'X-Kore-ReturnUrl: http://www.example.com' \
--header 'Authorization: Bearer {brand_public_credentials_token}' \
--header 'Content-Type: application/json' \
--data-raw '{
  "mode": "simple_check",
  "email": "bob@example.com",
}'

var payload = {
  email: "bob@example.com",
  mode: "simple_check"
}
$.ajax({
  "url": "http://example.com/v3/api/users/emailcheck",
  "method": "POST",
  "headers": {
    "X-Kore-ReturnUrl": "http://www.example.com/",
    "Authorization" : "Bearer {brand_public_credentials_token}",
    "Content-Type": "application/json"
  },
  "data": JSON.stringify(payload)
});

HTTP Request

POST ~/v3/api/users/emailcheck

   
HTTP Method POST
Path ~/v3/api/users/emailcheck
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type brand_public_credentials or player_credentials
Rate Limits 20 requests per minute; 100 requests per 10 minutes; 300 requests per hour

POST Parameters

The parameters must be sent as JSON.

Property Required? Type Max Size Description
mode Optional* String N/A Either simple_check, fast_track_registration or campaign_list_check. If it is not provided, it defaults to simple_check.
email Mandatory String 254 The user’s email address as defined in section 3.4.1 of RFC-5322. Unicode characters are not supported. You must use Punycode encoding if necessary.
captcha Optional* CAPCHA Token N/A The CAPTCHA token. This is only required when the API is under attack.
campaign_id Optional* Number N/A A positive integer greater than zero that identifies the campaign list to check against. This is required if mode is campaign_list_check.

HTTP Responses

Example of simple response with available offer

{
  "status": "not_available",
  "available_offers": [ 
    { "offer_code": "75free" }
  ],
  "claimed_offers": [
    { "offer_code": "50free", "claim_date": "2022-10-10T20:34:10Z" }  
  ]
}

Example of activation response

{
  "status": "activate",
  "activation": {
    "code": "8F88577B61D2DE940269B4AB99E1B351",
    "expiration": "2022-10-10T20:34:10Z",
    "brands": [
      "GrandEagle",
      "MandarinPalace",
      "TreasureMile"
    ],
    "reset_password": {
      "href": "https://GrandEaglecasino-webapps-saucify3.aristx.net/account/ForgottenPassword.aspx?ClientType=Web&Locale=en-US&Brand=GrandEagle&ReturnUrl=https%3A%2F%2Fdemo-kore3.aristx-external.net%2FLuckyCreek",
      "method": "GET"
    },
    "password_required": true
  }
}

Example of fast_track_registration response

{
  "status": "fast_track_registration",
  "fast_track_registration": {
    "code": "ftr8F88577B61D2DE940269B4AB99E1B351",
    "expiration": "2022-10-10T20:34:10Z"
  },
  "available_offers": [ 
    { "offer_code": "75free" }
  ]
}

In case of success, the response indicates whether the email address is available or not. This endpoint may also return an Activation object if the player account exists with another brand from the same brand group.

Property Required? Type Description
status Required string Either not_available, available, activate or fast_track_registration. If campaign check mode is used, then not-eligible is returned rather than available and eligible replaces not-available.
available_offers Optional Array of Offers The endpoint returns either nothing or an empty array when no offers are available. Otherwise it returns an array of available cash offers.
claimed_offers Optional Array of Claimed Offers The list of cash offers claimed by the player in no specific order. Claimed offers ephemeral and may be removed in the future. When no offers have been claimed the array may be omitted or may be empty.
activation Optional* Activation object The activation object is only returned if the status is set to activate.
fast_track_registration Optional* Fast Track Registration object The fast track registration info. This is only returned if mode was set to fast_track_registration.

Offer

Property Required? Type Description
offer_code Required string An internal identifier specific to the cash offer.

Fast Track Registration Object

Property Required? Type Description
code Required string The returned code can be used for player registration.
expiration Required string Expiration date for the registration code.
It uses ISO 8601 format yyyy-mm-ddThh:mm:ssZ and set to UTC time zone.

Get User Information

This endpoint can be used to retrieve information that applies to the currently logged in player.

The following information can be retrieved:

GET ~/v3/api/users/{user_id}

curl -X GET -H "Content-Type: application/json" \
   -H "X-Kore-ReturnUrl: http://www.example.com/" \
   -H "Authorization: Bearer {player_token}" \
   "http://example.com/v3/api/users/{user_id}"

$.ajax({
  "url": "http://example.com/v3/api/users/{user_id}",
  "method": "GET",
  "headers": {
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {player_token}"
  }
});

HTTP Request

GET ~/v3/api/users/{user_id}

   
HTTP Method GET
Path ~/v3/api/users/{user_id}
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials

HTTP Response

Response:

{
  "balance": {
    "currency": "XXX",  
    "amount" : 71820,
    "exponent" : 2
  },
  "email": "bob@bob.com", 
  "firstname": "Bob",
  "lastname": "The Builder",
  "user_token": "cUrZ7y94jP78S1RR9CeFNgp9zAce5A==",
  "nickname": "Bob The Builder",
  "locale": "en-US",
  "play_mode": "Practice",
  "birth_date": "1984-01-01",
  "registration_date": "2014-01-09T12:16:17Z",
  "profile": "Unverified",
  "has_deposited": true,
  "verification_status": {
    "email": "Unverified", 
    "mobile_phone": "Verified"
  },
  "claimed_offers": [
    { 
      "offer_code": "75free", 
      "claim_date": "2022-10-18T08:56:00Z" 
    }
  ],
  "_actions": {
    "account_details": { "href": "http://www.example.com/account_details" },
    "account_playback": { "href": "http://www.example.com/account_playback" },
    "account_change_password": { "href": "http://www.example.com/account_change_password" },
    "account_competitions": { "href": "http://www.example.com/account_competitions" },
    "cashier_deposit": { "href": "http://www.example.com/cashier_deposit" },
    "cashier_withdrawal": { "href": "http://www.example.com/cashier_withdrawal" }
  },
  "_links": {
    "statistics": { "href": "http://www.example.com/v3/api/users/{userid}/stats" },
    "email_status": { "href": "http://www.example.com/v3/api/users/{userid}/email_status" },
    "tags": { "href": "http://www.example.com/v3/api/users/{userid}/tags" },
    "custom": { "href": "http://www.example.com/v3/api/users/{userid}/custom" }, 
    "verification" :{"href": "http://www.example.com/v3/api/users/{userid}/verification"},
    "verification_retry" :{"href": "http://www.example.com/v3/api/users/{userid}/verification/retry"},
    "player_day" :{"href": "http://www.example.com/v3/api/users/{userid}/player_day"}
  }
}
Property Required? Type Description
balance Required Money Balance of the user. When play_mode is Practice this is the sum of bonus and cash balances.
cash_balance Optional Money Cash balance of the user. Only available when play_mode is Real.
bonus_balance Optional Money Bonus balance of the user. Only available when play_mode is Real.
email Required String User’s email.
firstname Optional* String User’s first name.
lastname Optional* String User’s last name.
user_token Required String The user_token is a string composed of 32 ASCII characters that provides a unique and immutable identifier for the player. The user_token is not shared across brands.
nickname Required String User’s nickname.
locale Required String Locale used to log in.
loyalty Optional Loyalty Loyalty object. Only available when play_mode is Real and the player is a member of a loyalty scheme.
play_mode Required String User’s play_mode. Either Practice or Real.
birth_date Optional* String Birth date of the user (yyyy-mm-dd).
profile Required String User’s profile type. Can be EuroUnverified,LowRoller, Restricted, Test, Unverified, Verified or VIP.
verification_status Required VerificationStatus Provide information about whether the mobile phone and the email address of the player have been verified.
registration_date Required String Date of registration as an ISO 8601 UTC Date (yyyy-mm-ddThh:mm:ssZ).
has_deposited Required Boolean true if the player has made at least one deposit since the account was created. Deposits for other brands in the same brand group are not considered.
claimed_offers Optional Array of Claimed Offers The list of cash offers claimed by the player in no specific order. Claimed offers ephemeral and may be removed in the future. When no offers have been claimed the array may be omitted or may be empty.
_actions Required LinkCollection Collection of available actions for the player.
_links Required LinkCollection Collection of API links for the player.

Claimed Offer

Action Required? Type Description
offer_code Required string An internal identifier specific to the cash offer.
claim_date Required string ISO 8601 UTC timestamp in format yyyy-mm-ddThh:mm:ssZ. This is the date when the offer was last claimed.
Action Required? Description
statistics Required Link to ~/v3/api/users/{userid}/stats which provides access to player’s statistics.
email_status Required Link to ~/v3/api/users/{userid}/email_status which provides access to player’s email delivery status.
tags Required Link to ~/v3/api/users/{userid}/tags to access player’s tags. Please note the categories query parameter must be added.
custom Required Link to ~/v3/api/users/{userid}/custom to access player’s custom information.
verification Required Link to ~/v3/api/users/{userid}/verification to enter a SMS verification code received by the player on a mobile phone.
verification_retry Required Link to ~/v3/api/users/{userid}/verification/retry to request for an SMS verification code to be sent to the player.
player_day Required Link to ~/v3/api/users/{userid}/player_day to access player’s bets and deposit information. Please note the date query parameter must be added.

Actions

Example of available Actions for a user using Real money mode.

  "_actions": {
    "account_details": {
      "href": "http://www.example.com/public/AutomatedWebLogin.aspx?App=UserAccount&ClientType=Web&Brand=JumbaBet&Locale=en-US&Section=UserDetails&Login=bob@example.com&PlayMode=Real&SessionID=usUDL%2FTkTmG0jfnYZtLBxoD1sarH1NuqeUon01mWWMg%3D&UserToken=g93ALDTNj5VBKJdzdixWSjUYoASv8Q%3D%3D&ReturnUrl=http%3A%2F%2Fwww.google.com"
    },
    "account_playback": {
      "href": "http://www.example.com/public/AutomatedWebLogin.aspx?App=UserAccount&ClientType=Web&Brand=JumbaBet&Locale=en-US&Section=Playback&Login=bob@example.com&PlayMode=Real&SessionID=usUDL%2FTkTmG0jfnYZtLBxoD1sarH1NuqeUon01mWWMg%3D&UserToken=g93ALDTNj5VBKJdzdixWSjUYoASv8Q%3D%3D&ReturnUrl=http%3A%2F%2Fwww.google.com"
    },
    "account_change_password": {
      "href": "http://www.example.com/public/AutomatedWebLogin.aspx?App=UserAccount&ClientType=Web&Brand=JumbaBet&Locale=en-US&Section=ChangePassword&Login=bob@example.com&PlayMode=Real&SessionID=usUDL%2FTkTmG0jfnYZtLBxoD1sarH1NuqeUon01mWWMg%3D&UserToken=g93ALDTNj5VBKJdzdixWSjUYoASv8Q%3D%3D&ReturnUrl=http%3A%2F%2Fwww.google.com"
    },
    "account_competitions": {
      "href": "http://www.example.com/public/AutomatedWebLogin.aspx?App=UserAccount&ClientType=Web&Brand=JumbaBet&Locale=en-US&Section=Competitions&Login=bob@example.com&PlayMode=Real&SessionID=usUDL%2FTkTmG0jfnYZtLBxoD1sarH1NuqeUon01mWWMg%3D&UserToken=g93ALDTNj5VBKJdzdixWSjUYoASv8Q%3D%3D&ReturnUrl=http%3A%2F%2Fwww.google.com"
    },
    "cashier_deposit": {
      "href": "http://www.example.com/public/AutomatedWebLogin.aspx?App=Cashier&ClientType=Web&Brand=JumbaBet&Locale=en-US&Section=Deposit&Login=bob@example.com&PlayMode=Real&SessionID=usUDL%2FTkTmG0jfnYZtLBxoD1sarH1NuqeUon01mWWMg%3D&UserToken=g93ALDTNj5VBKJdzdixWSjUYoASv8Q%3D%3D&ReturnUrl=http%3A%2F%2Fwww.google.com"
    },
    "cashier_withdrawal": {
      "href": "http://www.example.com/public/AutomatedWebLogin.aspx?App=Cashier&ClientType=Web&Brand=JumbaBet&Locale=en-US&Section=Withdrawal&Login=bob@example.com&PlayMode=Real&SessionID=usUDL%2FTkTmG0jfnYZtLBxoD1sarH1NuqeUon01mWWMg%3D&UserToken=g93ALDTNj5VBKJdzdixWSjUYoASv8Q%3D%3D&ReturnUrl=http%3A%2F%2Fwww.google.com"
    },
    "cashier_withdrawal_reverse": {
      "href": "http://www.example.com/public/AutomatedWebLogin.aspx?App=Cashier&ClientType=Web&Brand=JumbaBet&Locale=en-US&Section=WithdrawalReverse&Login=bob@example.com&PlayMode=Real&SessionID=usUDL%2FTkTmG0jfnYZtLBxoD1sarH1NuqeUon01mWWMg%3D&UserToken=g93ALDTNj5VBKJdzdixWSjUYoASv8Q%3D%3D&ReturnUrl=http%3A%2F%2Fwww.google.com"
    },
    "cashier_bonus": {
      "href": "http://www.example.com/public/AutomatedWebLogin.aspx?App=Cashier&ClientType=Web&Brand=JumbaBet&Locale=en-US&Section=Bonus&Login=bob@example.com&PlayMode=Real&SessionID=usUDL%2FTkTmG0jfnYZtLBxoD1sarH1NuqeUon01mWWMg%3D&UserToken=g93ALDTNj5VBKJdzdixWSjUYoASv8Q%3D%3D&ReturnUrl=http%3A%2F%2Fwww.google.com"
    },
    "cashier_loyalty": {
      "href": "http://www.example.com/public/AutomatedWebLogin.aspx?App=Cashier&ClientType=Web&Brand=JumbaBet&Locale=en-US&Section=Loyalty&Login=bob@example.com&PlayMode=Real&SessionID=usUDL%2FTkTmG0jfnYZtLBxoD1sarH1NuqeUon01mWWMg%3D&UserToken=g93ALDTNj5VBKJdzdixWSjUYoASv8Q%3D%3D&ReturnUrl=http%3A%2F%2Fwww.google.com"
    },
    "cashier_statement": {
      "href": "http://www.example.com/public/AutomatedWebLogin.aspx?App=Cashier&ClientType=Web&Brand=JumbaBet&Locale=en-US&Section=Statement&Login=bob@example.com&PlayMode=Real&SessionID=usUDL%2FTkTmG0jfnYZtLBxoD1sarH1NuqeUon01mWWMg%3D&UserToken=g93ALDTNj5VBKJdzdixWSjUYoASv8Q%3D%3D&ReturnUrl=http%3A%2F%2Fwww.google.com"
    },
    "cashier_transfer": {
      "href": "http://www.example.com/public/AutomatedWebLogin.aspx?App=Cashier&ClientType=Web&Brand=JumbaBet&Locale=en-US&Section=Transfer&Login=bob@example.com&PlayMode=Real&SessionID=usUDL%2FTkTmG0jfnYZtLBxoD1sarH1NuqeUon01mWWMg%3D&UserToken=g93ALDTNj5VBKJdzdixWSjUYoASv8Q%3D%3D&ReturnUrl=http%3A%2F%2Fwww.google.com"
    },
    "help_chat": {
      "href": "https://www.example.com/public/Chat.aspx?SessionID=3TeX571JeERiIB7uSFkOv7s4s2vaIMWppw9q9l5fgH0%3D&UserToken=g93ALDTNj5VBKJdzdixWSjUYoASv8Q%3D%3D&ReturnUrl=http%3A%2F%2Fwww.google.com&SkillGroup=support@example.com&Locale=en-US&Context=WebClient"
    }
  }

Some actions are only available in Real money mode, i.e. when the play_mode parameter passed to the ~/v3/api/auth/token endpoint is set to Real.

Action Required? Description
account_details Required Link to the page where the user can edit name and address details.
account_playback Required Link to the playback page, to see previously played game rounds.
account_change_password Required Link to page to change the password.
account_competitions Required Link to page about current competitions.
cashier_deposit Required Link to the page to do deposits. In practice mode this link is for depositing practice funds only.
cashier_withdrawal Required Link to the page to withdraw money. In practice mode this link is for withdrawing practice funds only.
help_chat Required Link to the chat page as a logged-in user. It is recommended you open this link in a new page.
cashier_withdrawal_reverse Optional Real play mode only. Link to the page used to reverse pending withdrawals.
cashier_bonus Optional Real play mode only. Link to a page to review active or pending bonuses or claim new ones.
cashier_loyalty Optional Real play mode only. Link to the loyalty program page.
cashier_statement Optional Real play mode only. Link to the page listing all transactions.
cashier_transfer Optional Real play mode only. Link to the page used to transfer funs between casinos from the same group.

Get User Statistics

This endpoint can be used to retrieve different types of user statistics.

