diff --git a/API对接文档.md b/API对接文档.md index 11629fc..4811fa8 100644 --- a/API对接文档.md +++ b/API对接文档.md @@ -19,6 +19,7 @@ - **请求方法**:项目路由多数使用 `Route::any`,对接建议统一使用 **POST**(便于 body 传参);个别接口文档中标注了 GET 参数。 - **编码**:`UTF-8` - **Content-Type**:建议 `application/x-www-form-urlencoded` 或 `application/json`(以平台实际实现为准) +- **必带凭证**:所有 `/api/v1/*` 接口均需带 `api-key`(与服务端 `.env` 中 `API_KEY` 一致);除 `/api/v1/authToken` 外另需 `auth-token`。详见 §2.2。 ### 1.3 统一返回结构 @@ -127,7 +128,7 @@ signature = md5(agent_id + secret + time) - **路径**:`/api/v1/getGameUrl` - **方法**:POST -- **请求头**:`auth-token` +- **请求头**:`api-key`、`auth-token` - **说明**:根据平台用户名创建/登录玩家并生成登录 JWT,返回可直接打开的游戏地址。 #### 请求参数(body) @@ -155,7 +156,7 @@ signature = md5(agent_id + secret + time) - **路径**:`/api/v1/getPlayerInfo` - **方法**:POST -- **请求头**:`auth-token` +- **请求头**:`api-key`、`auth-token` #### 请求参数 @@ -171,7 +172,7 @@ signature = md5(agent_id + secret + time) - **路径**:`/api/v1/getPlayerGameRecord` - **方法**:POST -- **请求头**:`auth-token` +- **请求头**:`api-key`、`auth-token` #### 请求参数 @@ -192,7 +193,7 @@ signature = md5(agent_id + secret + time) - **路径**:`/api/v1/getPlayerWalletRecord` - **方法**:POST -- **请求头**:`auth-token` +- **请求头**:`api-key`、`auth-token` 参数与时间规则同 3.3(无 `page`,仅 `limit` 限制条数),返回钱包流水列表(附带 `dice_player`)。 @@ -200,7 +201,7 @@ signature = md5(agent_id + secret + time) - **路径**:`/api/v1/getPlayerTicketRecord` - **方法**:POST -- **请求头**:`auth-token` +- **请求头**:`api-key`、`auth-token` 参数与时间规则同 3.3,返回中奖券记录列表(附带 `dice_player`)。 @@ -208,7 +209,7 @@ signature = md5(agent_id + secret + time) - **路径**:`/api/v1/setPlayerWallet` - **方法**:POST -- **请求头**:`auth-token` +- **请求头**:`api-key`、`auth-token` - **说明**:平台为玩家加币/扣币,生成钱包流水。 #### 请求参数 @@ -267,9 +268,9 @@ signature = md5(agent_id + secret + time) | --- | --- | --- | | 200 | 成功 | 请求成功 | | 400 | 请求参数错误 | 缺参、参数格式不合法、范围错误 | -| 401 | 未授权 | 未携带 `auth-token` 或 `token` | +| 401 | 未授权 | 未携带 `api-key`、`auth-token` 或 `token` | | 402 | token 无效或已过期 | `auth-token/token` 过期、签名错误、被挤下线等 | -| 403 | 鉴权失败 | `secret` 错误、签名验证失败、时间戳无效等 | +| 403 | 鉴权失败 | `api-key` 无效、`secret` 错误、签名验证失败、时间戳无效等 | | 404 | 资源不存在 | 用户不存在等 | | 422 | 业务逻辑错误 | 余额不足、业务校验失败等 | | 500 | 服务器内部错误 | 服务端异常或配置缺失 | diff --git a/README.md b/README.md index 2d29ad6..b279a64 100644 --- a/README.md +++ b/README.md @@ -128,7 +128,7 @@ | 文档 | 内容 | | --- | --- | -| [`API对接文档.md`](API对接文档.md) | 平台 `/api/v1/*`(`auth-token`)、玩家 `/api/*`(`token`)、统一返回码、联调建议。 | +| [`API对接文档.md`](API对接文档.md) | 平台 `/api/v1/*`(`api-key` + `auth-token`)、玩家 `/api/*`(`token`)、统一返回码、联调建议。 | | `server/docs/` | 性能、权重测试、出点分析等专项说明(按需阅读)。 | **与玩法直接相关的玩家接口示例**: diff --git a/server/docs/DICEY_FUN_THIRD_PARTY_ACCESS.md b/server/docs/DICEY_FUN_THIRD_PARTY_ACCESS.md index d9d1dfd..387dbd7 100644 --- a/server/docs/DICEY_FUN_THIRD_PARTY_ACCESS.md +++ b/server/docs/DICEY_FUN_THIRD_PARTY_ACCESS.md @@ -26,7 +26,12 @@ - 请求头统一: - `Content-Type: application/json` - `Accept: application/json` + - `api-key: {api_key}`(**所有 `/api/v1/*` 必传**,与服务端 `.env` 中 `API_KEY` 一致) - `auth-token: {authtoken}`(除 `/api/v1/authToken` 外必传) +- `api-key` 携带方式(任选其一,按优先级读取,先命中即采用): + 1. 