Skip to main content

Game Platform Integration

The Game Platform Integration APIs provide internal access for game systems to integrate with tournament functionality, manage real-time gameplay, and handle player connections. These APIs enable seamless communication between the Tournament System and Game Platform.

Overview

Game Platform Integration focuses on internal APIs that enable game systems to:
  • Retrieve tournament configurations and player lists
  • Validate JWT tokens for player authentication
  • Create and manage game rooms for tournaments
  • Report real-time events via SQS messaging
  • Handle tournament state synchronization
Integration Pattern: Tournament System ↔ Game Platform via internal APIs with internal API key authentication.

API Categories

Internal APIs

Tournament configuration, player lists, and status synchronization.

JWT Authentication

Player token validation and session management for game access.

Room Management

Game room creation, player connections, and session handling.

Real-time Communication

PostMessage events, WebSocket connections, and UI integration.

Authentication Model

All Game Platform Integration APIs use internal API keys for server-to-server authentication: 
GET /internal/tournaments/12345/config
Authorization: Bearer {internal-api-key}

Internal API Key Authentication

  • Server-to-Server: Only for backend Game Platform services
  • High Privileges: Access to all tournament data and operations
  • Rate Limiting: Higher limits for internal system communication
  • Monitoring: All internal API usage tracked and logged

Core Integration Flows

1. Tournament Configuration Exchange

1

Retrieve Tournament Config

Game Platform fetches tournament settings via GET /internal/tournaments/{id}/config
2

Get Player List

Load registered players via GET /internal/tournaments/{id}/players
3

Monitor Tournament Status

Check tournament state via GET /internal/tournaments/{id}/status
4

Create Game Room

Initialize game room with tournament configuration and player data

2. Player Authentication & Connection

1

Receive JWT Token

Player connects with JWT token received from Casino System registration
2

Validate Token

Game Platform validates token via POST /internal/auth/validate-token
3

Connect to Room

Authenticated player joins tournament game room
4

Sync Player State

Load player progress and tournament position

3. Real-time Event Reporting

Tournament Events sent to AWS SQS:
  • room.tournament.started - Tournament begins in game room
  • room.tournament.completed - Tournament finishes with results
  • player.score.updated - Real-time player score changes
  • room.player.connected - Player joins game room
  • room.player.disconnected - Player leaves game room

Data Flow Architecture

Communication Patterns

  • Game Platform → Tournament System: Internal APIs for config and status
  • Tournament System → Game Platform: Configuration responses and validation
  • Game Platform → Event System: SQS events for external notifications
  • Game Platform → Casino UI: postMessage for real-time UI updates

API Endpoints Overview

Tournament Configuration

GET /internal/tournaments/{id}/config        # Get tournament configuration
GET /internal/tournaments/{id}/players       # Get registered players
GET /internal/tournaments/{id}/status        # Get current tournament status

Authentication & Validation

POST /internal/auth/validate-token           # Validate player JWT tokens
GET /internal/auth/player/{id}/permissions   # Get player permissions

Tournament Management (Hop-on/Off Only)

POST /internal/tournaments                   # Create tournament (hop-on/off)
DELETE /internal/tournaments/{id}/players/{player}  # Remove player with refund

Event Reporting

POST /internal/tournaments/{id}/events       # Report tournament events
POST /internal/tournaments/{id}/results      # Submit tournament results

Integration Patterns by Tournament Type

Scheduled Tournaments

  • Standard Flow: Tournament created by Casino System via external API
  • Game Platform Role: Receives configuration, manages gameplay, reports events
  • APIs Used: Configuration retrieval, JWT validation, event reporting

Hop-On/Off Tournaments

  • Extended Flow: Game Platform creates tournaments via internal API
  • Game Platform Role: Creates tournaments, manages lobby, handles refunds
  • APIs Used: Tournament creation, configuration, player management, event reporting

Error Handling & Best Practices

Internal API Error Codes

  • 401 Unauthorized - Invalid internal API key
  • 403 Forbidden - Internal API key lacks required scope
  • 404 Not Found - Tournament or resource not found
  • 422 Unprocessable Entity - Invalid request data
  • 429 Too Many Requests - Rate limit exceeded (higher limits than external APIs)
  • 500 Internal Server Error - System error

Rate Limiting

  • Tournament Configuration: 1000 requests per minute
  • JWT Validation: 5000 requests per minute
  • Event Reporting: 10000 requests per minute
  • General Internal APIs: 2000 requests per minute

Retry & Circuit Breaker Patterns

Implement circuit breaker patterns for internal API calls to prevent cascade failures between Tournament System and Game Platform.
const circuitBreaker = {
  failureThreshold: 5,
  resetTimeout: 60000,
  monitor: (error) => {
    if (error.status >= 500) {
      circuitBreaker.failures++;
    }
  }
};

Integration Examples

Tournament Configuration Retrieval

const getTournamentConfig = async (tournamentId) => {
  const response = await fetch(`/internal/tournaments/${tournamentId}/config`, {
    headers: {
      'Authorization': 'Bearer internal-api-key',
      'Content-Type': 'application/json'
    }
  });
  
  const config = await response.json();
  return {
    gameConfig: config.gameConfig,
    maxPlayers: config.maxPlayers,
    prizePool: config.prizePool,
    roomId: config.roomId
  };
};

JWT Token Validation

const validatePlayerToken = async (jwtToken) => {
  const response = await fetch('/internal/auth/validate-token', {
    method: 'POST',
    headers: {
      'Authorization': 'Bearer internal-api-key',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({ token: jwtToken })
  });
  
  if (response.ok) {
    const validation = await response.json();
    return {
      valid: validation.valid,
      tournamentId: validation.tournamentId,
      playerId: validation.playerId,
      permissions: validation.permissions
    };
  }
  
  throw new Error('Token validation failed');
};

Security Considerations

Internal API Key Management

  • Secure Storage: Store internal API keys in secure credential systems
  • Environment Isolation: Separate keys for development, staging, production
  • Key Rotation: Regular rotation of internal API keys
  • Access Logging: Complete audit trail of internal API usage

Network Security

  • Private Networks: Internal APIs should only be accessible within private networks
  • TLS Encryption: All internal communication encrypted with TLS 1.3
  • IP Restrictions: Whitelist Game Platform IP addresses
  • Monitoring: Real-time monitoring of internal API traffic patterns

Next Steps

Internal APIs

Detailed documentation of all internal API endpoints and their usage.

JWT Authentication

Player token validation and authentication flow implementation.

Real-time Events

SQS event reporting and postMessage communication patterns.

Room Management

Game room creation, player connections, and session management.