The following information can be retrieved:

HTTP Request

GET ~/v3/api/users/{user_id}/stats

curl -X GET -H "Content-Type: application/json" \
   -H "X-Kore-ReturnUrl: http://www.example.com/" \
   -H "Authorization: Bearer {player_token}" \
   "http://example.com/v3/api/users/{user_id}/stats"

$.ajax({
  "url": "http://example.com/v3/api/users/{user_id}/stats",
  "method": "GET",
  "headers": {
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {player_token}"
  }
});

GET ~/v3/api/users/{user_id}/stats

   
HTTP Method GET
Path ~/v3/api/users/{user_id}/stats
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials

HTTP Response

Response:

{
  "highest_win": {
    "payout": {
      "currency": "USD",
      "amount": 11750,
      "exponent": 2
    },
    "game": {
      "provider": "saucify",
      "slug": "spartians-video-slot",
      "name": "Spartians",
      "locale": "en-US",
      "category": "videoslots",
      "platform": "html",
      "attributes": {
        "lines": "30",
        "free_spins": "true"
      },
      "_actions": {
        "play": {
          "href": "http://www.example.com/play?token=...",
          "method": "GET"
        }
      },
      "_links": {
        "_self": {
          "href": "http://www.example.com/v3/api/games/Html/SpartiansVideoSlot",
          "method": "GET"
        }
      }
    }
  },
  "tournaments": [
    {
      "win_amount": {
        "currency": "USD",
        "amount": 15000,
        "exponent": 2
      },
      "name": "Fun Tournament 2",
      "rank": 1,
      "end_date": "2019-03-26T15:54:04Z",
      "start_date": "2019-03-26T15:48:55Z"
    },
    {
      "name": "Fun Tournament",
      "rank": 2,
      "end_date": "2019-03-26T15:40:26Z",
      "start_date": "2019-03-26T15:35:18Z"
    }
  ],
  "competitions": [
    {
      "name": "Fun Competition",
      "rank": 2,
      "end_date": "2019-03-26T16:15:00Z",
      "start_date": "2019-03-26T16:07:00Z"
    }
  ]
}
Property Required? Type Description
highest_win Optional HighestWin Highest ever win for the player. Omitted for new players that have not yet won anything.
tournaments Required Array of TournamentStats List of tournament statistics. The array may be empty or contain at most the statistics for the last 10 completed tournaments in descending chronological order.
competitions Required Array of CompetitionStats List of competition statistics. The array may be empty or contain at most the statistics for the last 10 completed competitions in descending chronological order.

Get Email Delivery Status

HTTP Request

curl -X GET -H "Content-Type: application/json" \
   -H "X-Kore-ReturnUrl: http://www.example.com/" \
   -H "Authorization: Bearer {player_token}" \
   "http://example.com/v3/api/users/{user_id}/email_status"

$.ajax({
  "url": "http://example.com/v3/api/users/{user_id}/email_status",
  "method": "GET",
  "headers": {
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {player_token}"
  }
});

GET ~/v3/api/users/{user_id}/email_status

   
HTTP Method GET
Path ~/v3/api/users/{user_id}/email_status
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials

HTTP Response

Response:

{
  "email_status": {
    "is_casino_subscribed": true,
    "is_group_subscribed": false,
    "is_blocked": true,
    "blocked_until": "2019-02-20T16:55:12Z",
    "last_sent": "2019-02-20T12:55:12Z",
    "last_tracked": "2019-02-15T12:45:42Z"
  }
}
Property Required? Type Description
is_blocked Required boolean Indicate that the player’s email is currently blocked. Emails get blocked when the player’s receiving email server bounces an email.
is_casino_subscribed Required boolean Indicate whether the player is subscribed to receive promotional emails from the casino. Players can unsubscribed using links provided in emails. They can also be unsubscribed by the operator using back office tools.
is_group_subscribed Required boolean Indicate whether the player is subscribed to receive promotional emails from the brand group. Players can unsubscribed using links provided in emails. They can also be unsubscribed by the operator using back office tools.
blocked_until Optional string Date and time until the system shall attempt to send emails to the player again. It uses ISO 8601 format (yyyy-mmddThh:mm:ssZ). A year value of 9999 indicates that the player’s email address has been permanently blocked. The blocked_until property is present only if is_blocked is set to true.
last_sent Optional string Date and time of the last email sent by the system (but not necessarily received or opened). It uses ISO 8601 format (yyyy-mm-ddThh:mm:ssZ).
last_tracked Optional string Date and time of the last email opened by the player using ISO 8601 format (yyyy-mm-ddThh:mm:ssZ). If last_tracked is absent the email may have been received with an email client that prevents tracking.

Get User Tags

This endpoint retrieves the list of tags associated to the player’s account.

HTTP Request

curl -X GET -H "Content-Type: application/json" \
   -H "X-Kore-ReturnUrl: http://www.example.com/" \
   -H "Authorization: Bearer {player_token}" \
   "http://example.com/v3/api/users/{user_id}/tags?categories={cat1},{cat2}"

$.ajax({
  "url": "http://example.com/v3/api/users/{user_id}/tags?categories={cat1},{cat2}",
  "method": "GET",
  "headers": {
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {player_token}"
  }
});

GET ~/v3/api/users/{user_id}/tags?categories={cat1},{cat2}

   
HTTP Method GET
Path ~/v3/api/users/{user_id}/tags?categories={cat1},{cat2}
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials

Query Parameters

Property Required? Type Description
categories Required string Comma separated list of Tag Categories. Cannot be empty.

Example of query 

?categories=PlayerRanking,FlowTask,DepositProcessorType,LoyaltyTier,BrandGroup

The list of all Tag Categories is: PlayerRanking, CampaignTracker, InviteList, Internal, FlowTask, Branding, InviteSource, DepositProcessorType, LoyaltyTier, BrandGroup, Promotions, AffiliateProgram, BrandPlayerProfile, RevenueCampaign, UserSettings, CampaignTags, Affiliate

Response:

{
  "tags": [
    {
      "name": "BrandGroup_Thrills",
      "category": "BrandGroup"
    },
    {
      "name": "CryptoThrillsCasino_Unverified",
      "category": "Branding"
    },
    {
      "name": "DepositAllowed",
      "category": "DepositProcessorType"
    },
    {
      "name": "DepositEnabled",
      "category": "DepositProcessorType"
    },
    {
      "name": "DepositTrusted",
      "category": "DepositProcessorType"
    },
    {
      "name": "ThrillsNovice",
      "category": "LoyaltyTier"
    }
  ]
}

HTTP Response

Property Required? Type Description
tags Required Array of UserTag The array may be empty if no tags are associated to the player. There are no guarantees about the order.

The UserTag object is defined as follows

Property Required? Type Description
name Required string The name of the tag.
category Required string The category of the tag. This must be one of the categories provided in the request.

Get Custom User Info

This endpoint executes an operator defined dbo.pGetUserCustomInfo stored procedure and serializes the response as JSON.

HTTP Request

curl -X GET -H "Content-Type: application/json" \
   -H "X-Kore-ReturnUrl: http://www.example.com/" \
   -H "Authorization: Bearer {player_token}" \
   "http://example.com/v3/api/users/{user_id}/custom"

$.ajax({
  "url": "http://example.com/v3/api/users/{user_id}/custom",
  "method": "GET",
  "headers": {
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {player_token}"
  }
});

GET ~/v3/api/users/{user_id}/custom

   
HTTP Method GET
Path ~/v3/api/users/{user_id}/custom
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials

Example of stored procedure

CREATE PROCEDURE dbo.pGetUserCustomInfo
    @UserToken  CHAR(32)
AS

SELECT so.SignOnID, so.Nickname, so.UpdatedDate, so.IsLocked
FROM tUser u
INNER JOIN tSignOn so ON so.SignOnID = u.SignOnID
WHERE Token = @UserToken

GO
GRANT EXECUTE ON dbo.pGetUserCustomInfo TO KoreServer;

Stored Procedure Requirements

The stored procedure shall be named dbo.pGetUserCustomInfo. It can return any arbitrary information as long as it meets the following requirements:

Typically, we expect the stored procedure to return a single row that matches the {user-id} provided in the request. Nevertheless, the Kore API also supports result sets with multiple rows.

Response:

{
    "result": [
        {
            "sign_on_id": 4565,
            "nickname": "bob",
            "updated_date": "2018-12-31T15:48:47.757",
            "is_locked": false
        }
    ]
}

HTTP Response

Property Required? Type Description
result Required Array of JSON Objects Rows returned by pGetUserCustomInfo

The result array contains the same rows returned by the pGetUserCustomInfo stored procedure, in the same order. It may be empty if the stored procedure does not return anything.

Each row in the result set is serialized, in order, as an individual JSON object. The properties of the JSON object are derived from the column names but transformed to abide to the snake_case naming convention.

SQL Column Name (SELECT) JSON Property Name
UserID user_id
ThirdPartyID third_party_id
Nickname nickname
Mixed_Case mixed_case

Most SQL data types are supported and serialized as follows:

SQL Type JSON Type
bit boolean
Any other numeric types (int, tinyint, decimal, float, etc…) number
String Types (char, text, nchar, etc…) string
XML string
time string using hh:mm:ss.ssss or hh:mm:ss format
date, datetimeoffset, datetime2, smalldatetime, datetime string using ISO 8601 format (see comments)
binary, varbinary string using Base64 encoding
Any other types Unsupported – Do not use

Get Player Day

This endpoint retrieves bet details and deposit information for the player’s account since a given date.

HTTP Request

curl -X GET -H "Content-Type: application/json" \   
   -H "X-Kore-ReturnUrl: http://www.example.com/" \
   -H "Authorization: Bearer {player_token}" \
   "http://example.com/v3/api/users/{user_id}/player_day?date={start_date}"

$.ajax({
  "url": "http://example.com/v3/api/users/{user_id}/player_day?date={start_date}",
  "method": "GET",
  "headers": {    
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {player_token}"
  }
});

GET ~/v3/api/users/{user_id}/player_day?date={start_date}

   
HTTP Method GET
Path ~/v3/api/users/{user_id}/player_day?date={start_date}
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials

Query Parameters

Property Required? Type Description
date Required String UTC Date of the player day start date to access in yyyy-mm-dd format.

Example of query 

?date=2023-01-01

Response:

{
    "cash_bet_total_usd": {
        "currency": "USD",
        "decimal_amount": 123.700000000
    },
    "deposit_count": 1,
    "deposit_total_usd": {
        "currency": "USD",
        "decimal_amount": 500.0000000000
    }
}

HTTP Response

Property Required? Type Description
cash_bet_total_usd Required DecimalMoney Total cash bet in USD that the player has done since the provided date.
deposit_count Required Number Positive integer. Number of deposits that the player has done since the provided date.
deposit_total_usd Required DecimalMoney Total deposit in USD that the player has done since the provided date.

Change Password

This endpoints is used to change the password for user.

HTTP Request

PUT ~/v3/api/users/{user_id}/password

curl -X PUT -H "Content-Type: application/json"        \
  -H "X-Kore-ReturnUrl: http://www.example.com/" -d '{  \
  "password": "12345678"             \
}' "http://example.com/v3/api/users/{user_id}/password"

var payload = {
    "password": "12345678" 
};
$.ajax({
  "url": "http://example.com/v3/api/users/{user_id}/password",
  "method": "PUT",
  "headers": {
    "content-type": "application/json",
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {player_token}"
  },  
  "data": JSON.stringify(payload)
});

PUT ~/v3/api/users/{user_id}/password

   
HTTP Method PUT
Path ~/v3/api/users/{user_id}/password
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_change_password
Errors (non exhaustive) invalid_request, password_reuse_forbidden

PUT Parameters

The parameters must be sent as JSON.

Property Required? Type Description
password Required String New password provided by player and it must be between 8 and 20 characters long.

Response with player_credentials outcome

{
    "auth": {
        "grant_type": "player_credentials",
        "tokens": [
            {
                "type": "Bearer",
                "expiration": "2024-02-08T10:18:14Z",
                "value": "CfDJ8GDLBmp..."
            }
        ],
        "tracking_id": "3f9905b7-9...",
        "_links": {
            "user": {
                "href": "http://example.com/v3/api/users/{user_id}",
                "method": "GET"
            },
            "logout": {
                "href": "http://example.com/v3/api/auth/player_credentials",
                "method": "DELETE"
            }
        },
        "locale": "en-US",
        "email": "bob@example.com"
    }
}

HTTP Response

The returned response returns a password_change_status property set to Success.

In case of errors, an error response is returned instead.

Property Required? Type Description
password_change_status Required String Success
auth Required* PlayerTokenResponse The same object that is returned from the login endpoint.

Enter SMS Verification Code

This endpoints is used to enter a SMS verification code received by the player on a mobile phone.

HTTP Request

POST ~/v3/api/users/{user_id}/verification

curl -X POST -H "Content-Type: application/json"        \
  -H "X-Kore-ReturnUrl: http://www.example.com/" -d '{  \
  "mode": "mobile_phone",             \
  "code": "123456"                            \
}' "http://example.com/v3/api/users/{user_id}/verification"

var payload = {
    "mode": "mobile_phone",
    "code": "123456"
};
$.ajax({
  "url": "http://example.com/v3/api/users/{user_id}/verification",
  "method": "POST",
  "headers": {
    "content-type": "application/json",
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {player_token}"
  },  
  "data": JSON.stringify(payload)
});

POST ~/v3/api/users/{user_id}/verification

   
HTTP Method POST
Path ~/v3/api/users/{user_id}/verification
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials, player_verification_credentials
Errors (non exhaustive) invalid_request, no_pending_verification, invalid_sms_code

POST Parameters

The parameters must be sent as JSON.

Property Required? Type Description
mode Required String Must be set to mobile_phone.
code Required String The verification code received by SMS. Exactly 6 characters long.

Response (player_credentials request)

{
  "mobile_phone": "Verified",
  "last_sms_send_date": "2023-05-05T11:18:17Z",
}

Response (player_verification_credentials request)

{
    "mobile_phone": "Verified",
    "last_sms_send_date": "2024-03-06T11:29:32Z",
    "auth": {
        "grant_type": "player_credentials",
        "tokens": [
            {
                "type": "Bearer",
                "expiration": "2024-03-07T11:29:50Z",
                "value": "CfDJ8Fhe…"
            }
        ],
        "tracking_id": "37e22704-39c5-4662-a4a6-48c0f15a3437",
        "_links": {
            "user": {
                "href": "https://example.com/v3/api/users/ZjJDdW1hTjY4UFRJamw2N1E0YWhEQ1hTMVJCQ0x3PT0.",
                "method": "GET"
            },
            "logout": {
                "href": "https://example.com/v3/api/auth/player_credentials",
                "method": "DELETE"
            }
        },
        "locale": "en-US",
        "email": "bob@example.com"
    }
}

HTTP Response

The returned response is a variant of the VerificationStatus object.

Property Required? Type Description
mobile_phone Required String Verified, NotApplicable or InvalidPhone
last_sms_send_date Optional String The date the last verification code was sent by SMS.
It uses ISO 8601 format yyyy-mm-ddThh:mm:ssZ.
auth Optional† PlayerTokenResponse The same object that is returned from the login endpoint.

Send SMS Verification Code

This endpoint is used to request for an SMS verification code to be sent to the player.

HTTP Request

POST ~/v3/api/users/{user_id}/verification/retry

curl -X POST -H "Content-Type: application/json"        \
  -H "X-Kore-ReturnUrl: http://www.example.com/" -d '{  \
  "mode": "mobile_phone",             \
}' "http://example.com/v3/api/users/{user_id}/verification/retry"

var payload = {
    "mode": "mobile_phone",
};
$.ajax({
  "url": "http://example.com/v3/api/users/{user_id}/verification/retry",
  "method": "POST",
  "headers": {
    "content-type": "application/json",
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {player_token}"
  },  
  "data": JSON.stringify(payload)
});

POST ~/v3/api/users/{user_id}/verification/retry

   
HTTP Method POST
Path ~/v3/api/users/{user_id}/verification/retry
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials, player_verification_credentials
Errors (non exhaustive) invalid_request, too_many_verification_retries

POST Parameters

The parameters must be sent as JSON.

Property Required? Type Description
mode Required String Must be set to mobile_phone.

Response:

{
  "mobile_phone": "AwaitingCode",
  "last_sms_send_date": "2023-05-05T11:18:17Z",
}

HTTP Response

The returned response is a variant of the VerificationStatus object.

Property Required? Type Description
mobile_phone Required String AwaitingCode, NotApplicable or InvalidPhone
last_sms_send_date Optional String The date the last verification code was sent by SMS.
It uses ISO 8601 format yyyy-mm-ddThh:mm:ssZ.

Amend User

This endpoint is used to capture the additional player info as an additional endpoint while registration.

HTTP Request

PATCH ~/v3/api/users/{user_id}

curl --request POST 'http://example.com/v3/api/users/{user_id}' \
--header 'X-Kore-ReturnUrl: http://www.example.com' \
--header 'Authorization: Bearer {brand_public_credentials_token}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "player_info": {
      "address": {
         "first_line": "372 River Oak Place",
         "second_line": "12 Palm Street",
         "city": "Waterloo",
         "state_code": "ON",
         "zip_code": "N2K 3N8",
         "country_code": "CA"
      }
   }
}'

var payload = {
   "player_info": {
      "address": {
         "first_line": "372 River Oak Place",
         "second_line": "12 palm street",
         "city": "Waterloo",
         "state_code": "ON",
         "zip_code": "N2K 3N8",
         "country_code": "CA"
      }
   }
};
$.ajax({
  "url": "http://example.com/v3/api/users/{user_id}",
  "method": "PATCH",
  "headers": {
    "content-type": "application/json",
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {player_token}"
  },  
  "data": JSON.stringify(payload)
});

PATCH ~/v3/api/users/{user_id}

   
HTTP Method POST
Path ~/v3/api/users/{user_id}
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type extra_player_info
Errors (non exhaustive) invalid_request

POST Parameters

The parameters must be sent as JSON.

Property Required? Description
player_info Required PlayerInfo

Player Info

Fully populated player_info object

{
  "address": {
    "first_line": "McDuck Castle",
    "second_line": "Rannoch Station",
    "city": "Highland Perthshire",
    "zip_code": "PH17 2QA",
    "state_text": "Scotland",
    "country_code": "GB"
  }
}
Property Required? Type Max Size Description
address Optional Address N/A The home address of the player.

The same Address type is used thant for the User Registration with the same validation policy.