请求头 `api-key`(**推荐**) + 2. URL 查询参数 `api_key`(或 `api-key`) + 3. body 表单/JSON 字段 `api_key`(或 `api-key`) - 时间相关参数统一使用 Unix 时间戳(秒) - 建议所有请求设置超时:连接超时 `3s`,读取超时 `10s` - 生产环境建议增加调用方 IP 白名单和重试退避机制(避免瞬时重试风暴) @@ -53,9 +58,9 @@ 常见错误码: - `400` 参数错误 -- `401` 未携带 token +- `401` 未携带 `api-key`、`auth-token` 或 `token` - `402` token 无效或过期 -- `403` 签名或鉴权失败 +- `403` `api-key` 无效、签名或鉴权失败 - `404` 资源不存在 - `422` 业务错误(如余额不足) - `500` 服务端异常 @@ -64,11 +69,18 @@ ## 4. 鉴权流程(平台级) +平台级凭证分两层: + +- **`api-key`**:所有 `/api/v1/*` 接口必传,与服务端 `.env` 中 `API_KEY` 一致;可通过请求头、query、body 任一方式携带(详见 §2.1)。 +- **`auth-token`**:业务接口(除 `/api/v1/authToken` 外)必传,由 `/api/v1/authToken` 颁发。 + `/api/v1/*` 接口调用前,先获取 `auth-token`。 ### 4.1 获取 auth-token - 路径: `GET /api/v1/authToken` +- Header: + - `api-key: {api_key}`(必传,与服务端 `.env` 中 `API_KEY` 一致) - 鉴权参数(Query): - `agent_id`:代理标识(商户标识) - `secret`:双方约定密钥 @@ -113,11 +125,12 @@ const signature = crypto.createHash('md5').update(agentId + secret + time).diges 服务端校验逻辑(关键点): +- `api-key` 缺失即失败(`401`),与 `.env` 中 `API_KEY` 不一致即失败(`403`) - `agent_id/secret/time/signature` 任一缺失即失败(`400`) - `secret` 不匹配即失败(`403`) - `time` 超出容差窗口即失败(`403`,默认容差 `300s`) - `signature` 校验失败即失败(`403`) -- 校验通过后颁发 `authtoken`,后续请求必须放在 Header `auth-token` +- 校验通过后颁发 `authtoken`,后续请求必须放在 Header `auth-token`(同时仍需带 `api-key`) 防重放与时间同步建议: @@ -140,14 +153,15 @@ const signature = crypto.createHash('md5').update(agentId + secret + time).diges 后续调用 `/api/v1/*` 时,请在 Header 携带: ```text +api-key: {api_key} auth-token: {authtoken} ``` ### 4.2 完整调用链(推荐) 1. 计算 `signature = md5(agent_id + secret + time)` -2. 调用 `GET /api/v1/authToken` 获取 `authtoken` -3. 在 Header 添加 `auth-token: {authtoken}` +2. 调用 `GET /api/v1/authToken`(Header 携带 `api-key`)获取 `authtoken` +3. 在 Header 添加 `api-key: {api_key}` 与 `auth-token: {authtoken}` 4. 调用业务接口(如 `getPlayerInfo`、`setPlayerWallet`、`getGameUrl`、`getPlayerGameRecord`、`getPlayerWalletRecord`、`getPlayerTicketRecord`) 5. 若返回 `402`,重新获取 `authtoken` 后重试一次 @@ -155,12 +169,13 @@ auth-token: {authtoken} ## 5. 游戏相关接口 -以下接口均需 Header: `auth-token`。 +以下接口均需 Header:`api-key` + `auth-token`(`api-key` 也可放 query/body,参见 §2.1)。 ## 5.1 获取游戏列表(已支持) - 路径: `POST /api/v1/getGameList` - Header: + - `api-key: {api_key}` - `auth-token: {authtoken}` - Body 参数: - `lang`(可选):`zh`/`en`,默认 `zh` @@ -240,6 +255,7 @@ auth-token: {authtoken} - 路径: `POST /api/v1/getGameHall` - Header: + - `api-key: {api_key}` - `auth-token: {authtoken}` - Body 参数: - `lang`(可选):`zh`/`en`,默认 `zh` @@ -316,6 +332,9 @@ auth-token: {authtoken} ## 5.3 获取某个游戏地址(已支持) - 路径: `POST /api/v1/getGameUrl` +- Header: + - `api-key: {api_key}` + - `auth-token: {authtoken}` - Body 参数: - `username`(必填):玩家账号(不存在会自动创建) - `password`(可选):默认 `123456` @@ -349,6 +368,7 @@ auth-token: {authtoken} - 路径: `POST /api/v1/getPlayerGameRecord` - Header: + - `api-key: {api_key}` - `auth-token: {authtoken}` - Body 参数: - `username`(可选):玩家账号;不传则**不按玩家筛选**(返回库内符合条件的记录,请谨慎使用) @@ -396,7 +416,7 @@ auth-token: {authtoken} ## 7. 钱包相关接口 -以下接口均需 Header: `auth-token`。 +以下接口均需 Header:`api-key` + `auth-token`(`api-key` 也可放 query/body,参见 §2.1)。 ### 7.1 查询余额(已支持) @@ -430,6 +450,7 @@ auth-token: {authtoken} - 路径: `POST /api/v1/getPlayerWalletRecord` - Header: + - `api-key: {api_key}` - `auth-token: {authtoken}` - Body 参数: - `username`(可选):玩家账号;不传则**不按玩家筛选** @@ -445,6 +466,7 @@ auth-token: {authtoken} - 路径: `POST /api/v1/getPlayerTicketRecord` - Header: + - `api-key: {api_key}` - `auth-token: {authtoken}` - Body 参数:与 **7.4** 相同(`username`、`start_create_time`、`end_create_time`、`limit`) - 返回说明: @@ -462,7 +484,8 @@ auth-token: {authtoken} - `provider`:`Dicey Fun` - `provider_code`:`DF` - `agent_id`:`5ef059938ba799aaa845e1c2e8a762bd` -- `secret`:签名密钥(双方约定) +- `secret`:签名密钥(双方约定,对应服务端 `.env` 中 `API_AUTH_TOKEN_SECRET`) +- `api_key`:所有 `/api/v1/*` 请求必传的 `api-key`(对应服务端 `.env` 中 `API_KEY`) - `agent_token`:`[我来填]`(如需额外业务层 token) - `game_url`:游戏前端域名/地址 - `lobby_url`:大厅地址(可选) @@ -482,8 +505,8 @@ auth-token: {authtoken} ## 10. 对接时序(建议) -1. 平台分配 `agent_id`、`secret` -2. 第三方调用 `/api/v1/authToken` 获取 `authtoken` +1. 平台分配 `agent_id`、`secret`、`api_key` +2. 第三方调用 `/api/v1/authToken`(Header 携带 `api-key`)获取 `authtoken` 3. 第三方调用 `/api/v1/getGameHall` 或 `/api/v1/getGameList` 获取大厅/游戏信息 4. 第三方调用 `/api/v1/getPlayerInfo`(可选,检查用户与余额) 5. 第三方调用 `/api/v1/setPlayerWallet` 进行额度转入(如有) @@ -498,7 +521,8 @@ auth-token: {authtoken} ### 11.1 获取 auth-token ```bash -curl --location --request GET 'https://{your-domain}/api/v1/authToken?agent_id={agent_id}&secret={secret}&time={time}&signature={signature}' +curl --location --request GET 'https://{your-domain}/api/v1/authToken?agent_id={agent_id}&secret={secret}&time={time}&signature={signature}' \ +--header 'api-key: {api_key}' ``` 建议在接入测试时,先本地打印以下值再发请求,便于排查: @@ -514,6 +538,7 @@ curl --location --request GET 'https://{your-domain}/api/v1/authToken?agent_id={ ```bash curl --location --request POST 'https://{your-domain}/api/v1/getGameUrl' \ --header 'Content-Type: application/json' \ +--header 'api-key: {api_key}' \ --header 'auth-token: {authtoken}' \ --data-raw '{ "username":"test_player_001", @@ -526,6 +551,7 @@ curl --location --request POST 'https://{your-domain}/api/v1/getGameUrl' \ ```bash curl --location --request POST 'https://{your-domain}/api/v1/getGameList' \ --header 'Content-Type: application/json' \ +--header 'api-key: {api_key}' \ --header 'auth-token: {authtoken}' \ --data-raw '{ "lang":"zh" @@ -537,6 +563,7 @@ curl --location --request POST 'https://{your-domain}/api/v1/getGameList' \ ```bash curl --location --request POST 'https://{your-domain}/api/v1/getGameList' \ --header 'Content-Type: application/json' \ +--header 'api-key: {api_key}' \ --header 'auth-token: {authtoken}' \ --data-raw '{ "lang":"en" @@ -548,6 +575,7 @@ curl --location --request POST 'https://{your-domain}/api/v1/getGameList' \ ```bash curl --location --request POST 'https://{your-domain}/api/v1/getGameHall' \ --header 'Content-Type: application/json' \ +--header 'api-key: {api_key}' \ --header 'auth-token: {authtoken}' \ --data-raw '{ "lang":"zh" @@ -559,6 +587,7 @@ curl --location --request POST 'https://{your-domain}/api/v1/getGameHall' \ ```bash curl --location --request POST 'https://{your-domain}/api/v1/setPlayerWallet' \ --header 