Operator onboarding

Registration data, environments, keys, and activation
View as Markdown

Operator onboarding

Operator registration is an administrative Wuzzlo process. It is not a public self-registration API. Your integration contact collects the required information and Wuzzlo creates the operator record.

Information the operator provides

Provide a separate configuration for staging and production:

FieldDescription
Operator nameHuman-readable company or brand name.
Wallet base URLPublic HTTPS origin used for Wuzzlo callbacks, for example https://wallet.operator.example. Do not include a callback path.
RSA public keyPEM-encoded public key corresponding to the operator’s protected private key.
CurrencyWallet currency code agreed with Wuzzlo, such as INR.
Callback pathsDebit, credit, and rollback paths. Recommended values are /betrequest, /resultrequest, and /rollbackrequest.
Allowed Wuzzlo IPsOptional operator-side allowlist requested from Wuzzlo. Do not use IP filtering instead of signature verification.
Test userA dedicated, enabled staging player with enough balance to run repeated certification cycles.
Technical contactsEngineering and incident contacts for launch and wallet reconciliation.

/auth/login and /balance are fixed integration paths. Debit, credit, and rollback paths are stored in the Wuzzlo operator configuration and may be customized when necessary.

Information Wuzzlo provides

  • The exact operatorId to send in every request and validate in every callback.
  • Staging and production Wuzzlo API base URLs.
  • The Wuzzlo RSA public key used to verify callbacks.
  • Wuzzlo source IP ranges when IP allowlisting is required.
  • Enabled games and currencies.
  • Certification and production activation confirmation.

Generate an RSA key pair

The integration uses RSA-SHA256 and PKCS#1 v1.5 signature padding. Generate and store a separate key pair per environment according to your security policy. For example:

$openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:3072 -out operator-private.pem
$openssl pkey -in operator-private.pem -pubout -out operator-public.pem

Send only operator-public.pem to Wuzzlo. Store the private key in a secrets manager or HSM, restrict access to the signing service, and establish a key-rotation procedure before production.

Never commit private keys, database passwords, test-user credentials, or production tokens to the operator application repository. Values in a sample application are illustrative and must not be copied into production.

Registration lifecycle

  1. Operator submits staging onboarding data and public key.
  2. Wuzzlo creates an active staging operator record with the agreed callback paths.
  3. Operator deploys the wallet API and confirms health and network access.
  4. Wuzzlo runs wallet certification using the funded test user.
  5. Operator tests game listing, session launch, gameplay, settlement, and reconciliation.
  6. Both teams approve production configuration and exchange production public keys.
  7. Wuzzlo activates the production operator and enabled game catalog.
  8. Both teams perform a controlled production smoke test and monitor the first transactions.

Configuration example

operatorId: acme-games
walletBaseUrl: https://wallet.acme.example
currencyCode: INR
debitPath: /betrequest
creditPath: /resultrequest
rollbackPath: /rollbackrequest
operatorPublicKey: -----BEGIN PUBLIC KEY----- ...

The Wuzzlo administrator enters this information. Operators should not call internal backoffice registration endpoints directly.