Response (player_credentials request)

{
     "auth": {
        "grant_type": "player_credentials",
        "tokens": [
            {
                "type": "Bearer",
                "expiration": "2024-03-07T11:29:50Z",
                "value": "CfDJ8Fhe…"
            }
        ],
        "tracking_id": "37e22704-39c5-4662-a4a6-48c0f15a3437",
        "_links": {
            "user": {
                "href": "https://example.com/v3/api/users/ZjJDdW1hTjY4UFRJamw2N1E0YWhEQ1hTMVJCQ0x3PT0.",
                "method": "GET"
            },
            "logout": {
                "href": "https://example.com/v3/api/auth/player_credentials",
                "method": "DELETE"
            }
        },
        "locale": "en-US",
        "email": "bob@example.com"
    }
}

HTTP Response

Example of Success response

{
  "registration_status": "Success",
  "auth": {
    "grant_type": "player_credentials",
    "tokens": [
      {
        "type": "Bearer",
        "expiration": "2020-11-19T18:00:12Z",
        "value": "CfDJ8A9gjaMNK1FDsBTJEa5WnXS/pAcE48Sr+UhE3wqGnL7o7LJdsU0LoPqzXBy1ayYB5SHpV5sHWMsdSr/4NlrnQS9MzEgP9T4abgSeJ6NV55Ux8pFY09GADdobZjJW1CcmzetKt9gREMJVjunXrLJ6eALyfO/W16ur27v59Eb7e2Wu3BajGWDmrhilZltx3jFnipoWp0oP1jlskm4aniZnP6azK+uvUbUReZiEyzS7tElMycB9u0qLVN0TYPb3f8vwX2NYGYTuC2fj/JgiufBmzQyvMzuhPgWi9i6DHGtNgFREo2yS/jn3nwYnF+A0lTpnaSsxMHv1KVfEV8KN47NlHh0t2y7q1gjIvRv6lXRmZ3rXHrTiH51sMLSVNmbSqZsj/ktApHVKlstyCMV4WiMVUsLcbTDXQeNy89En99gJNmMY7ut5D8M/1iTJ7M2E0Pi16TypeI+NTQjvhg//kS4I4PneumKHUFhZzbO7XETi0u5oRap4sgJ+YBEjPYsUq7AEONct3Bai4SQMwkZvj9CpkXVyCyppix4BSiKlTX6vKlZl+jiYyykCXQKvHyD5KNC36Q=="
      }
    ],
    "_links": {
      "user": {
        "href": "https://example.com/v3/api/users/MzU3aXZQakV5Z2Q3WnRIZ285dW9hOWRrbG4vbk5RPT0.",
        "method": "GET"
      },
      "logout": {
        "href": "https://example.com/v3/api/auth/player_credentials",
        "method": "DELETE"
      }
    },
    "locale": "en-US"
  }
}
Property Required? Type Description
auth Optional† PlayerTokenResponse The same object that is returned from the login endpoint.

Create Password Reset

This endpoint is used at the begining of reset password journey by using either email or mobile phone with Date Of Birth combination.

HTTP Request

POST ~/v3/api/users/password_resets

curl --request POST 'http://example.com/v3/api/users/password_resets' \
--header 'X-Kore-ReturnUrl: http://www.example.com' \
--header 'Authorization: Bearer {brand_public_credentials_token}' \
--header 'Content-Type: application/json' \
--data-raw '{
  "captcha": {
    "type": "turnstile",
    "token": "0.spOowAu0RfY4dii..."
  },
  "email": "email@gmail.com",
  "birth_date": "1989-05-21"
}'

var payload = {
  "captcha": {
    "type": "turnstile",
    "token": "0.spOowAu0RfY4dii..."
  },
  "email": "email@gmail.com",
  "birth_date": "1989-05-21"
};
$.ajax({
  "url": "http://example.com/v3/api/users/password_resets",
  "method": "POST",
  "headers": {
    "content-type": "application/json",
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {brand_public_credentials_token}"
  },  
  "data": JSON.stringify(payload)
});

PATCH ~/v3/api/users/password_resets

   
HTTP Method POST
Path ~/v3/api/users/password_resets
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials
Errors (non exhaustive) invalid_request, captcha_invalid, recovery_contact_support, rate_limit_exceeded, recovery_email_exhausted, recovery_sms_exhausted

POST Parameters

The parameters must be sent as JSON.

Property Required? Type Description
captcha Mandatory CAPTCHA Token
email Optional String
mobile_phone Optional String
birth_date Mandatory String

HTTP Response

Example of Success response

{
    "status": "Pending",
    "expiration": "2024-08-28T23:06:46",
    "remaining_resend_count": 3,
    "remaining_attempt_count": 3,
    "_links": {
        "enter_password_reset_code": {
            "href": "http://example.com/v3/api/users/password_resets/7BsPqMj5BlyUrtD2",
            "method": "PATCH"
        },
        "resend_password_reset_code": {
            "href": "http://example.com/v3/api/users/password_resets/7BsPqMj5BlyUrtD2/resend",
            "method": "POST"
        }
    }
}
Property Required? Type Description
status Mandatory String Pending
expiration Mandatory string ISO 8601 UTC timestamp in format yyyy-mm-ddThh:mm:ssZ.
remaining_resend_count Mandatory Integer Minimum value is 0. It would start at a value like 3.
remaining_attempt_count Mandatory Integer When it decrease to 0, the status should change to Expired.
enter_password_reset_code Mandatory string It is a link that point to the endpoint to enter the password reset verification code.
resend_password_reset_code Mandatory string It is a link that point to the endpoint to retry sending the SMS/password verification code.

Enter Password Reset Code

This endpoint is used to send the recovery code received by SMS or email to the Kore API. The result should give a token suitable for password reset access. The link should be retrieved via the enter_password_reset_code link from previous endpoint. It’s only valid if expiration is in the future.

HTTP Request

PATCH ~/v3/api/users/password_resets/{id}

curl --request PATCH 'http://example.com/v3/api/users/password_resets/{id}' \
--header 'X-Kore-ReturnUrl: http://www.example.com' \
--header 'Authorization: Bearer {brand_public_credentials_token}' \
--header 'Content-Type: application/json' \
--data-raw '{
  "code": "465465",
  "play_mode": "Real"
}'

var payload = {
  "code": "465465",
  "play_mode": "Real"
};
$.ajax({
  "url": "http://example.com/v3/api/users/password_resets/{id}",
  "method": "PATCH",
  "headers": {
    "content-type": "application/json",
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {brand_public_credentials_token}"
  },  
  "data": JSON.stringify(payload)
});

PATCH ~/v3/api/users/password_resets/{id}

   
HTTP Method POST
Path ~/v3/api/users/password_resets/{id}
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials
Errors (non exhaustive) invalid_request, rate_limit_exceeded, recovery_code_exhausted, recovery_code_invalid, recovery_not_found

POST Parameters

The parameters must be sent as JSON.

Property Required? Type Description
code Mandatory String
play_mode Mandatory String

HTTP Response

Example of Success response

{
   "status": "Recovered",
   "expiration": "2020-07-12T08:08:41Z",
   "remaining_resend_count": 3,
   "remaining_attempt_count": 3,
   "_links": {
       "enter_password_reset_code": {
          "href": "https://example.com/v3/users/password_resets/yEf1Qb",
          "method": "PATCH"
       },
       "resend_password_reset_code": {
          "href": "https://example.com/v3/users/password_resets/yEf1Qb/resend",
          "method": "POST"
        }    
   },
   "auth": {
      "grant_type": "player_change_password",
      "locale": "en-US",
      "tokens": [
        {
          "type": "Bearer",
          "expiration": "2020-07-12T08:08:41Z",
          "value": "CfDJ8KBChYue…"
        }
      ],  
      "_links": { 
        "change_password": { 
          "href": "http://www.example.com/v3/api/users/{userid}/password",
          "method": "PATCH"
        }    
      }
   }
}
Property Required? Type Description
status Mandatory String Recovered
expiration Mandatory string ISO 8601 UTC timestamp in format yyyy-mm-ddThh:mm:ssZ. It would be in the past (it’s expired).
remaining_resend_count Mandatory Integer It would be set to 0.
remaining_attempt_count Mandatory Integer It would be set to 0.
enter_password_reset_code Mandatory string It is a link that point to the endpoint to enter the password reset verification code.
resend_password_reset_code Mandatory string It is a link that point to the endpoint to retry sending the SMS/password verification code.
auth Required* PlayerTokenResponse The same object that is returned from the login endpoint.

Loyalty

Example of Loyalty Object

"loyalty": {
    "tier": "FunkyFortunesTopaz",
    "balance": 0,
    "tier_name": "Topaz"
}

The Loyalty type is used to represent the loyalty state of a player.

Property Required? Type Description
tier Required String Internal name of the loyalty tier.
balance Required Number A positive integer that represents the current loyalty balance of the player.
tier_name Required String A localized display name for the tier.

Example of extended Loyalty Object (offline_signon)

"loyalty": {
  "next_tier": "GenesysNewbie",
  "next_tier_points": 100,
  "next_tier_name": "Newbie",
  "tier_level": 1,
  "next_tier_level": 2,
  "tier_points": 0,
  "tier": "GenesysNewbie",
  "balance": 0,
  "tier_name": "Newbie"
}

The additional properties are also present when the grant type is set to offline_signon

Property Required? Type Description
tier_level Required Number Positive integer which describe the loyalty level.
tier_points Required Number Positive integer which describe the number of points required to reach the current tier.
next_tier Optional* String Internal name of the next loyalty tier, if any.
next_tier_name Optional* String A localized display name for the next_tier, if any.
next_tier_level Optional* Number Positive integer which describe the loyalty level for the next tier.
next_tier_points Optional* Number Positive integer which describe the number of points required to reach the next tier.

The next_* properties are absent if the player has reached the maximum tier.

Verification Status

Example of Verification Status Object

"verification_status": {
    "email": "Unverified", 
    "mobile_phone": "NotApplicable"
}

The VerificationStatus object provides information about whether the mobile phone and the email address of the player have been verified.

Property Required? Type Description
email Required String Unverified or Verified
mobile_phone Required String Unverified, Verified, NotApplicable, InvalidPhone, or AwaitingCode
Status Description
Unverified The player has not verified this means of contact.
In the case of mobile_phone`, it implies no verification is in progress.
Verified The player has successfully verified their means of contact.
NotApplicable mobile_phone only. The phone verification is disabled for this brand and/or the player’s country.
AwaitingCode mobile_phone only. An SMS verification code has been sent, but the player has not provided us with the code yet.
InvalidPhone mobile_phone only. No verification SMS sent because the provided phone number is invalid.

Highest Win

Property Required? Type Description
payout Required MoneyType Payout of the highest win.
game Required Game The game where the payout was achieved. The _actions and _links properties are omitted for disabled games (see warning below).

Tournament Stats

Example of TournamentStats object

{
  "win_amount": {
    "currency": "USD",
    "amount": 15000,
    "exponent": 2
  },
  "name": "Fun Tournament 2",
  "rank": 1,
  "end_date": "2019-03-26T15:54:04Z",
  "start_date": "2019-03-26T15:48:55Z"
}
Property Required? Type Description
name Required string Name of the tournament. Not localized.
end_date Required string Date and time when the tournament was finished in ISO 8601 format (yyyy-mm-ddThh:mm:ssZ).
start_date Required string Date and time when the tournament was started in ISO 8601 format (yyyy-mm-ddThh:mm:ssZ).
rank Required number Final rank of the player in the tournament. The highest rank is 1.
win_amount Optional MoneyType Only present if the player finished the tournament with a winning rank.

Competition Stats

Example of CompetitionStats object

{
  "name": "Fun Competition",
  "rank": 1,
  "end_date": "2019-03-26T15:54:04Z",
  "start_date": "2019-03-26T15:48:55Z"
}
Property Required? Type Description
name Required string Name of the competition. Not localized.
end_date Required string Date and time when the competition was finished in ISO 8601 format (yyyy-mm-ddThh:mm:ssZ).
start_date Required string Date and time when the competition was started in ISO 8601 format (yyyy-mm-ddThh:mm:ssZ).
rank Required number Final rank of the player in the competition. The highest rank is 1.

Welcome

Example of Welcome object

"welcome": {
    "page_id" : 1, 
    "bonus_codes":["WELCOME", "BONUS"]
}

The welcome object is passed when creating new user accounts directly or indirectly via the user activation endpoint.

It is used to record additional information in the database that link new player registrations to welcome page campaigns.

Property Required? Type Max Size Description
page_id Mandatory Integer N/A Landing page Id. The page_id must be strictly positive.
bonus_codes Mandatory Array of String 2 Array of max 2, min 1 bonus code present on landing page.

Games

Get List of Games

GET ~/v3/api/games

curl -X GET -H "Content-Type: application/json" \
   -H "authorization: bearer {user-token}" \
   "http://example.com/v3/api/games"

$.ajax({
  "url": "http://example.com/v3/api/games",
  "method": "GET",
  "headers": {
    "authorization" : "bearer {user-token}"
  }
});

Response:

{
  "games": [ 
    {
      "provider": "saucify",
      "slug": "midnight-racer-video-slot",
      "name": "Midnight Racer",
      "category": "videoslot",
      "platform": "html",
      "locale": "en-US",
      "attributes": {
        "lines": "30",
        "free_spins": "true"
      },
      "_actions": {
        "play": {
          "href": "http://example.com/play/html/MidnightRacerVideoSlot?ReturnUrl=http%3A%2F%2Fwww.example.com"
        }
      },
      "_links": {
        "_self": {
          "href": "http://example.com/v3/api/games/Html/MidnightRaceVideoSlot"
        }
      }
    },
    {
      "provider": "saucify",
      "slug": "zodiac-video-slot",
      "name": "Zodiac",
      "category": "videoslot",
      "platform": "html",
      "locale": "en-US",
       "attributes": {
        "lines": "12",
        "free_spins": "true"
      },     
      "_actions": {
        "play": {
          "href": "http://example.com/play/html/ZodiacVideoSlot?ReturnUrl=http%3A%2F%2Fwww.example.com"
        }
      },
      "_links": {
        "_self": {
          "href": "http://example.com/v3/api/games/Html/ZodiacVideoSlot"
        }
      }      
    }
  ]
}

Return the list of available games.

A play action link is provided when the endpoint is used with a player_credentials authorization. These links makes it possible launch to games.

HTTP Request

GET ~/v3/api/games

   
HTTP Method GET
Path ~/v3/api/games
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type brand_public_credentials or player_credentials

HTTP Response

Property Required? Type Description
games Required Array Array of Game elements.

Get Game Info

GET ~/v3/api/games/{game_id}

curl -X GET -H "Content-Type: application/json" \
   -H "authorization: bearer {user-token}" \
   "http://example.com/v3/api/games/{game_id}"

$.ajax({
  "url": "http://example.com/v3/api/games/{game_id}",
  "method": "GET",
  "headers": {
    "authorization" : "bearer {user-token}"
  }
});

Response:

{
    "provider": "saucify",    
    "slug": "midnight-racer-video-slot",
    "name": "Midnight Racer",
    "category": "videoslot",
    "platform": "html",
    "locale": "en-US",
    "attributes": {
        "lines": "30",
        "free_spins": "true"
    },
    "_actions": {
        "play": {
            "href": "http://example.com/play/html/MidnightRacerVideoSlot?ReturnUrl=http%3A%2F%2Fwww.example.com"
    },
    "_links": {
        "_self": {
             "href": "http://example.com/v3/api/games/Html/MidnightRaceVideoSlot"
        }
    }    
}

Get information about a specific game.

HTTP Request

GET ~/v3/api/games/{game_id}  
HTTP Method GET
Path ~/v3/api/games/{game_id}
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type brand_public_credentials or player_credentials

HTTP Response

Return the Game object.

Example of Game

{
    "attributes": {
        "lines": "40",
        "free_spins": "true"
    },
    "provider": "saucify",    
    "slug": "mrs-greens-plant-emporium-video-slot",
    "name": "Mrs Greens Plant Emporium",
    "locale": "en-US",
    "category": "videoslots",
    "platform": "html",
    "medal": {
        "level": 3,
        "name": "Gold",
        "awarded_date": "2019-03-06T12:16:17Z"
    },
    "_actions": {
        "play": {
            "href": "https://MandarinPalace-webclient-saucify13.aristx.net/en-US/play/Html/MrsGreensPlantEmporiumVideoSlot?sessionid=L7vcH4hDE7jqxmXBMpBkov4lOYF7Gq65RaDYtzjxkPQ%3D&usertoken=cUrZ7y94jP78S1RR9CeFNgp9zAce5A%3D%3D&playmode=Real&email=bob@example.com&returnurl=http%3A%2F%2Fwww.google.com",
            "method": "GET"
        }
    },
    "_links": {
        "_self": {
            "href": "https://kore13.aristx.net/v3/api/games/Html/MrsGreensPlantEmporiumVideoSlot",
            "method": "GET"
        }
    },
    "device_category": "mobile"
}

The Game type is shared by several endpoints: ~/v3/api/games, ~/v3/api/games/{gameid} and ~/v3/api/tournaments/{tournament-id}.

Obtain Launch Token

This endpoint is used to retrieve a launch token which can be used to sign in a player on a game which was launched in unauthenticated mode.

Unauthenticated mode refers to a game which was launched from a play action link retrieved with a brand_public_credentials credentials, i.e. before the player was able to sign in and obtain player_credentials credentials.

This endpoint can only be used after the player has logged in. The retrieved launch token would be passed to the IFrame hosting the game using window.postMessage(). The exact details are provider specific and outside the scope of this documentation.