'Content-Type: application/json' \ +--header 'api-key: {api_key}' \ --header 'auth-token: {authtoken}' \ --data-raw '{ "username":"test_player_001", @@ -571,6 +600,7 @@ curl --location --request POST 'https://{your-domain}/api/v1/setPlayerWallet' \ ```bash curl --location --request POST 'https://{your-domain}/api/v1/getPlayerInfo' \ --header 'Content-Type: application/json' \ +--header 'api-key: {api_key}' \ --header 'auth-token: {authtoken}' \ --data-raw '{ "username":"test_player_001" @@ -582,6 +612,7 @@ curl --location --request POST 'https://{your-domain}/api/v1/getPlayerInfo' \ ```bash curl --location --request POST 'https://{your-domain}/api/v1/getPlayerGameRecord' \ --header 'Content-Type: application/json' \ +--header 'api-key: {api_key}' \ --header 'auth-token: {authtoken}' \ --data-raw '{ "username":"test_player_001", @@ -594,6 +625,7 @@ curl --location --request POST 'https://{your-domain}/api/v1/getPlayerGameRecord ```bash curl --location --request POST 'https://{your-domain}/api/v1/getPlayerWalletRecord' \ --header 'Content-Type: application/json' \ +--header 'api-key: {api_key}' \ --header 'auth-token: {authtoken}' \ --data-raw '{ "username":"test_player_001", @@ -606,6 +638,7 @@ curl --location --request POST 'https://{your-domain}/api/v1/getPlayerWalletReco ```bash curl --location --request POST 'https://{your-domain}/api/v1/getPlayerTicketRecord' \ --header 'Content-Type: application/json' \ +--header 'api-key: {api_key}' \ --header 'auth-token: {authtoken}' \ --data-raw '{ "username":"test_player_001", diff --git a/server/docs/DICEY_FUN_THIRD_PARTY_ACCESS_EN.md b/server/docs/DICEY_FUN_THIRD_PARTY_ACCESS_EN.md index 059c881..49b054e 100644 --- a/server/docs/DICEY_FUN_THIRD_PARTY_ACCESS_EN.md +++ b/server/docs/DICEY_FUN_THIRD_PARTY_ACCESS_EN.md @@ -26,7 +26,12 @@ - Unified headers: - `Content-Type: application/json` - `Accept: application/json` + - `api-key: {api_key}` (**Required for ALL `/api/v1/*` endpoints**, must match `API_KEY` in server `.env`) - `auth-token: {authtoken}` (Required for all endpoints except `/api/v1/authToken`) +- `api-key` may be supplied in any of the following ways (read in priority order, first non-empty wins): + 1. HTTP header `api-key` (**recommended**) + 2. Query string `api_key` (or `api-key`) + 3. Body form/JSON field `api_key` (or `api-key`) - All time-related parameters use Unix timestamps (seconds) - Recommended timeouts: connect timeout `3s`, read timeout `10s` - Production recommendation: add caller IP whitelist and retry backoff (to avoid burst retry storms) @@ -53,9 +58,9 @@ Notes: Common error codes: - `400` Invalid parameters -- `401` Missing token +- `401` Missing `api-key`, `auth-token` or `token` - `402` Token invalid or expired -- `403` Signature or authentication failed +- `403` Invalid `api-key`, signature or authentication failed - `404` Resource not found - `422` Business error (e.g., insufficient balance) - `500` Server exception @@ -64,11 +69,18 @@ Common error codes: ## 4. Authentication Flow (Platform Level) +Two layers of platform-level credentials: + +- **`api-key`**: Required for ALL `/api/v1/*` endpoints, must match `API_KEY` in server `.env`. May be sent in header, query, or body (see §2.1). +- **`auth-token`**: Required for business endpoints (i.e., everything except `/api/v1/authToken`); obtained from `/api/v1/authToken`. + Before calling any `/api/v1/*` endpoint, obtain an `auth-token` first. ### 4.1 Get auth-token - Path: `GET /api/v1/authToken` +- Header: + - `api-key: {api_key}` (Required, must match `API_KEY` in server `.env`) - Auth parameters (Query): - `agent_id`: Agent identifier (merchant identifier) - `secret`: Shared secret agreed by both parties @@ -113,11 +125,12 @@ const signature = crypto.createHash('md5').update(agentId + secret + time).diges Server-side validation logic (key points): +- Missing `api-key` => fail (`401`); `api-key` not equal to `.env` `API_KEY` => fail (`403`) - Missing any of `agent_id/secret/time/signature` => fail (`400`) - `secret` mismatch => fail (`403`) - `time` outside tolerance window => fail (`403`, default tolerance `300s`) - `signature` mismatch => fail (`403`) -- If validated, the server issues `authtoken`; subsequent requests must include it in the `auth-token` header +- If validated, the server issues `authtoken`; subsequent requests must include it in the `auth-token` header (and still carry `api-key`) Anti-replay and time sync recommendations: @@ -137,17 +150,18 @@ Success response example: } ``` -For subsequent calls to `/api/v1/*`, include the following header: +For subsequent calls to `/api/v1/*`, include the following headers: ```text +api-key: {api_key} auth-token: {authtoken} ``` ### 4.2 Full Call Chain (Recommended) 1. Compute `signature = md5(agent_id + secret + time)` -2. Call `GET /api/v1/authToken` to obtain `authtoken` -3. Add header `auth-token: {authtoken}` +2. Call `GET /api/v1/authToken` (Header `api-key`) to obtain `authtoken` +3. Add headers `api-key: {api_key}` and `auth-token: {authtoken}` 4. Call business endpoints (e.g., `getPlayerInfo`, `setPlayerWallet`, `getGameUrl`, `getPlayerGameRecord`, `getPlayerWalletRecord`, `getPlayerTicketRecord`) 5. If `402` is returned, re-fetch `authtoken` and retry once @@ -155,12 +169,13 @@ auth-token: {authtoken} ## 5. Game APIs -All endpoints below require the `auth-token` header. +All endpoints below require headers `api-key` + `auth-token` (`api-key` may also be sent via query/body, see §2.1). ## 5.1 Get Game List (Supported) - Path: `POST /api/v1/getGameList` - Header: + - `api-key: {api_key}` - `auth-token: {authtoken}` - Body parameters: - `lang` (optional): `zh`/`en`, default `zh` @@ -240,6 +255,7 @@ Success example (`lang=en`): - Path: `POST /api/v1/getGameHall` - Header: + - `api-key: {api_key}` - `auth-token: {authtoken}` - Body parameters: - `lang` (optional): `zh`/`en`, default `zh` @@ -316,6 +332,9 @@ Success example (`lang=en`): ## 5.3 Get Game URL (Supported) - Path: `POST /api/v1/getGameUrl` +- Header: + - `api-key: {api_key}` + - `auth-token: {authtoken}` - Body parameters: - `username` (required): Player username (auto-created if not exists) - `password` (optional): default `123456` @@ -349,6 +368,7 @@ An independent endpoint is provided: `POST /api/v1/getGameList`, supporting both - Path: `POST /api/v1/getPlayerGameRecord` - Header: + - `api-key: {api_key}` - `auth-token: {authtoken}` - Body parameters: - `username` (optional): Player username; if omitted, **no player filter** is applied (returns matching rows from the database—use with care) @@ -396,7 +416,7 @@ This update introduces a game management table and menu to centrally manage basi ## 7. Wallet APIs -All endpoints below require the `auth-token` header. +All endpoints below require headers `api-key` + `auth-token` (`api-key` may also be sent via query/body, see §2.1). ### 7.1 Query Balance (Supported) @@ -430,6 +450,7 @@ If the integrator’s wallet flow requires “return lobby URL after transfer” - Path: `POST /api/v1/getPlayerWalletRecord` - Header: + - `api-key: {api_key}` - `auth-token: {authtoken}` - Body parameters: - `username` (optional): Player username; if omitted, **no player filter** is applied @@ -445,6 +466,7 @@ If the integrator’s wallet flow requires “return lobby URL after transfer” - Path: `POST /api/v1/getPlayerTicketRecord` - Header: + - `api-key: {api_key}` - `auth-token: {authtoken}` - Body parameters: Same as **7.4** (`username`, `start_create_time`, `end_create_time`, `limit`) - Response notes: @@ -462,7 +484,8 @@ It is recommended to configure the following fields in the integration parameter - `provider`: `Dicey Fun` - `provider_code`: `DF` - `agent_id`: `5ef059938ba799aaa845e1c2e8a762bd` -- `secret`: Signature secret (shared by both parties) +- `secret`: Signature secret (shared by both parties, maps to server `.env` `API_AUTH_TOKEN_SECRET`) +- `api_key`: The `api-key` required by every `/api/v1/*` request (maps to server `.env` `API_KEY`) - `agent_token`: `[to be filled by us]` (if an additional business-layer token is needed) - `game_url`: Game frontend domain/URL - `lobby_url`: Lobby URL (optional) @@ -482,8 +505,8 @@ It is recommended to configure the following fields in the integration parameter ## 10. Integration Sequence (Recommended) -1. Platform assigns `agent_id` and `secret` -2. Third party calls `/api/v1/authToken` to obtain `authtoken` +1. Platform assigns `agent_id`, `secret` and `api_key` +2. Third party calls `/api/v1/authToken` (with header `api-key`) to obtain `authtoken` 3. Third party calls `/api/v1/getGameHall` or `/api/v1/getGameList` to obtain lobby/game info 4. Third party calls `/api/v1/getPlayerInfo` (optional, check user and balance) 5. Third party calls `/api/v1/setPlayerWallet` to credit in (if applicable) @@ -498,7 +521,8 @@ It is recommended to configure the following fields in the integration parameter ### 11.1 Get auth-token ```bash -curl --location --request GET 'https://{your-domain}/api/v1/authToken?agent_id={agent_id}&secret={secret}&time={time}&signature={signature}' +curl --location --request GET 'https://{your-domain}/api/v1/authToken?agent_id={agent_id}&secret={secret}&time={time}&signature={signature}' \ +--header 'api-key: {api_key}' ``` During integration testing, it is recommended to print the following values