HTTP Request

POST ~/v3/api/games/{game_id}/tokens  
HTTP Method POST
Path ~/v3/api/games/{game_id}/tokens
Query Parameters ?deviceCategory={mobile|desktop}
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials in Real play_mode

POST ~/v3/api/games/{game_id}/tokens

curl -X POST -H "Content-Type: application/json" \
   -H "Authorization: bearer {user-token}" \
   -H "Content-Type: application/json" \
   "http://example.com/v3/api/games/{game_id}/tokens" \
  -d '{ \
    "grand_type": "launch_game"
  }'   

var payload = {
  "grant_type": "launch_game"
}

$.ajax({
  "url": "http://example.com/v3/api/games/{game_id}/tokens",
  "method": "POST",
  "headers": {
    "Authorization" : "bearer {user-token}",
    "Content-Type": "application/json"
  },
  "data": JSON.stringify(payload)  
});

Query Parameters

Property Required? Type Description
deviceCategory *Optional Enum String Either mobile or desktop

POST Parameters

Property Required? Type Description
grant_type Mandatory String Set to launch_game

HTTP Response

Response:

{
    "grant_type": "launch_game",
    "tokens": [
        {
            "type": "Launch",
            "expiration": "2024-03-21T15:03:47Z",
            "value": "Lm30IB6ncC7uTFm3Xw2xXPyqEl4tISOWuQ3rAdrzW0oOlp48pIHsEdoK51pF8vRq_Cte5DPavsEIi7Cj6TeowjGVk0_h3Dg.."
        }
    ],
    "locale": "en-US"
}

The response is in a format that is similar to PlayerTokenResponse but only a single outcome is possible.

Property Required? Type Description
grant_type Required String Set to launch_game
locale Required String One of the IETF Language tags. See locales.
tokens Required Array of Tokens Must contain one token with type set to Launch

Custom Game Launch

This endpoint is used to retrieve a custom play action link which can be used to to launch a game with custom launch parameters.

This endpoint allows customization of the launch sequence, extending beyond the default behavior of the _actions.play action links provided in the Game object.

HTTP Request

POST ~/v3/api/games/{game_id}/launch  
HTTP Method POST
Path ~/v3/api/games/{game_id}/launch
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type brand_public_credentials or player_credentials.

POST Parameters

POST ~/v3/api/games/{game_id}/launch

curl -X POST -H "Content-Type: application/json" \
   -H "Authorization: bearer {user-token}" \
   -H "Content-Type: application/json" \
   "http://example.com/v3/api/games/{game_id}/launch" \
  -d '{ \
    "betconstruct": { \
        "path_suffix": "CounterStrike/Europe/18280635/esl-challenger/24288131/parivision-dmax", \
        "section": "live" \
    } \
  }'   

var payload = {
  "betconstruct": {
    "path_suffix": "CounterStrike/Europe/18280635/esl-challenger/24288131/parivision-dmax",
    "section": "live"
  }
}

$.ajax({
  "url": "http://example.com/v3/api/games/{game_id}/launch",
  "method": "POST",
  "headers": {
    "Authorization" : "bearer {user-token}",
    "Content-Type": "application/json"
  },
  "data": JSON.stringify(payload)  
});

The parameters must be sent as JSON.

Property Required? Type Description
betconstruct Required BetConstructLaunch Specific to BetConstruct custom launch sequence.

The BetConstructLaunch has two parameters.

Property Required? Type Description
section Required String live or prematch.
path_suffix Optional String A path suffix appended after /event-view in the BetConstruct URL.
Must not start nor end with a slash character / and must not contain a query string ? character.
Max 128 ASCII characters.
Must match the ^[^/?]+(?:[-._~A-Za-z0-9/]

Response:

{
  "mobile_phone": "AwaitingCode",
  "last_sms_send_date": "2023-05-05T11:18:17Z",
}

HTTP Response

Response:

{
  "_actions": {
    "play": {
      "href": "http://example.com/v3/play/unauthenticated/betconstruct?token=eyJCcmFuZCI...",
      "method": "GET"
    }
  }
}

The response contains a mandatory action play link.

Property Required? Type Description
_actions Required LinkCollection Action for the game.

The link collection contains the following link.

Action Required? Description
play Required Provide a link to play the game.

Game

Example of Game

{
    "attributes": {
        "lines": "40",
        "free_spins": "true"
    },
    "provider": "saucify",    
    "slug": "mrs-greens-plant-emporium-video-slot",
    "name": "Mrs Greens Plant Emporium",
    "locale": "en-US",
    "category": "videoslots",
    "platform": "html",
    "medal": {
        "level": 3,
        "name": "Gold",
        "awarded_date": "2019-03-06T12:16:17Z"
    },
    "_actions": {
        "play": {
            "href": "https://MandarinPalace-webclient-saucify13.aristx.net/en-US/play/Html/MrsGreensPlantEmporiumVideoSlot?sessionid=L7vcH4hDE7jqxmXBMpBkov4lOYF7Gq65RaDYtzjxkPQ%3D&usertoken=cUrZ7y94jP78S1RR9CeFNgp9zAce5A%3D%3D&playmode=Real&email=bob@example.com&returnurl=http%3A%2F%2Fwww.google.com",
            "method": "GET"
        }
    },
    "_links": {
        "_self": {
            "href": "https://kore13.aristx.net/v3/api/games/Html/MrsGreensPlantEmporiumVideoSlot",
            "method": "GET"
        }
    },
    "device_category": "mobile"
}

The Game type is shared by several endpoints: ~/v3/api/games, ~/v3/api/games/{gameid} and ~/v3/api/tournaments/{tournament-id}.

Game Properties

Property Required? Type Description
provider Required GameProvider Name of the game provider. This is a enum string value.
slug Required String Game name in lowercase kebab style. Games that support multiple platforms feature multiple entries with the same slug.
category Required String Can be one of classicslots, videoslots, videopokers, tablegames, sportsbook, crashgames or other.
platform Required String Can be one of html or auto.
name Required String Display name of the game. Please note game names are not localized.
locale Required String Locale of the game.
attributes saucify, genii, go or crucible Game Attribute Collection Array of game attributes. Present only for saucify, genii, go or crucible games.
medal Optional Medal Highest medal awarded to the player for the game. The property is only present if the player was awarded a medal. The property is always omitted for a grant type of brand_public_credentials.
free_games_set Optional* Array of Free Game Sets Array of free game sets. The array may be empty. The propery is only provided for saucify, genii, go or crucible games.
_actions Optional LinkCollection Actions for the game. See below for details.
_links Required LinkCollection Links for the game. See below for details.
device_category Optional Enum String Can be one of mobile, desktop, auto or responsive. If the property is absent the game is assumed to be responsive which means the game adapts to either mobile or desktop based on the viewport size. The auto category means that Kore is choosing to to launch either the mobile or desktop version of the game based on the user agent.

Property is only present if the game is designed for a particular device.

Game Actions

These are the actions available for each Game.

Action Required? Description
play Optional Provide a link to play the game. This action is usually provided for player_credentials access tokens only (except betconstruct games). It may be omitted when play_mode is set to Practice or for some currencies.
play_tournament Optional* Provide a link to play the game in tournament mode, for a specific tournament. It is the responsibility of the consumer of the API to ensure the link is still valid when called.

These are the resource links available for each for each Game.

Action Required? Description
_self Required Link to ~/v3/api/games/{gameid} endpoint to obtain detailed information about a given game.
launch Optional* Link to ~/v3/api/games/{gameid}/launch endpoint to perform custom game launches.
*Only implemented and always required for betconstruct games.
launch_token Optional* Link to ~/v3/api/games/{gameid}/tokens endpoint to obtain player tokens for games launch in unauthenticated mode.
*Only implemented and always required for betconstruct games.

Game Provider

export enum GameProvider {
    Rival = "rival",
    Saucify = "saucify",
    Go = "go",
    Apollo = "apollo",
    Genii = "genii",
    LionGames = "liongames",
    BetSoft = "betsoft",
    Nucleus = "nucleus",
    BetConstruct = "betconstruct",
    Crucible = "crucible",
    EBet = "ebet",
    OriginalSpirit = "originalspirit",
    FreshDeck = "freshdeck",
    ArrowsEdge = "arrowsedge",
    Evolution = "evolution",
    PragmaticPlay = "pragmaticplay",
    Ezugi = "ezugi",
    BitVille = "bitville",
    PariPlay = "pariplay"
}

The game provider is a string enum / discriminated union of strings. The following values are supported:

Value Thirdparty?
saucify No
genii No
go No
apollo No
rival Yes
betsoft Yes
nucleus Yes
ezugi Yes
crucible Mixed
ebet Yes
arrowsedge Yes
originalspirit Yes
freshdeck Yes
evolution Yes
pragmaticplay Yes
betconstruct Yes
bitville Yes
pariplay Yes

Attributes

Each property in the collection is an attribute. Property name is the attribute name. Property value is the attribute value (always a string). The properties are only provided for genii, saucify or go providers.

Name Game Category Description
lines videoslots,classicslots Number of lines.
feature_game videoslots,classicslots Feature game. A value of “true” indicates that the game has feature game. No property indicates no feature game.
free_spins videoslots Free spins. A value of “true” indicates that the game has free spins. No property indicates no free spins.
gamble_game videoslots Gamble game. A value of “true” indicates that the game has a gamble game. No property indicates no gamble game.
max_ways videoslots Max ways. A value of “true” indicates that the game has free spins. No property indicates no free spins.
progressive videoslots,classicslots Progressive. A value of “true” indicates that the game progressive. No property indicates that it is not.
bonus_bucks classicslots Bonus bucks.
decks tablegames Number of decks in a Blackjack.
surrender tablegames “true” indicates that the Blackjack game has surrender option. No property indicates that it does not.
insurance tablegames “true” indicates that the Blackjack game has insurance. No property indicates that it does not.
single_zero tablegames “true” indicates that the Roulette game has a single zero.
double_zero tablegames “true” indicates that the Roulette game has a double zero.
elite tablegames “true” indicates that the tables game is an Elite version.
card_deck videopokers Number of card decks in the video poker game.
deuces_wild videopokers “true” indicates that deuces are wild for the Video Poker game.
jokers_wild videopokers “true” indicates that jokers are wild for the Video Poker game.
progressive videopokers “true” the the Video Poker game is progressive.
play1 videopokers “true” indicates that the Video Poker game can play only one hand at a time.
play10 videopokers “true” indicates that the Video Poker game can play 10 hands at a time.
play50 videopokers “true” indicates that the Video Poker game can play 50 hands at a time.
picks other Number of picks in Keno game.
multiplier other Multiplier of Keno game.

Medal

Example of Medal

"medal": {
  "level": 3,
  "name": "Gold",
  "awarded_date": "2019-03-06T12:16:17Z"
}
Property Required? Type Description
name Required string Non localized name of the medal.
level Required number A positive integer starting at 0 which represents the rank of the medal (the higher the better).
awarded_date Required string The date the medal was awarded to the playing using ISO 8601 UTC format (yyyy-mm-ddThh:mm:ssZ).

Currently only the following medals exist in the system:

Level Name
0 Blue
1 Bronze
2 Silver
3 Gold
4 Diamond

Free Games Set

Example pending FreeGameSet

{
  "free_games_set": [
    {
      "available_rounds": 10,
      "status": "pending",
      "created_date": "2016-11-29T15:15:26Z",
      "updated_date": "2016-11-29T15:15:26Z"
    }
  ]
}

Example of active FreeGameSet

{
  "free_games_set": [
    {
      "available_rounds": 9,
      "status": "active",
      "created_date": "2016-11-29T15:15:26Z",
      "updated_date": "2022-11-23T08:49:15Z"
    }
  ]
}
Property Required? Type Description
available_rounds Required number Strictly positive integer explaining how many free games round are left in the set.
status Required string Either pending or active. Pending games are games that the player never opened.
created_date Required string Timestamp indicating when the free games set was awarded to the player. ISO 8601 UTC format (yyyy-mm-ddThh:mm:ssZ).
updated_date Required string Timestamp indicating the last time available_rounds was updated, in other words the last time the player used a free game round. ISO 8601 UTC format (yyyy-mm-ddThh:mm:ssZ).

Tournaments

Get Tournament News

This endpoint can be used to retrieve a set of tournament news items.

GET ~/v3/api/tournaments/news

curl -X GET -H "Content-Type: application/json" \
   -H "X-Kore-ReturnUrl: http://www.example.com/" \
   -H "Authorization: Bearer {{access_token}" \
   "http://example.com/v3/api/tournaments/news"

$.ajax({
  "url": "http://example.com/v3/api/tournaments/news",
  "method": "GET",
  "headers": {
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {{access_token}}"
  }
});

Response:

{
    "news": [
        { "text": "Example Player has won 100.00 credits (1st place) in Example Tournament!" },
        { "text": "Sign up for Example Tournament" }
    ],
    "_links": {
        "latest": {
            "href": "http://example.com/v3/api/tournaments/news?min_id=3"
        }
    }
}

HTTP Request

GET ~/v3/api/tournaments/news

   
HTTP Method GET
Path ~/v3/api/tournaments/news
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials with Real as play_mode

HTTP Response

This endpoint returns news and latest properties.

Property Required? Type Description
news Required Array Array of News items in descending chronological order.
_links Required LinkCollection Links related to news.

News

Property Required? Type Description
text Required String Localized and unstyled news item.
Link Required? Description
latest Required Link to retrieve the latest tournament news items, which occurred since the response was sent.

How to use the API to poll for tournament news (pseudo-code)

let latest_news = "~/v3/api/tournaments/news";
setInterval(() => poll(), 1000)
function poll()
{
  fetch(latest_news).then(response => {
    var json = response.json();
    // ... show additional news to user
    latest_news = json._links.latest.href;
  });
}

Get List of Tournaments

This endpoint can be used to retrieve the list of active tournaments.

GET ~/v3/api/tournaments

curl -X GET -H "Content-Type: application/json" \
   -H "X-Kore-ReturnUrl: http://www.example.com/" \
   -H "Authorization: Bearer {{access_token}" \
   "http://example.com/v3/api/tournaments"

$.ajax({
  "url": "http://example.com/v3/api/tournaments",
  "method": "GET",
  "headers": {
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {{access_token}}"
  }
});

Response (with one tournament only)

{
  "tournaments": [
    {
      "name": "Test Tournament",
      "game_category": "tablegames",
      "type": "SitAndGo",
      "registration": {
        "status": "None"
      },
      "registration_options": [
        {
          "type": "Cash",
          "fee": {
            "currency": "USD",
            "amount": 10000,
            "exponent": 2
          },
          "buyin": {
            "currency": "USD",
            "amount": 10000,
            "exponent": 2
          }
        },
        {
          "type": "Bonus"
        }
      ],
      "player_counts": {
        "registered": 1,
        "minimum": 2,
        "maximum": 2
      },
      "status": "Finished",
      "status_change_date": "2013-05-03T12:36:25Z",
      "prize_pool": {
        "type": "TotalPrizePool",
        "minimum": {
          "currency": "USD",
          "amount": 2000000,
          "exponent": 2
        },
        "current": {
          "currency": "USD",
          "amount": 2000000,
          "exponent": 2
        }
      },
      "rebuys": {
        "is_allowed": false,
        "use_count": 0,
        "max_use_count": 5,
        "purchase_options": [ {
          "type": "Cash", 
          "cost": {"currency": "USD", "amount": 5000, "exponent": 2}
        }]
      },
      "_links": {
        "_self": {
          "href": "https://api.example.com/v3/api/tournaments/567",
          "method": "GET"
        },
        "register": {
          "href": "https://api.example.com/v3/api/tournaments/567/registration",
          "method": "POST"
        },
        "unregister": {
          "href": "https://api.example.com/v3/api/tournaments/567/registration",
          "method": "DELETE"
        },
        "rebuy": {
          "href": "https://api.example.com/v3/api/tournaments/567/rebuys",
          "method": "POST"
        }
      }
    }
  ]
}

HTTP Request

GET ~/v3/api/tournaments

   
HTTP Method GET
Path ~/v3/api/tournaments
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials with Real as play_mode

HTTP Response

Property Required? Type Description
tournaments Required Array Array of partial Tournament items.

Get Tournament Details

This endpoint is used to retrieve the details about a single tournament.

GET ~/v3/api/tournaments/{tournament-id}

curl -X GET -H "Content-Type: application/json" \
   -H "X-Kore-ReturnUrl: http://www.example.com/" \
   -H "Authorization: Bearer {{access_token}" \
   "http://example.com/v3/api/tournaments/{tournament-id}"

$.ajax({
  "url": "http://example.com/v3/api/tournaments/{tournament-id}",
  "method": "GET",
  "headers": {
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {{access_token}}"
  }
});

HTTP Request

GET ~/v3/api/tournaments/{tournament-id}

   
HTTP Method GET
Path ~/v3/api/tournaments/{tournament-id}
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials with Real as play_mode

HTTP Response

This endpoint returns the full representation of a Tournament object.

Register for Tournament

This endpoint is retrieved from the register Link in the Tournament object. It is used to join the tournament.

POST ~/v3/api/tournaments/{tournament-id}/registration

curl -X POST \
  http://example.com/v3/api/tournaments/{tournament_id}/registration \
  -H "Authorization: Bearer {{access_token}" \
  -H "Content-Type: application/json" \
  -H "X-Kore-ReturnUrl: http://www.example.com/" \
  -d '{ \
    "type": "Cash" \
  }'

var payload = {
  "type" : "Cash"
}

$.ajax({
  "url": "http://example.com/v3/api/tournaments/{tournament_id}/registration",
  "method": "POST",
  "headers": {
    "x-kore-returnurl": "http://www.example.com/",
    "authorization" : "bearer {{access_token}}",
    "Content-Type": "application/json"
  },
  "data": JSON.stringify(payload)
});

Response (successful registration)

{"status": "Registered"}

HTTP Request

POST ~/v3/api/tournaments/{tournament-id}/registration

   
HTTP Method POST
Path ~/v3/api/tournaments/{tournament-id}/registration
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials with Real as play_mode

POST Parameters

The parameters must be sent as JSON.

Property Required? Type Description
type Required String Can be one of: Cash, Loyalty or Bonus.
bonus_code Optional String Required if the type is set to Bonus.

HTTP Response

Upon successful registration the API returns a Registration object with an HTTP 200 status code.