locally before sending the request to ease troubleshooting: @@ -514,6 +538,7 @@ During integration testing, it is recommended to print the following values loca ```bash curl --location --request POST 'https://{your-domain}/api/v1/getGameUrl' \ --header 'Content-Type: application/json' \ +--header 'api-key: {api_key}' \ --header 'auth-token: {authtoken}' \ --data-raw '{ "username":"test_player_001", @@ -526,6 +551,7 @@ curl --location --request POST 'https://{your-domain}/api/v1/getGameUrl' \ ```bash curl --location --request POST 'https://{your-domain}/api/v1/getGameList' \ --header 'Content-Type: application/json' \ +--header 'api-key: {api_key}' \ --header 'auth-token: {authtoken}' \ --data-raw '{ "lang":"zh" @@ -537,6 +563,7 @@ curl --location --request POST 'https://{your-domain}/api/v1/getGameList' \ ```bash curl --location --request POST 'https://{your-domain}/api/v1/getGameList' \ --header 'Content-Type: application/json' \ +--header 'api-key: {api_key}' \ --header 'auth-token: {authtoken}' \ --data-raw '{ "lang":"en" @@ -548,6 +575,7 @@ curl --location --request POST 'https://{your-domain}/api/v1/getGameList' \ ```bash curl --location --request POST 'https://{your-domain}/api/v1/getGameHall' \ --header 'Content-Type: application/json' \ +--header 'api-key: {api_key}' \ --header 'auth-token: {authtoken}' \ --data-raw '{ "lang":"zh" @@ -559,6 +587,7 @@ curl --location --request POST 'https://{your-domain}/api/v1/getGameHall' \ ```bash curl --location --request POST 'https://{your-domain}/api/v1/setPlayerWallet' \ --header 'Content-Type: application/json' \ +--header 'api-key: {api_key}' \ --header 'auth-token: {authtoken}' \ --data-raw '{ "username":"test_player_001", @@ -571,6 +600,7 @@ curl --location --request POST 'https://{your-domain}/api/v1/setPlayerWallet' \ ```bash curl --location --request POST 'https://{your-domain}/api/v1/getPlayerInfo' \ --header 'Content-Type: application/json' \ +--header 'api-key: {api_key}' \ --header 'auth-token: {authtoken}' \ --data-raw '{ "username":"test_player_001" @@ -582,6 +612,7 @@ curl --location --request POST 'https://{your-domain}/api/v1/getPlayerInfo' \ ```bash curl --location --request POST 'https://{your-domain}/api/v1/getPlayerGameRecord' \ --header 'Content-Type: application/json' \ +--header 'api-key: {api_key}' \ --header 'auth-token: {authtoken}' \ --data-raw '{ "username":"test_player_001", @@ -594,6 +625,7 @@ curl --location --request POST 'https://{your-domain}/api/v1/getPlayerGameRecord ```bash curl --location --request POST 'https://{your-domain}/api/v1/getPlayerWalletRecord' \ --header 'Content-Type: application/json' \ +--header 'api-key: {api_key}' \ --header 'auth-token: {authtoken}' \ --data-raw '{ "username":"test_player_001", @@ -606,6 +638,7 @@ curl --location --request POST 'https://{your-domain}/api/v1/getPlayerWalletReco ```bash curl --location --request POST 'https://{your-domain}/api/v1/getPlayerTicketRecord' \ --header 'Content-Type: application/json' \ +--header 'api-key: {api_key}' \ --header 'auth-token: {authtoken}' \ --data-raw '{ "username":"test_player_001",