If there is a problem the API will return an Error.

Unregister from Tournament

This endpoint is retrieved from the unregister Link in the Tournament object. It is used to leave a tournament which was previously joined.

DELETE ~/v3/api/tournaments/{tournament-id}/unregister

curl -X DELETE \
  http://example.com/v3/api/tournaments/{tournament_id}/registration \
  -H "Authorization: Bearer {{access_token}" \
  -H "Content-Type: application/json" \
  -H "X-Kore-ReturnUrl: http://www.example.com/" \

$.ajax({
  "url": "http://example.com/v3/api/tournaments/{tournament_id}/registration",
  "method": "DELETE",
  "headers": {
    "x-kore-returnurl": "http://www.example.com/",
    "authorization" : "bearer {{access_token}}"
  }
});

HTTP Request

DELETE ~/v3/api/tournaments/{tournament-id}/registration

   
HTTP Method DELETE
Path ~/v3/api/tournaments/{tournament-id}/registration
Required Headers X-Kore-ReturnUrl, Authorization
Grant Type player_credentials with Real as play_mode

HTTP Response

Upon successful registration the API returns an empty response with an HTTP 200 status code.

If there is a problem the API returns an Error instead.

Purchase Rebuy

This endpoint is retrieved from the rebuy Link in the Tournament object. It is used to purchase a tournament rebuy, which resets the tournament balance to its starting point.

POST ~/v3/api/tournaments/{tournament-id}/rebuys

curl -X POST \
  http://example.com/v3/api/tournaments/{tournament_id}/rebuys \
  -H "Authorization: Bearer {{access_token}" \
  -H "Content-Type: application/json" \
  -H "X-Kore-ReturnUrl: http://www.example.com/" \
  -d '{ \
    "type": "Cash" \
  }'

var payload = {
  "type" : "Cash"
}

$.ajax({
  "url": "http://example.com/v3/api/tournaments/{tournament_id}/rebuys",
  "method": "POST",
  "headers": {
    "x-kore-returnurl": "http://www.example.com/",
    "authorization" : "bearer {{access_token}}",
    "Content-Type": "application/json"
  },
  "data": JSON.stringify(payload)
});

Response (successful rebuy)

{
  "is_allowed": true,
  "use_count": 2,
  "max_use_count": 5,
  "purchase_options": [ {
    "type": "Cash", 
    "cost": {"currency": "USD", "amount": 5000, "exponent": 2}
  }]
}

HTTP Request

POST ~/v3/api/tournaments/{tournament-id}/rebuys

   
HTTP Method POST
Path ~/v3/api/tournaments/{tournament-id}/rebuys
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials with Real as play_mode

POST Parameters

The parameters must be sent as JSON.

Property Required? Type Description
type Required String Set to Cash

HTTP Response

If the rebuy purchase is successful the the API returns an updated Rebuys Status object.

If there is a problem the API returns an Error instead.

Tournament

Example of Tournament Object

{
  "name": "Test Tournament",
  "game_category": "tablegames",
  "type": "SitAndGo",
  "registration": {
    "status": "None"
  },
  "registration_options": [
    {
      "type": "Cash",
      "fee": {
        "currency": "USD",
        "amount": 10000,
        "exponent": 2
      },
      "buyin": {
        "currency": "USD",
        "amount": 10000,
        "exponent": 2
      }
    },
    {
      "type": "Bonus"
    }
  ],
  "player_counts": {
    "registered": 1,
    "minimum": 2,
    "maximum": 2
  },
  "status": "Finished",
  "status_change_date": "2013-05-03T12:36:25Z",
  "prize_pool": {
    "type": "TotalPrizePool",
    "minimum": {
      "currency": "USD",
      "amount": 2000000,
      "exponent": 2
    },
    "current": {
      "currency": "USD",
      "amount": 2000000,
      "exponent": 2
    }
  },
  "rebuys": {
    "is_allowed": false,
    "use_count": 0,
    "max_use_count": 5,
    "purchase_options": [ {
      "type": "Cash", 
      "cost": {"currency": "USD", "amount": 5000, "exponent": 2}
    }]
  },  
  "_links": {
    "_self": {
      "href": "https://api.example.com/v3/api/tournaments/567",
      "method": "GET"
    },
    "register": {
      "href": "https://api.example.com/v3/api/tournaments/567/registration",
      "method": "POST"
    },
    "unregister": {
      "href": "https://api.example.com/v3/api/tournaments/567/registration",
      "method": "DELETE"
    },
    "rebuy": {
      "href": "https://api.example.com/v3/api/tournaments/567/rebuys",
      "method": "POST"
    }
  },

  "description": "Decription of a Test Tournament",
  "credits": {
    "currency": "XTC",
    "amount": 10000,
    "exponent": 2
  },
  "games": [
    {
      "attributes": {
        "picks": "10",
        "multiplier": "9"
      },
      "provider": "saucify",
      "slug": "test-game",
      "name": "Test Game",
      "locale": "en-US",
      "category": "other",
      "platform": "html",
      "_actions": {
        "play_tournament": {
          "href": "https://www.example.com/en-US/play/tournamentHtml/TestGame"
          "method": "GET"
        }
      },
      "_links": {
        "_self": {
          "href": "http://wwww.example.com/v3/api/games/Html/TestGame",
          "method": "GET"
        }
      }
    }
  ],
  "prizes": [
    {
      "rank": 1,
      "minimum": {
        "currency": "USD",
        "amount": 1000000,
        "exponent": 2
      },
      "current": {
        "currency": "USD",
        "amount": 1000000,
        "exponent": 2
      }
    }
  ],
  "duration": 11700   
}

The Tournament type is shared between the ~/v3/api/tournaments and ~/v3/api/tournaments/{tournament-id} responses. However the ~/v3/api/tournaments endpoint only returns a partial representation of the Tournament object, where some of the properties have been voluntarily omitted.

Tournament Common Properties

The following properties are present in both the ~/v3/api/tournaments and ~/v3/api/tournaments/{tournament-id} responses.

Property Required? Type Description
name Required String Name of the tournament. Not localized.
type Required String Scheduled or SitAndGo. See below for details.
game_category Required String Can be one of classicslots, videoslots, videopokers, tablegames or other.
status Required String Can be one of Created, RegistrationOpened, Started, Finishing, Finished or Canceled. See below for details.
status_change_date Optional Date UTC Date using ISO 8601 format (yyyy-MM-ddThh:mm:15Z). See below for details.
player_counts Required PlayerCount Provide the current, min and max number of players for the tournament.
registrations Required Registration Provide details about the registration status.
registration_options Required Array Describe how to register for the tournament.
prize_pool Required PrizePool Details about the prizes.
rebuys Optional RebuysStatus Details about tournament rebuys. Omitted if rebuys are disabled for the tournament.
_links Required LinkCollection Links for the tournament. See below for details.

Tournament Detailed Properties

The following properties are only returned by the ~/v3/api/tournaments/{tournament-id} endpoint. They can be obtained by performing an extra request using the _self link.

Property Required? Type Description
description Required String Non-localized description of the tournament.
credits Required Money Starting credits for the tournament. Using XTC currency.
leaderboard Optional Array List of players. This property is missing before the tournament starts.
player Optional Player Tournament specifics information about the player. This property is missing before the tournament starts, or if the player has not joined the tournament.
games Required Array List of playable games for this tournament. Include a play_tournament launch URL.
prizes Required Array List of all prizes and qualifying ranks.
duration Required Integer Duration of tournament in seconds. This a constant value set during the creation of the tournament.

Type and Status

The different status values for Tournaments

    +----------------------+    Does not exist
<---+       Created        |    for SitAndGo
|   +----------+-----------+
|              |
|              v
|   +----------+-----------+    No status_change_date
<---+  RegistrationOpened  |    for SitAndGo
|   +----------+-----------+
|              |
|              v
|   +----------+-----------+
<---+       Started        |
|   +----------+-----------+
|              |
|              v
|   +----------+-----------+    Transitory status (<1min)
<---+      Finishing       |    No status_change_date
|   +----------+-----------+
|              |
|              v
|   +----------+-----------+    status_change_date
|   |       Finished       |    in the past
|   +----------------------+
|
|
|   +----------------------+
+--->       Canceled       |    exceptional status
    +----------------------+    No status_change_date

There are two types of tournaments, as defined by the type property:

The status property describes the current state of the tournament. The meaning of the status_change_date property depends on it.

status Meaning of status_change_date Description
Created When the tournament becomes registration_opened This status only applies to Scheduled tournaments. It indicates that the tournament is not yet opened for registrations.
RegistrationOpened When the tournament becomes started The tournament accepts registration and has not yet started. The status_change_date is missing for SitAndGo tournaments.
Started When the tournament becomes finishing The tournament is in progress. It no longer accepts registrations.
Finishing None The tournament has just finished. However, the final computations for the prizes have not yet been completed. This status is transitory and typically lasts less than 30 seconds.
Finished Past date. When the tournament became finished The tournament has finished. The winners and different prizes are known.
Canceled None The tournament was canceled.

Tournament links

{
  "_links": {
    "_self": { 
      "href": "https://www.example.com/v3/api/tournaments/123" 
    },
    "register": { 
      "method": "POST", 
      "href": "https://www.example.com/v3/api/tournaments/123/registration" 
    },
    "unregister": { 
      "method": "DELETE", 
      "href": "https://www.example.com/v3/api/tournaments/123/registration" 
    },
    "rebuy": {
      "href": "https://api.example.com/v3/api/tournaments/567/rebuys",
      "method": "POST"
    }
  }
}

These are the API links available for each tournament

Link Required? Description
_self Required Provide a link to the detailed description of the tournament. Currently links to ~/v3/api/tournaments/{tournament-id}.
register Required Link to register the player to the tournament. Currently links to ~/v3/api/tournaments/{tournament-id}/registration.
unregister Required Link to unregister the player from the tournament. Currently links to ~/v3/api/tournaments/{tournament-id}/registration.
rebuy Required Link to purchase a rebuy in the tournament. Currently links to ~/v3/api/tournaments/{tournament-id}/rebuy.

Registration

Example of Registration 

"registration": {
    "status": "Registered"
}

The Registration type only contains a status property.

Property Required? Type Description
status Required String Can be one of None, Registered or SignOn.

The following states are possible for the status property:

Registration Options

Example showing all available Registration Options

{
  "registration_options": [
    {
      "type": "Bonus"
    },
    {
      "type": "Cash",
      "fee": { "currency": "USD", "amount": 50000, "exponent": 2 },
      "buy_in": { "currency": "USD", "amount": 10000, "exponent": 2 }
    },
    {
      "type": "Loyalty",
      "cost": 100
    }
  ]
}

The registration_options property returns an Array of RegistrationOption objects. The presence of a RegistrationOption in the array denotes that this method of registration is available. Reciprocally, its absence means it is not available.

There are three types of registration options available at the moment:

The following properties may appear on the RegistrationOption object, depending on the type:

Property Required for type? Type Description
type All String Can be one of Cash, Bonus, Loyalty
fee Cash Money The fee in real credits, the player is required to pay to register.
buy_in Cash Money The buy in money in real credits, the player is required to pay. This get turned into the starting balance at the beginning of the tournament.
cost Loyalty Integer Number of loyalty points the player must pay to register.

Player Counts

Example of Scheduled tournament player_counts

{
  "player_counts": {
    "registered": 2,
    "minimum": 5,
    "maximum": 10
  }
}

The PlayerCount object provides information about the number of players registered for the tournament. It contains the following properties:

Property Required? Type Description
registered Required Integer Number of players that have currently registered for the tournament.
minimum Required Integer The minimum number of players that must register, before the tournament is allowed to start.
maximum Required Integer The maximum number of players that can be registered for the tournament.

Player

Example of Player object used in tournaments.

{ 
    "player":
    {
        "nickname": "User123",
        "rank" : 1,
        "credits": {
            "currency": "XTC",
            "amount": 88800,
            "exponent": 2
        },
        "win_amount": {
            "currency": "USD",
            "amount": 20000,
            "exponent": 2
        },
        "is_active": true
    }
}

Player objects are returned in the leaderboard and player properties of the detailed Tournament object. They provide information about a player for a specific tournament.

Property Required? Type Description
nickname Required String The nickname of the player.
credits Required Money Current tournament credits expressed in XTC currency.
rank Required Integer Current rank in the tournament. There can be more than one player with the same rank, and some ranks may be skipped.
win_amount Required Money The prize money expressed in real currency.
is_active Required Boolean Whether the player is actively playing in the tournament.

Game

Partial Game type used in tournaments.

{
    "slug": "aladdins-loot-slot",
    "name": "Aladdin's Loot",
    "locale": "en-US",
    "category": "videoslots",
    "platform": "html",
    "_actions": {
        "play_tournament": {
            "href": "https://www.example.com/en-US/play/tournamentHtml/AladdinsLootSlot?sessionid=rLDtN485Ur5qN0k6%2BjRm%2B6480uAWl6%2BuAAGuEon9%2BPE%3D&usertoken=x%2FzIoFHScLEtiw8mJ0lrAT7%3DI9QJOQ%3D%3D&email=player@example.com&returnurl=https%3A%2F%2Fwww.example.com%2FTournament.html&tournamentId=2699&sig=1asyu23rfycmx3u777cuqbeip4gh35pzvhh6e3mx2gv44r4bss5dq",
            "method": "GET"
        }
    }
}

Game objects are returned as part of the games array provided by the detailed Tournament object.

These Game objects are partial representations of the Game type used by the ~/v3/api/games and ~/v3/api/games/{game-id} endpoints.

Each game is guaranteed to contain a play_tournament actions which can be used to launch the game in the tournament. It is the responsibility of the caller to ensure the tournament is running before following the play_tournament action.

Prize Pool

Example of PrizePool

{
  "prize_pool": {
    "type": "TotalPrizePool",
    "minimum": { "currency": "USD", "amount": 500000, "exponent": 2 },
    "current": { "currency": "USD", "amount": 300000, "exponent": 2 }
  }
}

The PrizePool object is returned in the prize_pool property of the Tournament object. It provides details about the prize pool available to the winners of the tournament.

There are two types of prize pools:

The PrizePool types provides the following properties:

Property Required? Type Description
type Required String Can be either TotalPrizePool or FixedAmounts.
minimum Required Money The minimum value the prize pool reaches before the tournament starts.
current Required Money The current value of the prize pool.

Prize

Example of Prize used in tournaments.

{
    "rank": 1,
    "minimum": {
        "currency": "USD",
        "amount": 500000,
        "exponent": 2
    },
    "current": {
        "currency": "USD",
        "amount": 550000,
        "exponent": 2
    }
}

The Prize object is returned in the prizes properties of the detailed Tournament response. It provides information about the prizes which can be won for a specific tournament.

There are two types of prize pools:

Property Required? Type Description
rank Required String The rank required to achieve this prize.
minimum Required Money Minimum amount that can be won from this prize.
current Required Money The current amount this prize will award.

Rebuys Status

Example of RebuysStatus used in tournaments.

{
  "is_allowed": false,
  "use_count": 0,
  "max_use_count": 5,
  "purchase_options": [ {
    "type": "Cash", 
    "cost": {"currency": "USD", "amount": 5000, "exponent": 2}
  }]
}
Property Required? Type Description
is_allowed Required Boolean Whether the player is allowed to purchase a rebuy or not.
use_count Required Number Positive integer starting at 0. Number of rebuy purchased by the player so far.
max_use_count Required Number Positive integer strictly greater than 0. Maximum number of rebuys that a player can purchase.
purchase_options Required Array of RebuyPurchase Not empty. Purchasing options for the rebuys. Currently only Cash purchases are supported.

Rebuy Purchase

Example of RebuyPurchase. Only Cash is supported at the moment.

[ 
  {
    "type": "Cash", 
    "cost": {"currency": "USD", "amount": 5000, "exponent": 2}
  }]
}
Property Required? Type Description
type Required Cash Always set to Cash.
cost Optional Money Present when type is set to Cash. Cash cost for purchasing a rebuy.

Competitions

Get Competitions

This endpoint returns the list of live competitions for the current brand, or optionally, all brands.

GET ~/v3/api/competitions

curl -X GET -H "Content-Type: application/json" \
   -H "X-Kore-ReturnUrl: http://www.example.com/" \
   -H "Authorization: Bearer {{access_token}" \
   "http://example.com/v3/api/competitions"

$.ajax({
  "url": "http://example.com/v3/api/competitions",
  "method": "GET",
  "headers": {
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {{access_token}}"
  }
});

Response:

{
     "competitions": 
     [
        {
            "id": 1,
            "name": "Sample Competition 1",
            "end_date": "2010-04-30T00:00:00Z",
            "start_date": "2010-04-01T00:00:00Z"
        },
        {
            "id": 2,
            "name": "Sample Competition 2",
            "end_date": "2010-05-31T00:00:00Z",
            "start_date": "2010-05-01T00:00:00Z"
        }
    ]
}

HTTP Request

GET ~/v3/api/competitions?all={true|false}

   
HTTP Method GET
Path ~/v3/api/competitions
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type brand_public_credentials, player_credentials or leaderboard

Query Parameters

Property Required? Type Description
all Optional Boolean Default to false if not specified, and returns the list of the competitions for the current brand group.
If true, returns all competitions for all brand groups.

HTTP Response

The endpoint returns an array of competitions

Property Required? Type Description
competitions Mandatory Array Array of Competitions in no particular order.

Competitions

Property Required? Type Description
id Mandatory Integer Identifier of competition. Not suitable for display. Strictly positive.
name Mandatory String Name of the competiton. Can be displayed to players.
brand_group Optional* String Internal name of brand group the competition belongs to. Not suitable for display. This parameter is only provided if ?all=true is provided.
start_date Mandatory String Start date of competition in ISO 8601 format (yyyy-mmddThh:mm:ssZ) using UTC time zone.
end_date Mandatory String End date of competition in ISO 8601 format (yyyy-mmddThh:mm:ssZ) and UTC time zone.

Get Leaderboard

This endpoint retrieves the leaderboard associated to a competition.

GET ~/v3/api/competitions/{competitionIds}/leaderboard?limit={limit}

curl -X GET -H "Content-Type: application/json" \
   -H "X-Kore-ReturnUrl: http://www.example.com/" \
   -H "Authorization: Bearer {{access_token}" \
   "http://example.com/v3/api/competitions/1,2,3,4/leaderboard?limit=2"

$.ajax({
  "url": "http://example.com/v3/api/competitions/1,2,3,4/leaderboard?limit=2",
  "method": "GET",
  "headers": {
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {{access_token}}"
  }
});

Response for public_brand_credentials

{
    "competition_ids": [1, 2, 3, 4],
    "leaderboard": [
        {
            "nickname": "FirstPlayer",
            "ranking": 1,
            "score": 1000000
        },
        {
            "nickname": "SecondPlayer",
            "ranking": 2,
            "score": 500
        }
    ]
}

Response for player_credentials

{
    "competition_ids": [1, 2, 3, 4],
    "leaderboard": [
        {
            "nickname": "FirstPlayer",
            "ranking": 1,
            "score": 1000000
        },
        {
            "nickname": "SecondPlayer",
            "ranking": 2,
            "score": 500
        },
        {
            "nickname": "BreforeMe",
            "ranking": 49,
            "score": 50
        },  
        {
            "nickname": "Me",
            "ranking": 50,
            "score": 40
        },
        {
            "nickname": "AfterMe",
            "ranking": 51,
            "score": 41
        }        
    ],
    "player": {
        "nickname": "Me",
        "ranking": 50,
        "score": 40
    }
}

HTTP Request

GET ~/v3/api/competitions/1,2,3/leaderboard?limit=100

   
HTTP Method GET
Path ~/v3/api/competitions/{competitionIds}/leaderboard?limit={limit}
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type brand_public_credentials, player_credentials or leaderboard

Path Parameters

The following parameters are provided in the URL path.

Parameter Required? Type Description
competitionIds Mandatory String A comma separated list of competitions IDs.

Query Parameters

Parameter Required? Type Description
limit Optional Integer Limit the size of the returned leaderboard. Minimum 1 and maximum 500.
If the limit is not provided it defaults to 100.

HTTP Response

This endpoint returns the leaderboard of the competitions and, optionally, information about the current player.

Property Required? Type Description
competition_ids Mandatory Array of Integers The competitions IDs used to compute the leaderboard. Values may be returned in a different order than provided in the request.
leaderboard Mandatory Array of Players Array of players from highest to lowest ranking. The array may be empty.
player Optional Player Information about the current player. This is only returned if the grant type is player_credentials and the current player has joined any of the requested competitions.

Player

Property Required? Type Description
nickname Mandatory String Nickname of player.
ranking Mandatory Positive Integer Position of player in leaderboard. The highest rank is 1.
score Mandatory Positive Integer Total score of player.

Bonus

Claim a Bonus

Claim a bonus code for the player.

HTTP Request

POST ~/v3/api/bonuses/claim

   
HTTP Method POST
Path ~/v3/api/bonuses/claim
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials
Rate Limits 1 request per second; 10 requests per minute

POST ~/v3/api/bonuses/claim

curl -X POST 'http://example.com/v3/api/bonuses/claim' \
--header 'X-Kore-ReturnUrl: http://www.example.com' \
--header 'Authorization: Bearer CfDJ8...' \
--header 'Content-Type: application/json' \
--data-raw '{
    "bonus_code": "BONUS_CODE"
}'

var payload = { bonus_code: "BONUS_CODE" };
$.ajax({
  "url": "http://example.com/v3/api/bonuses/claim",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "X-Kore-ReturnUrl": "http://www.example.com",
    "Authorization": "Bearer CfDJ8...",
    "Content-Type": "application/json"
  },
  "data": JSON.stringify(payload),
};

Campaign claim

curl -X POST 'http://example.com/v3/api/bonuses/claim' \
--header 'X-Kore-ReturnUrl: http://www.example.com' \
--header 'Authorization: Bearer CfDJ8...' \
--header 'Content-Type: application/json' \
--data-raw '{
    "campaign": {
        "campaign_id" : 1,
        "type" : "invite"
    }
}'

var payload = {
    campaign: {
        campaign_id : 1,
        type : "invite"
    }
};
$.ajax({
  "url": "http://example.com/v3/api/bonuses/claim",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "X-Kore-ReturnUrl": "http://www.example.com",
    "Authorization": "Bearer CfDJ8...",
    "Content-Type": "application/json"
  },
  "data": JSON.stringify(payload),
};

POST Parameters

The parameters must be sent as JSON.

Property Required? Type Description
bonus_code Optional String The bonus code associated to the bonus. Minimum 5 characters, maximum 30 characters.
invite_code Optional String The invite code associated to the bonus and specific to the player. Exactly 6 characters. Only applicable if bonus code is supplied.
campaign Optional Campaign Campaign object to identify the campaign. When supplied, the player will have tags applied and the bonus on the campaign will be claimed.

Success Response

{
  "bonus_code": "BONUS_CODE",
  "claim_status": "AwaitingDeposit"
}

Error Response

{
  "error": "bonus_invalid",
  "error_description": "The Bonus Code is not valid."
}

HTTP Response

Property Required? Type Description
bonus_code Required String Convenience. Same bonus_code as provided in request.
claim_status Required String Either Claimed or AwaitingDeposit depending on the type of bonus.

Filter Bonus Codes

This endpoint can be used to filter out bonus codes that definitely cannot be claimed by a player.

The request takes a small number of bonus codes to check, and the response only contains the ones that may be claimable.

This endpoint performs a more lightweight test than the one performed by the claim endpoint.

HTTP Request

POST ~/v3/api/bonuses/filter

   
HTTP Method POST
Path ~/v3/api/bonuses/filter
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials

POST ~/v3/api/bonuses/filter

curl -X POST 'http://example.com/v3/api/bonuses/filter' \
--header 'X-Kore-ReturnUrl: http://www.example.com' \
--header 'Authorization: Bearer CfDJ8...' \
--header 'Content-Type: application/json' \
--data-raw '{
    "bonus_codes": ["BONUS_CODE", "ANOTHER_BONUS_CODE"]
}'

var payload = { bonus_codes: ["BONUS_CODE", "ANOTHER_BONUS_CODE"] };
$.ajax({
  "url": "http://example.com/v3/api/bonuses/filter",
  "method": "POST",
  "timeout": 0,
  "headers": {
    "X-Kore-ReturnUrl": "http://www.example.com",
    "Authorization": "Bearer CfDJ8...",
    "Content-Type": "application/json"
  },
  "data": JSON.stringify(payload),
};

POST Parameters

The parameters must be sent as JSON.

Property Required? Type Description
bonus_codes Required Array of String Array of bonus codes to filter. Maximum 50 bonus codes. Each code must be minimum 5 characters and maximum 30 characters long.

Response with a Claimable Bonus

{
  "claimable_bonus_codes": ["BONUS_CODE"]
}

Response without any Claimable Bonuses

{
  "claimable_bonus_codes": []
}

HTTP Response

Property Required? Type Description
claimable_bonus_codes Required Array of Strings Filtered out array of claimable codes from the request. This array may be empty.

Campaign

Example of Campaign.

{
  "campaign_id": 1,
  "type": "invite"
}
Property Required? Type Description
campaign_id Required Number Positive integer identifying the campaign.
type Required String Currently must be set to invite.

Progressives

Get Games and Jackpots

Get the list of progressive games and their associated jackpot values.

GET ~/v3/api/progressives/games

curl -X GET 'http://example.com/v3/api/progressives/games' \
--header 'X-Kore-ReturnUrl: http://www.example.com' \
--header 'Authorization: Bearer CfDJ8...' \
--header 'Content-Type: application/json'

var payload = { bonus_code: "BONUS_CODE" };
$.ajax({
  "url": "http://example.com/v3/api/progressives/games",
  "method": "GET",
  "timeout": 0,
  "headers": {
    "X-Kore-ReturnUrl": "http://www.example.com",
    "Authorization": "Bearer CfDJ8...",
    "Content-Type": "application/json"
  }
};

HTTP Request

GET ~/v3/api/progressives/games

   
HTTP Method GET
Path ~/v3/api/progressives/games
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials or brand_public_credentials

Success Response

{
  "games": [
    {
      "game_slug": "some-fancy-game",
      "currencies": [ "EUR", "USD", "CAD", "SEK", "NOK", "DKK", "NZD" ],
      "jackpots": [
        {
          "id": "FancyGameJackpot",
          "current": 2307170,
          "increment_value": 1,
          "increment_interval": 2,
          "timestamp": "2022-04-27T12:05:01Z"
        }
      ]
    }
  ]
}

HTTP Response

The response returns an array of Progressive Games. The array may be empty if there are none.

Each Progressive Game is identified using the slug from the Game object, and each Progressive Game contains one or more Jackpots.

Property Required? Type Description
games Required Array of Progressive Games Can be empty if no progressive games exist. There are no explicit guarantees about the order of the array.

Progressive Game

Progressive Game with Multiple Jackpots

{
  "game_slug": "some-fancy-game",
  "currencies": [ "EUR", "USD", "CAD", "SEK", "NOK", "DKK", "NZD"],
  "jackpots": [
    {
      "id": "FancyGameMegaJackpot",
      "current": 6876551,
      "increment_value": 1,
      "increment_interval": 1,
      "timestamp": "2022-04-27T12:05:01Z"
    },
    {
      "id": "FancyGameMajorJackpot",
      "current": 2307170,
      "increment_value": 1,
      "increment_interval": 2,
      "timestamp": "2022-04-27T12:05:01Z"
    },
    {
      "id": "FancyGameMinorJackpot",
      "current": 1244903,
      "increment_value": 1,
      "increment_interval": 3,
      "timestamp": "2022-04-27T12:05:01Z"
    }
  ]
}
Property Required? Type Description
game_slug Required String The game slug identifying the Game.
currencies Required Array of String The array returns a list of supported currencies. It cannot be empty. See the Currencies endpoint to retrieve information about the currencies.
jackpots Required Array of Jackpots The array returns all the jackpots for the games. The array cannot be empty and is ordered in decreasing order using the current values of the Jackpots.

Jackpot

Example of Jackpot

{
  "id": "FancyGameMinorJackpot",
  "current": 1244903,
  "increment_value": 1,
  "increment_interval": 3,
  "timestamp": "2022-04-27T12:05:01Z"
}
Property Required? Type Description
id Required String Alphanumerical identifier for the Jackpot. This ID may be shared between multiple games (see notice below).
current Required Number Positive Integer which represents the monetary value at the timestamp moment. Typically jackpot value increase until the jackpot is won and reset. You should use the iso_exponent of the Currency to convert the integer to a decimal value.
increment_value Required Number Positive Integer which represents the expected increment of the jackpot value during the increment_interval duration. This is an estimation which should be used to provide animated jackpots. The actual increment may vary, and the jackpot could go down if won.
increment_interval Required Number Positive Integer, cannot be 0. Duration in seconds.
timestamp Required String ISO 8601 UTC Date (yyyy-mm-ddThh:mm:ssZ) of when this information was computed. The API typically cache the Jackpot Information for 30 seconds.

The above information can be used to display static or animated jackpots. To create an animation, you should rely on the timestamp, increment_value, and increment_interval properties to compute a rate of change and a apply it to the jackpot value. You should also poll the API frequently to retrieve updates so the animate jackpot value does not drift too much. There is no need to poll the endpoint too frequently since the data is cached by the Kore API.

Chats

Get Active Chats

Get the list of active chats.

GET ~/v3/api/chats

curl -X GET 'http://example.com/v3/api/chats' \
--header 'X-Kore-ReturnUrl: http://www.example.com' \
--header 'Authorization: Bearer CfDJ8...' \
--header 'Content-Type: application/json'

var payload = { bonus_code: "BONUS_CODE" };
$.ajax({
  "url": "http://example.com/v3/api/chats",
  "method": "GET",
  "timeout": 0,
  "headers": {
    "X-Kore-ReturnUrl": "http://www.example.com",
    "Authorization": "Bearer CfDJ8...",
    "Content-Type": "application/json"
  }
};

HTTP Request

GET ~/v3/api/chats

   
HTTP Method GET
Path ~/v3/api/chats
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials
Rate Limiting 1 request per 10 seconds.

Success Response - No chats

{
  "chats": []
}

Success Response - One Chat Available

{
  "chats": [
    {
      "chat_id": "vXnkPsOhsWOqlOeskXQKN2vtdqV1JEqTEQqoDg+O56Ev4Lp8",
      "_actions": {
        "open_chat": { "href": "http://www.example.com/chat/", "method": "GET" }
      },
      "is_operator_initiated": true
    }
  ]
}

HTTP Response

The response returns an array of Active Chats. The array may be empty if there are none or it may contain one chat at most, since the API only return active chats. of polling this endpoint

Property Required? Type Description
chats Required Array of Chats Can be empty if there are none.

Chat

Property Required? Type Description
chat_id Required String Chat identifier.
_actions Required LinkCollection A link collection containing an open_chat action.
is_operator_initiated Required Boolean This is true for chat that need to be automatically opened, as initiated by the operator. It can be false for the chats that were opened by the player.

Referrals

The referrer is the person sharing a referral code and the referee is the person creating a new account and claiming the code. Both can claim bonuses when a referral is successful.

Get Player Referral

This endpoint is used to retrieve the referral code from a signed in player acting as a referrer.

GET ~/v3/api/referrals

curl -X GET -H "Content-Type: application/json" \
   -H "X-Kore-ReturnUrl: http://www.example.com/" \
   -H "Authorization: Bearer {player_token}" \
   "http://example.com/v3/api/referrals"

$.ajax({
  "url": "http://example.com/v3/api/referrals",
  "method": "GET",
  "headers": {
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {player_token}"
  }
});

Response:

{
  "referral": {
    "referral_code": "q8aaa",
    "referrer_bonus": {
      "currency": "USD",
      "amount": 2000,
      "exponent": 2
    },
    "referee_bonus": [
      {
        "currency": "USD",
        "amount": 2000,
        "exponent": 2
      }
    ]
  },
  "claim_status": {
    "unclaimed_referrals_count": 0,
    "amount_to_claim": {
      "currency": "USD",
      "amount": 0,
      "exponent": 2
    }
  }
}

HTTP Request

GET ~/v3/api/referrals

   
HTTP Method GET
Path ~/v3/api/referrals
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials
Rate Limits 100 requests per minute, 500 requests per 10 minutes, 1000 requests per hour.

HTTP Response

This endpoint returns a single referral object.

Property Required? Type Description
referral Mandatory Referral Return a referral object specific to the signed-in player.
claim_status Mandatory ReferralClaimStatus Status of referrer bonus claims for the signed-in player.
.

Referral Claim Status

This value represents the amount unclaimed referrer bonus that a player acting as a referrer can claim.

Every time a new player registers using the referrer’s referral code, the unclaimed_referrals_count is incremented by 1, and the amount_to_claim is incremented by the referrer_bonus amount.

Property Required? Type Description
unclaimed_referrals_count Mandatory Number Unsigned integer. Set to 0 if nothing to claim.
amount_to_claim Mandatory Money Total amount that can be claimed by the player. May be 0.

Get Referral Code Info

This endpoint is used to retrieve information about a referral code. It can be used to implement a referral page which can be used by referees.

GET ~/v3/api/referrals/{referral_code}

curl -X GET -H "Content-Type: application/json" \
   -H "X-Kore-ReturnUrl: http://www.example.com/" \
   -H "Authorization: Bearer {player_token}" \
   "http://example.com/v3/api/referrals/{referral_code}"

$.ajax({
  "url": "http://example.com/v3/api/referrals/{referral_code}",
  "method": "GET",
  "headers": {
    "x-kore-returnurl": "http://www.example.com/"
    "authorization" : "bearer {player_token}"
  }
});

Response:

{
  "referral": {
    "referral_code": "q8aaa",
    "referrer_bonus": {
      "currency": "USD",
      "amount": 2000,
      "exponent": 2
    },
    "referee_bonus": [
      {
        "currency": "USD",
        "amount": 2000,
        "exponent": 2
      },
      {
        "currency": "GBP",
        "amount": 2000,
        "exponent": 2
      },
      {
        "currency": "EUR",
        "amount": 2000,
        "exponent": 2
      }   
    ]
  },
  "locale": "en-US"
}

HTTP Request

GET ~/v3/api/referrals/{referral_code}

   
HTTP Method GET
Path ~/v3/api/referrals/{referral_code}
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type brand_public_credentials or player_credentials
Rate Limits 100 requests per minute, 500 requests per 10 minutes, 1500 requests per hour.

HTTP Response

This endpoint returns a single referral object.

Property Required? Type Description
referral Mandatory Referral Return a referral object specific to the referral code.
locale Mandatory String The locale of the referrer.

Claim Referral Bonus

This endpoint can be used by either the referrer of the referee to claim either the referrer bonus or the referee bonus.

HTTP Request

POST ~/v3/api/referrals/claim

   
HTTP Method POST
Path ~/v3/api/referrals/claim
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type player_credentials
Rate Limits 50 requests per minute, 250 requests per 10 minutes, 750 requests per hour.

POST ~/v3/api/referrals/claim

curl -X POST \
  http://example.com/v3/api/referrals/claim \
  -H "Authorization: Bearer {{access_token}" \
  -H "Content-Type: application/json" \
  -H "X-Kore-ReturnUrl: http://www.example.com/" \
  -d '{ \
    "claim_type": "referee", \
    "referral_code": "2qaaa" \   
  }'

var payload = {
    claim_type: "referee",
    referral_code: "2qaaa"   
}

$.ajax({
  "url": "http://example.com/v3/api/referrals/claim",
  "method": "POST",
  "headers": {
    "x-kore-returnurl": "http://www.example.com/",
    "authorization" : "bearer {{access_token}}",
    "Content-Type": "application/json"
  },
  "data": JSON.stringify(payload)
});

POST Parameters

The parameters must be sent as JSON.

Property Required? Type Description
claim_type Mandatory String Enum Either referrrer or referee.
referral_code Optional* String Mandatory for referee. Omitted for referrrer.

Response

{
  "referral": {
    "claim_type": "referee",
    "referral_code": "q8aaa",
    "bonus": {
      "currency": "USD",
      "amount": 2000,
      "exponent": 2
    }
  }
}

HTTP Response

If the claim is successful, the endpoint returns a response object. Otherwise, the endpoint may return an error such as referral_claim_exhausted or referral_claim_failed.

Property Required? Type Description
referral_code Mandatory String The referral code of the claim.
claim_type Mandatory String Enum Either referrrer or referee. Same as request.
bonus Mandatory Money The amount credited to the bonus balance.

Referral

Example of Referral

{
  "referral": {
    "referral_code": "q8aaa",
    "referrer_bonus": {
      "currency": "USD",
      "amount": 2000,
      "exponent": 2
    },
    "referee_bonus": [
      {
        "currency": "USD",
        "amount": 2000,
        "exponent": 2
      },
      {
        "currency": "GBP",
        "amount": 2000,
        "exponent": 2
      },
      {
        "currency": "EUR",
        "amount": 2000,
        "exponent": 2
      }   
    ]
  }
}

The Referral model type is shared by both the GET ~/v3/api/referrals and GET ~/v3/api/referrals/{referral_code} endpoints.

Property Required? Type Description
referral_code Mandatory String A short alphanumerical ASCII string.
referrer_bonus Mandatory Money The referrer’s bonus expressed in the referrer’s currency.
referee_bonus Mandatory An array of Money The referee’s bonus values expressed in all acceptable referee’s currencies.

.

SignalR Notifications

Connection

// Ensure you have a bearer token
assert(credential);

// Connect using Web Sockets
const notification_hub_connection = new HubConnectionBuilder()
    .withUrl("https://kore.example.com/v3/api/notifications", {
        skipNegotiation: true,
        transport: HttpTransportType.WebSockets,
        accessTokenFactory: () => credential
    })
    .withAutomaticReconnect()
    .build();

// Subscribe to closure notifications
notification_hub_connection.onclose(error => {
    console.info("Received WebSocket Closure Error Message");
    console.info(error);
});

// Subscribe to specific message from Kore
notification_hub_connection.on("message", notificationMessage => {
    // Do something
});

// Start connection
try { 
    await notification_hub_connection.start();
} catch (connection_error) { 
    console.error("Cannot start");
}

The menu can connect to the API using SignalR to receive live notifications.

Request

GET ~/v3/notifications

   
HTTP Method WebSocket - SignalR
Path ~/v3/api/notifications
Required Headers None. Headers not supported by WebSockets
Grant Type player_credentials

Query Parameters

Property Required? Type Description
access_token Required string The bearer token with a player_credentials grant type.

HTTP Response

In case of success the HTTP responses uses the HTTP Status 101 to switch to a WebSocket. SignalR may also negociate an alternate transport layer which is not documented here.

In case of error, the WebSocket/HubConnection returns an error event which may be mapped to a standard error object. When using SignalR the object is typically returned as a promise errors either when awaiting start() or invoke() methods.

Lifetime

SignalR provides an onclose() notification when the WebSocket / SignalR channel is closed permanently.

OperatorInitiatedChat

The OperatorInitiatedChat message is sent whenever the operator wishes to initiate a chat session with the player. The client should open and display the chat window (unless one is already opened).

Subscribe to notification

notification_hub_connection.on("OperatorInitiatedChat", notificationMessage => {
    // Do something
});

Summary

   
Message Name OperatorInitiatedChat
Grant Type player_credentials
Direction From Kore to Browser

OperatorInitiatedChatNotification message

{
    "chat_url": "http://www.example.com/chat/",
    "secure_chat_id": "vXnkPsOhsWOqlOeskXQKN2vtdqV1JEqTEQqoDg+O56Ev4Lp8"
}

Model

Property Required? Type Description
chat_url Required URL Template The URL to open the chat in the IFrame. It requires processing (see below).
secure_chat_id Required String An opaque string identifying the chat. The client can use this type to identify whether the chat was already opened.

The information returned by this message is similar to the operator_initiated_chats object returned by the GET ~/v3/api/chats endpoint, but it is in slightly different format.

UserLogout

The UserLogout message is sent whenever the player session becomes invalid. This occurs when the player explicitely signs out or signs in on a different browser/tab/device (single-sign-on).

Subscribe to notification

notification_hub_connection.on("UserLogout", notificationMessage => {
    // Do something
});

Summary

   
Message Name UserLogout
Grant Type player_credentials
Direction From Kore to Browser

UserLogout message

{}

Model

The UserLogout message is empty and contains no properties at present.

BalanceUpdate

The BalanceUpdate message is sent whenever there is a need to update the player’s balances.

Subscribe to notification

notification_hub_connection.on("BalanceUpdate", notificationMessage => {
    // Do something
});

Summary

   
Message Name BalanceUpdate
Grant Type player_credentials
Direction From Kore to Browser

BalanceUpdate message

{
"balance":{"currency":"ZAR","amount":960000,"exponent":2},
"cash_balance":{"currency":"ZAR","amount":0,"exponent":2},
"bonus_balance":null
}

Model

Property Required? Type Description
balance Required Money Balance of the user.
cash_balance Optional Money Cash balance of the user.
bonus_balance Optional Money Bonus balance of the user.

IFrame Support

The games from saucify, genii, and go support being run in IFrames on all supported browsers.

The blocking of third party cookies is also fully supported. Safari blocks third party cookies by default and Chrome is expected to do the same by 2022.

Hosting Requirements

Minimal implementation of hosting protocol

// Make sure we can receive requests from the iFrame
window.addEventListener("message", e => onMessage(e), false);

// Message handler
function onMessage(event: MessageEvent)
{
    // Validate message is from a trusted source (i.e. the iFrame)
    if (event.source !== iframe.contentWindow)
        return;

    // Handle protocol
    switch (event.data.message) {
        // [...]
    }
}

The parent window should size the IFrames appropriately so that the games can be played. We recommend that the smaller dimension (width or height) of the IFrame should be no smaller than 400 CSS pixel. IFrame dimensions which are less than 20 CSS pixels (and in particular 0), even for a short period of time, are not supported.

The parent window should detect when the IFrame navigates to the X-Kore-ReturnUrl URL. When this occurs, the parent window should redirect the top window to the URL instead of letting the IFrame navigation complete. This can be implemented by subscribing to the load event on the iframe element. You can see an example of this implementation in the GameFrame.onLoad() method of the Demo site.

The parent window must implement the IFrame protocol described below. The protocol makes use of objects exchanged via window.postMessage(). The requests are sent by the IFrame and received by the parent frame, and the responses are sent back to the IFrame. Not implementing the protocol leads to a degraded user experience, especially on browsers which block third party cookies. When implementing the protocol, it is very important to validate that the source of the message is indeed the game hosted in the iFrame (see GameFrame.tsx).

saveCookie

Request Save Cookie

{
  "message": "saveCookie",
  "payload": {
    "resolution": {
      "width": 1680,
      "height": 1050
    },
    "di": "cac05e36-0f4b-4e98-a2a2-09a4f821361b",
    "fx": {
      "muted": true,
      "volume": 1
    },
    "music": {
      "muted": true,
      "volume": 1
    }
  }
}

Request Delete Cookie

{
  "message": "saveCookie",
  "payload": null
}

The IFrame uses this request to ask the parent window to save some persistent information on its behalf. The parent window is free to choose any means to persist the payload. The demo site uses a dedicated cookie.

Request

Property Required? Type Description
message Required String Set to saveCookie
payload Required JavaScript Object The payload to store in a cookie. If the payload is null the cookie should be deleted.

Response

No response expected.

loadCookie

Request

{
  "message": "loadCookie"
}

Response (no cookie)

{
  "message": "loadCookieResponse",
  "payload": null
}

Response (cookie)

{
  "message": "loadCookieResponse",
  "payload": {
    "resolution": {
      "width": 1680,
      "height": 1050
    },
    "di": "cac05e36-0f4b-4e98-a2a2-09a4f821361b",
    "fx": {
      "muted": true,
      "volume": 1
    },
    "music": {
      "muted": true,
      "volume": 1
    }
  }
}

The IFrame uses this request to ask the window frame to load a previously saved cookie (via saveCookie).

Request

Property Required? Type Description
message Required String Set to loadCookie

Response

Property Required? Type Description
message Required String Set to loadCookieResponse
payload Required JavaScript Object The payload stored by a previous call to saveCookie, or null if nothing was saved.

openUrl

Request

{
  "message": "openUrl",
  "url": "https://www.example.com/cashier"
}

The iFrame uses this request to ask the parent window to open a URL as a top URL. This is used to open Cashier URLs for instance, as many deposit processors require cookies to be fully supported, and will not work on browsers that block third party cookies.

Request

Property Required? Type Description
message Required String Set to openUrl
url Required String The URL to open.

Response

No responses expected.

APK

Kore supports integration with an Android App. The App is side loaded as a signed APK. The download link is provided by the GET ~/v3/api/users endpoint.

In order to support push notifications, the menu shall notify the APK every time a player successfully signs in or signs out. This is done by calling specific methods on the window.app_v1 object exposed by the APK.

APK Tracking

The menu is not expected to perform any supporting task in order to perform integration between the Affiliate Tracking system and the APK.

The following section is purely informational and describes the affiliate tracking flow:

  1. Upon landing on the site, the menu provides a Tracking Context to the authentication endpoint. This may include a TrackingToken parameter associated to an affiliate campaign.
  2. The Kore API returns an authentication token and a tracking_id.
  3. The Kore API provides an apk_installer download link that includes the tracking_id as a query parameter.
  4. The download URL points to Branch IO. The tracking_id is appended as a query parameter.
  5. On first startup, the APK uses the Branch IO SDK to retrieve the tracking_id and stores it in persistent storage. On subsequent startups, the value is retrieved from persistent storage.
  6. On startup, the APK injects tracking_id into the menu URL, as a query parameter.
  7. The menu provides the url via the Tracking Context. The Kore API automatically extracts the tracking_id.
  8. The player registers and the tracking information from step 1 is retrieved, and the player is associated to the appopriate affiliate campaign.

app_v1

The APK exposes a app_v1 JavaScript object inside the window global object. The window.app_v1 object is used for communicating between the menu and the APK.

The object is versioned by the _v1 suffix. It is expected that if the protocol is updated in a way that breaks backward compatibility, we would expose an app_v2 object instead.

All parameters are passed as JSON objects.

onLogin

Whenever the menu performs a successful player sign in, the APK must be notified.

Notify APK after successful sign in

try {
    window.app_v1?.onLogin({email: "bob@example.com"});
} catch (err) {
    // TODO: Log error 
    console.error(err);    
}

Request

Property Required? Type Description
email Required String Email address of the player that just signed in.

onLogout

Whenever the menu performs a successful player sign out, the APK must be notified.

This call should follow a succesful use of the DELETE ~/v3/api/auth/player_credentials endpoint.

Notify APK after successful sign out

try {
    // CAUTION: Pass empty object below!
    window.app_v1?.onLogout({});
} catch (err) {
    // TODO: Log error 
    console.error(err);    
}

User Activity

Get Activity Summaries

This endpoint can be used to access user activity summaries which are compiled daily. Only activity summaries of completed days or the current day can be queried. Days start at 00:00 UTC and end at 23:59 UTC.

GET ~/v3/api/users/summaries?date=2018-12-25

curl -X GET -H "Content-Type: application/json"     \
   -H "Authorization: Bearer {privileged_token}"    \
   "http://example.com/v3/api/users/summaries?2018-12-25"

$.ajax({
  "url": "http://example.com/v3/api/users/summaries?2018-12-25",
  "method": "GET",
  "headers": {
    "authorization" : "bearer {privileged_token}"
  }
});

HTTP Request

GET ~/v3/api/summaries

   
HTTP Method GET
Path ~/v3/api/users/summaries
Required Headers Content-Type, Authorization
Grant Type brand_credentials or restricted_activity_subscriber

Query Parameters

Property Required? Type Description
date Required String UTC Date of the summary to access in yyyy-mm-dd format.

HTTP Response

Property Required? Type Description
summaries Required Array of Summary Returns an array of user activity summaries. The array may be empty.

Response (with single summary)

{
  "summaries": [
    {
      "date": "2018-09-11",
      "user_id": "H0NT92",
      "game_rounds_count": 1,
      "total_amount_wagered": {
        "cash": {
          "currency": "USD",
          "amount": 3000,
          "exponent": 2
        },
        "bonus": {
          "currency": "USD",
          "amount": 0,
          "exponent": 2
        }
      },
      "total_amount_paid": {
        "cash": {
          "currency": "USD",
          "amount": 5600,
          "exponent": 2
        },
        "bonus": {
          "currency": "USD",
          "amount": 0,
          "exponent": 2
        }
      },
      "total_amount_chargebacks": {
          "currency": "USD",
          "amount": 0,
          "exponent": 2
      },
      "has_historical_chargeback": false,      
      "total_progressive_contributions": {
          "currency": "USD",
          "decimal_amount": 3.5
      },
      "total_amount_deposited": {
        "currency": "USD",
        "amount": 0,
        "exponent": 2
      },
      "total_amount_withdrawn": {
        "currency": "USD",
        "amount": 20200,
        "exponent": 2
      },     
      "successful_deposits_count": 0,
      "_links": {
        "user": {
          "href": "https://example.com/v3/api/users/H0NT92",
          "method":"GET"
        },
        "user_games": {
          "href":"https://example.com/v3/api/users/H0NT92/games",
          "method":"GET"
        }
      }
    }
  ]
}

Summary

The Summary object returned by the GET ~/v3/api/summaries endpoint is a digest of one user’s activity over the course of a single day.

Property Required? Type Description
date Required String UTC date in yyyy-mm-dd format. Date of the summary.
user_id Required String System identifier for the user of the summary.
game_rounds_count Required Number Positive integer. Number of game rounds played by the user during the day.
total_amount_wagered Required BonusAndCash see below Total amount wagered in the games by the user during the day.
total_amount_paid Required BonusAndCash see below Total amount paid out by the games to the user during the day.
total_amount_deposited Required Money Total amount deposited by the user during the day.
total_amount_chargebacks Required Money Total amount of credit card chargebacks which occurred during the day.
has_historical_chargeback Required Boolean This flag is set to true if there is a charge back on the provided date or any day prior.
total_progressive_contributions Required DecimalMoney Total amount of contributions made to progressive games jackpots. The decimal type has a precision of up to 6 decimal places.
successful_deposits_count Required Number Positive integer. Number of successful deposits made by the user.
total_amount_withdrawn Required Money Total amount withdrawn by the user during the day. This can be negative. See comment below.
_links Required LinkCollection A link collection giving access to information about the user and its favorite games.

Bonus and Cash

The total_amount_wagered and total_amount_paid amounts are divided into cash and bonus components.

Property Required? Type Description
bonus Required Money The bonus monetary amount is linked to the application to a special bonus offer.
cash Required Money The cash monetary amount. 
"_links": {
  "user": {
    "href": "https://example.com/v3/api/users/H0NT92",
    "method":"GET"
  },
  "user_games": {
    "href":"https://example.com/v3/api/users/H0NT92/games",
    "method":"GET"
  }
}

For each summary the following API links are provided.

Link Required? Description
user Required Link to obtain information about the user.
user_games Required Link to obtain the user’s list of favorite games.

Get User Information

This endpoint can be used to retrieve user information about any of the brand players. It is the same endpoint that is used in browser to get user information about the current player. However the information returned is slightly different.

GET ~/v3/api/users/{user_id}

curl -X GET -H "Content-Type: application/json"     \
   -H "Authorization: Bearer {privileged_token}"    \
   "http://example.com/v3/api/users/{user_id}"

$.ajax({
  "url": "http://example.com/v3/api/users/{user_id}",
  "method": "GET",
  "headers": {
    "authorization" : "bearer {privileged_token}"
  }
});

HTTP Request

GET ~/v3/api/users/{user_id}

   
HTTP Method GET
Path ~/v3/api/users/{user_id}
Required Headers Content-Type, Authorization
Grant Type brand_credentials or restricted_activity_subscriber

Response:

{
  "user_id": "H0NT92",
  "registration_date": "2011-08-10T08:35:02Z",
  "profile": "VIP",
  "locale": "en-US",
  "country": "US",
  "my_affiliates_token": "track-me-not",
  "cash_balance": {
    "currency": "USD",
    "amount": 86405197,
    "exponent": 2
  },
  "bonus_balance": {
    "currency": "USD",
    "amount": 0,
    "exponent": 2
  },
  "mobile_phone": "+1 803 1234 1234",
  "email": "stevec@example.com",
  "firstname": "Steve",
  "lastname": "Courteney",
  "nickname": "StevieC",
  "has_deposited": true,
  "_links": {
    "_self": {
      "href": "https://example.com/v3/api/users/H0NT92",
      "method": "GET"
    },
    "games": {
      "href": "https://example.com/v3/api/users/H0NT92/games",
      "method": "GET"
    }
  }
}

HTTP Response

Property Required? Type Description
user_id Required String Unique identifier for the user.
registration_date Required String Registration date. The date uses ISO 8601 format and uses the UTC time zone.
profile Required User Profile The profile of the user.
locale Required String The preferred locale of the user.
country Optional** String The ISO 3166-1 alpha-2 country code for the user’s country of residence.
my_affiliates_token Optional String My Affiliates Click Token. This value is omitted if no such token has been assigned to the user.
cash_balance Required Money Cash balance of the user.
bonus_balance Required Money Bonus balance of the user.
mobile_phone Required* String The number of the user’s mobile phone. Absent for restricted_activity_subscriber.
email Required* String User’s email. Absent for restricted_activity_subscriber.
firstname Required* String User’s first name. Absent for restricted_activity_subscriber.
lastname Required* String User’s last name. Absent for restricted_activity_subscriber.
nickname Required* String User’s nickname. Absent for restricted_activity_subscriber.
has_deposited Required Boolean The boolean is true if the user has made at least one successful deposit.
_links Required LinkCollection Collection of links for the user.

Example of Links

"_links": {
  "_self": {
    "href": "https://example.com/v3/api/users/H0NT92",
    "method": "GET"
  },
  "games": {
    "href": "https://example.com/v3/api/users/H0NT92/games",
    "method": "GET"
  }
}

The following links are provided.

Link Required? Description
_self Required Link to obtain information about the user.
games Required Link to obtain the user’s list of favorite games.

User Profile

The following user profiles can be returned.

profile Description
Unverified Default profile for new players.
LowRoller Default profile for new Facebook players. Lower game defaults than Unverified.
Verified Trusted players. Operators choose when to set players to Verified, usually after a deposit. Verified players have more deposit options.
VIP High value players. Operators choose when to set players to VIP, usually after a high number of deposits. VIP players can make larger bets and have more deposit options.
Test For internal tests, not used by real players.

Get User Favorite Games

This endpoint can be used to retrieve the list of favorite games for a given user.

GET ~/v3/api/users/{user_id}/games

curl -X GET -H "Content-Type: application/json"     \
   -H "Authorization: Bearer {privileged_token}"    \
   "http://example.com/v3/api/users/{user_id}/games"

$.ajax({
  "url": "http://example.com/v3/api/users/{user_id}/games",
  "method": "GET",
  "headers": {
    "authorization" : "bearer {privileged_token}"
  }
});

HTTP Request

GET ~/v3/api/users/{user_id}/games

   
HTTP Method GET
Path ~/v3/api/users/{user_id}/games
Required Headers Content-Type, Authorization
Grant Type brand_credentials or restricted_activity_subscriber

Response

{
  "favorite_games": 
  [
    {
      "provider": "saucify",
      "name": "Midnight Racer",
      "category": "videoslots"
    },
    {
      "provider": "saucify",
      "name": "7 Chakras",
      "category": "videoslots"
    }
  ]
}

HTTP Response

Property Required? Type Description
favorite_games Required Array of Favorite Game An array of the user’s favorite game, sorted by decreasing order of importance. The array may be empty.

Favorite Game

Property Required? Type Description
provider Required String The value is saucify, genii, go, apollo, rival, betsoft, nucleus, ezugi, crucible, ebet, arrowsedge, originalspirit, freshdeck, evolution, pragmaticplay, betconstruct, bitville or pariplay. Name of the game provider.
name Required String Display name of the game. Non localized.
category Required String One of classicslots, videoslots,videopokers, tablegames or other.

Get New Registrations

This endpoint can be used to access the list of new users’ registrations for a given day.

GET ~/v3/api/registration?date=2018-12-25

curl -X GET -H "Content-Type: application/json"     \
   -H "Authorization: Bearer {privileged_token}"    \
   "http://example.com/v3/api/registration?2018-12-25"

$.ajax({
  "url": "http://example.com/v3/api/registration?2018-12-25",
  "method": "GET",
  "headers": {
    "authorization" : "bearer {privileged_token}"
  }
});

HTTP Request

GET ~/v3/api/registrations

   
HTTP Method GET
Path ~/v3/api/registrations
Required Headers Content-Type, Authorization
Grant Type brand_credentials or restricted_activity_subscriber

Query Parameters

Property Required? Type Description
date Required String UTC Date in yyyy-mm-dd format.

HTTP Response

The API only return the new registrations for the requested date.

Property Required? Type Description
registrations Required Array of Registration Returns an array of user’s registrations.

Response (with a single registration):

{
  "registrations": 
  [
    {
      "date": "2017-12-25T08:58:05Z",
      "user_id": "H0NT92",
      "locale": "en-US",
      "country": "US",
      "my_affiliates_token": "track-me-not",
      "_links": {
        "user": {
          "href": "https://example.com/v3/api/users/H0NT92",
          "method":"GET"
        },
        "user_games": {
          "href": "https://example.com/v3/api/users/H0NT92/games",
          "method":"GET"
        }
      }
    }
  ]
}

Registration

The Registration object returned in the GET ~/v3/api/summaries endpoint is a digest of one user’s activity over the course of a day.

Property Required? Type Description
date Required String Registration date. The date uses ISO 8601 format and uses the UTC time zone.
user_id Required String System identifier for the user.
locale Required String The preferred locale of the user.
country Optional String The ISO 3166-1 alpha-2 country code for the user’s country of residence.
my_affiliates_token Optional String My Affiliates Click Token. This value is omitted if no such token has been assigned to the registration.
_links Required LinkCollection A link collection giving access to information about the user and its favorite games.

Example of Links:

"_links": {
  "user": {
    "href": "https://example.com/v3/api/users/H0NT92",
    "method":"GET"
  },
  "user_games": {
    "href":"https://example.com/v3/api/users/H0NT92/games",
    "method":"GET"
  }
}

For each summary the following API links are provided.

Link Required? Description
user Required Link to obtain information about the user.
user_games Required Link to obtain the user’s list of favorite games.

Get Tracking Debug Info

This endpoint can be used to check the info attached to the tracking_id returned by the menu authentication endpoints.

It is only enabled on development and test environments to facilitate testing of the affiliate tracking features.

GET ~/v3/api/tracking/{tracking_id}

curl -X GET -H "Content-Type: application/json"     \
   -H "Authorization: Bearer {privileged_token}"    \
   "http://example.com/v3/api/tracking/{tracking_id}"

$.ajax({
  "url": "http://example.com/v3/api/tracking/{tracking_id}",
  "method": "GET",
  "headers": {
    "authorization" : "bearer {privileged_token}"
  }
});

HTTP Request

GET ~/v3/api/tracking/{tracking_id}

   
HTTP Method GET
Path ~/v3/api/tracking/{tracking_id}
Required Headers Content-Type, Authorization
Grant Type brand_credentials or tracking

HTTP Response

Response

{
    "brand": "SomeBrand",
    "locale": "en-US",
    "tracking_version": 3,
    "tracking_event_type": "MyAffliates",
    "tracking_id": "c82f55e6-3b94-454a-ba1c-7ad59f24afc8",
    "ip": "81.110.98.39",
    "created_date": "2022-02-15T12:49:45.603Z",
    "origin_url": "https://www.example.com/SomeBrand?TrackingToken=TrackMeNot",
    "tracking_token": "TrackMeNot",
    "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36"
}

The API only returns a tracking_not_found error if the tracking data cannot be found. Otherwise, the data is sent back as a tracking object.

The returned data was captured when the tracking was created and includes the corresponding tracking_id returned.

Property Required? Type Description
brand_id Mandatory String Brand identifier.
locale Mandatory String Locale of the player as requested by Kore API.
tracking_event_type Mandatory String (enum) Click or Download for First Party affiliate tracking, MyAffliates for MyAffiliates, or External otherwise.
tracking_version Mandatory Number (int) Typically version 3 for MyAffiliates or External tracking. 0 or 1 for the First Party affiliate system.
tracking_id Mandatory String GUID The same tracking_id as provided in the request.
ip Optional String IP v4 address of the player as captured.
created_date Mandatory String ISO 8601 date with mille-second precision in UTC time zone.
origin_url Optional String The URL of the menu as captured.
referrer_url Optional String The referrer URL (document.referrer) as captured.
campaign_key Optional String Campaign Key for the First Party affiliate system (version 0).
cid Optional String Campaign ID for the First Party affiliate system (version 1).
mid Optional String Media Key for the First Party affiliate system (version 1).
aid Optional String AID for the First Party affiliate system (version 2). Not used.
c_name Optional String CName for the First Party affiliate system (version 2). Not used.
r_name Optional String RName for the First Party affiliate system (version 2). Not used.
tracking_token Optional String Tracking Token used by MyAffiliates. (version 3).
user_agent Optional String The user agent of the player’s browser.

Signons

Get Signon Information

This endpoint can be used to retrieve information that applies to a given signon. A signon is unique for a given brand group. The same signon can be used for multiple users in the same brand group.

GET ~/v3/api/signons/{signon_id}

curl -X GET -H "Content-Type: application/json" \
   -H "Authorization: Bearer {signon_token}" \
   "http://example.com/v3/api/users/{user_id}"

$.ajax({
  "url": "http://example.com/v3/api/users/{user_id}",
  "method": "GET",
  "headers": {
    "authorization" : "bearer {signon_token}"
  }
});

HTTP Request

GET ~/v3/api/signons/{signon_id}

   
HTTP Method GET
Path ~/v3/api/signons/{signon_id}
Required Headers Content-Type, Authorization
Grant Type offline_signon

Response:

{
  "email": "bob@example.com",
  "signon_id": "HDoXY_ad9hY49pvy0v7QlQ",
  "loyalty": {
    "next_tier": "GenesysNewbie",
    "next_tier_points": 100,
    "next_tier_name": "Newbie",
    "tier_level": 1,
    "next_tier_level": 2,
    "tier_points": 0,
    "tier": "GenesysNewbie",
    "balance": 0,
    "tier_name": "Newbie"
  }
}

HTTP Response

Property Required? Type Description
email Required String The email address of the SignOn.
signon_id Required String The identifier of the Signon (sane as in the URL)
loyalty Required Loyalty A Loyalty object with extended properties.

ZAR Migration

Get Migration Status

GET ~/v3/api/migrations/{migration-id}

curl -X GET -H "Content-Type: application/json" \
   -H "X-Kore-ReturnUrl: http://www.example.com/" \
   -H "Authorization: Bearer {brand-token}" \
   "http://example.com/v3/api/migrations/{migration-id}"

$.ajax({
  "url": "http://example.com/v3/api/migrations/{migration-id}",
  "method": "GET",
  "headers": {
    "X-Kore-ReturnUrl": "http://www.example.com/",
    "Authorization": "Bearer {brand-token}",
    "Content-Type": "application/json"
  }
});

Response:

{
   "migration": {
       "status": "Available"
   }
}

This endpoint verifies whether a player can proceed with the ZAR migration.

HTTP Request

GET ~/v3/api/migrations/{migration-id}

   
HTTP Method GET
Path ~/v3/api/migrations/{migration-id}
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type brand_public_credentials

Query Parameters

Property Required? Type Description
migration-id Required String The migration ID returned by the migration outcome during login.

Response Properties

Property Required? Type Description
migration Required Object Contains migration information
migration.status Required String One of: Available, InProgress, Migrated, or NotAvailable

Here are the definitions for the statuses:

Another possible outcome is migration_not_found error, in case the player account is tagged as migrated but the information has not yet be imported. Under normal circumstances, this is unlikely to happen.

Errors

Error Code Description
invalid_request This may occur if the migration ID is malformed or required headers are missing.
invalid_credentials Invalid authorization credentials. This can be returned if the migration ID is not signed with the correct key or malformed.
migration_expired Migration ID from source brand is too old. The player must attempt to log in again to obtain a new migration ID.
migration_not_found Migration information not found in Migration DB.

Perform Migration

POST ~/v3/api/migrations/{migration-id}

curl -X POST -H "Content-Type: application/json" \
   -H "X-Kore-ReturnUrl: http://www.example.com/" \
   -H "Authorization: Bearer {brand-token}" \
   -d '{
     "player_info": {
       "identification": {
         "country": "ZA",
         "type": "Id",
         "number": "9007141234084"
       }
     },
     "play_mode": "Real",
     "device_id": "W4TifY3XvBP2ZftnrKZo",
     "password": "DontTellAnyone"
   }' \
   "http://example.com/v3/api/migrations/{migration-id}"

var payload = {
  "player_info": {
    "identification": {
      "country": "ZA", 
      "type": "Id",
      "number": "9007141234084"
    }
  },
  "play_mode": "Real",
  "device_id": "W4TifY3XvBP2ZftnrKZo",
  "password": "DontTellAnyone"
};

$.ajax({
  "url": "http://example.com/v3/api/migrations/{migration-id}",
  "method": "POST",
  "headers": {
    "X-Kore-ReturnUrl": "http://www.example.com/",
    "Authorization": "Bearer {brand-token}",
    "Content-Type": "application/json"
  },
  "data": JSON.stringify(payload)
});

Response:

{
  "migration": {
    "status": "Migrated"
  },
  "auth": {
    "grant_type": "player_credentials",
    "locale": "en-US",
    "tokens": [
      {
        "type": "Bearer",
        "expiration": "2020-07-12T08:08:41Z",
        "value": "CfDJ8KBChYue…"
      }
    ],
    "_links": {
      "user": {
        "href": "http://www.example.com/v3/api/users/{userid}",
        "method": "GET"
      },
      "logout": {
        "href": "http://www.example.com/v3/api/auth/player_credentials",
        "method": "POST"
      }
    }
  }
}

This endpoint handles the migration process by collecting the SA ID and new password for the account.

HTTP Request

POST ~/v3/api/migrations/{migration-id}

   
HTTP Method POST
Path ~/v3/api/migrations/{migration-id}
Required Headers X-Kore-ReturnUrl, Content-Type, Authorization
Grant Type brand_public_credentials

Query Parameters

Property Required? Type Description
migration-id Required String The migration ID returned by the migration outcome during login.

Request Parameters

Property Required? Type Description
player_info Required PlayerInfo A restricted player_info object containing only the identification property.
play_mode Required Enum String Either Real or Practice. Typically, Real is used.
password Required String New password following registration requirements (min: 8 characters, max: 20 characters)
device_id Optional String This value corresponds to the visitorId returned by the FingerprintJS Pro API. Max 20 characters.

Response Properties

Property Required? Type Description
migration Required Object Contains migration status
migration.status Required String Must be Migrated on success
auth Required PlayerTokenResponse A player authentication response

Errors

Error Code Description
invalid_request If the JSON body is malformed or any required headers are missing.
migration_completed The migration status is already set to Migrated; you cannot perform the migration more than once.
migration_not_available The player has already created an account; so the migration cannot be performed.
migration_failed Internal Kore error during migration. This errors occurred after the player account was created and during the migration process.
migration_not_found Migration information not found in Migration DB. This may occur briefly after the player account was tagged.

Version History

Version 3.35

Version 3.34

Version 3.33

Version 3.32

Version 3.31.4826

Version 3.31

Version 3.30

Version 3.29

Version 3.28

Version 3.27

Version 3.26

Version 3.25

Version 3.24.4436

Version 3.24

Version 3.23

This version of Kore introduces support for mobile phone verifications. They can now be implemented directly in the menu.

Version 3.22

This version of Kore adds native support for the player referrals API.

Version 3.21

Version 3.19

Version 3.18.4096

Version 3.18

Version 3.17

Version 3.16

Version 3.15

Version 3.14.3733

Version 3.14

Version 3.12

Version 3.11

Version 3.10

Version 3.9

Version 3.8

Version 3.7

Version 3.6

Version 3.5

Version 3.4

Version 3.2

Version 3.1

Added experimental support for offline_signon grant type.

Version 3

This is a major update of the API which breaks backward compatibility:

Most changes in this release affect the Authentication endpoints:

Version 2.10.2506

Version 2.10

Version 2.9

Version 2.8

Version 2.7.2272

Previous Name New Name
Atlantic City Blackjack 3 Seat Atlantic City Blackjack
European Blackjack 3 Seat European Blackjack
Single Deck Blackjack 1 Seat Single Deck Blackjack
Vegas Strip Blackjack 3 Seat Vegas Strip Blackjack
Previous Slug New Slug
sp-atlantic-city-blackjack mobile-sp-atlantic-city-blackjack
sp-european-blackjack mobile-sp-european-blackjack
sp-single-deck-blackjack mobile-sp-single-deck-blackjack
sp-vegas-strip-blackjack mobile-sp-vegas-strip-blackjack

Version 2.7.2204

Version 2.7.2192

Version 2.7.2173

Version 2.7.2165

Version 2.7.2162

Version 2.7

Version 2.6.1871

Version 2.6.1864

Version 2.6.1843

Version 2.6.1831

Version 2.6.1819

Version 2.6

Version 2.5

Version 2.4

Version 2.3

Version 2.2.1429

Version 2.2.1393

Version 2.2

Version 2.1

Version 2.0.1072

Added cash_balance and bonus_balance properties to the ~/v2/api/users/{userid} endpoint response. This change is limited the v2 version of the API.

Version 2.0

Version 2.0 is a non backward compatible version. As explained in the version policy you need to prefix the API with v2 to use the breaking changes. You may continue to use v1 in older code.

This documentation is only valid for the v2 version of the API, and usage of v1 is strongly discouraged.

Breaking Changes

These changes are only available to v2 API endpoints.

Backward Compatible Changes

These are changes added to both v1 and v2 endpoints.

Version 1.1

Version 1.0.666

Version 1.0.641

Version 1.0.629

Version 1.0.612

Version 1.0.604

Version 1.0

Version 0.7

Released on 2017-05-18

Version 0.6

Released on 2017-05-16

Version 0.5

Released on 2017-05-09

Version 0.4

Released on 2017-04-25

Version 0.3

Released on 2017-04-12

See Tracking Context to learn more about the affiliate tracking support.

Version 0.2

Released on 2017-03-14.

Most changes are about supporting refresh tokens in the API.

Version 0.1.340

Released on 2017-03-06.

Version 0.1.340 is the first public release of Kore.

shell javascript