Integration Tester
The Operator Integration Tester is a self-service tool that validates your wallet callback implementation against the RGS specification. It simulates the RGS making real HTTP calls to your endpoints and reports pass/fail results in real time.
Open Integration TesterWhat It Tests
The tester runs 42 test cases across 7 categories against your wallet callback endpoints:
Happy Path
Normal bet → win/loss flows, balance checks, and complete round lifecycles.
Idempotency
Duplicate request handling — your server should return the same response for repeated transactionId values.
Error Handling
Insufficient funds, invalid sessions, disabled players, and other rejection scenarios.
HMAC Security
Signature validation, replay attack protection, and tampered body detection.
Attack Vectors
SQL injection, XSS, negative amounts, zero amounts, and concurrent duplicate requests.
Edge Cases
Very long strings, Unicode characters, decimal precision, and rapid sequential requests.
How to Use
Open the Tester
Navigate to the Integration Tester. You'll see a configuration panel on the left and test selection on the right.
Enter Your Credentials
Fill in three fields:
| Field | Description |
|---|---|
| Wallet Base URL | Your wallet API base URL (e.g., https://your-api.com) |
| HMAC Secret | The shared HMAC secret for signing requests |
| Player ID | A test player ID that exists in your system |
Select Tests
Choose which test categories to run. Start with Happy Path tests to validate basic functionality, then progressively enable more categories. You can select individual tests or entire categories.
Run & Review
Click Run Tests. Results stream in real time — each test shows pass/fail status, assertions, and the raw HTTP request/response logs. After completion, you can download a PDF report.
Test Categories
Happy Path (Tests 1–7, 39–40)
Basic operations: authenticate on launch, debit on bet, credit on win, zero-amount loss credit, balance query, rollback, and complete round flows. These should all pass before moving to other categories.
Idempotency (Tests 8–10)
Sends the same transactionId twice for debit, credit, and rollback. Your server should return the cached successful response without processing the transaction again.
Error Handling (Tests 11–14, 42)
Tests your error responses: insufficient funds (ERROR_NOT_ENOUGH_MONEY), invalid session tokens, invalid player on authenticate, and other rejection scenarios. Your server should return the correct error status codes.
HMAC Security (Tests 15–17, 29, 41)
Sends requests with invalid HMAC signatures, expired timestamps, and tampered request bodies. Includes authenticate endpoint HMAC validation. Your server should reject all of these with ERROR_INVALID_SIGNATURE.
Attack Vectors (Tests 18–28)
Attempts SQL injection in string fields, XSS payloads, negative and zero bet amounts, and concurrent duplicate requests. Your server should handle all of these safely.
Edge Cases (Tests 30–34)
Tests with very long player IDs, Unicode characters, high-precision decimal amounts, and rapid sequential requests. Validates that your server handles boundary conditions gracefully.
Debit/Rollback Ordering (Tests 35–38)
Tests rollback before debit, rollback of non-existent transactions, and double-rollback scenarios. Validates your server's state machine logic.
Callback Endpoints Tested
The tester calls the same five endpoints that the RGS uses in production. See Wallet Callbacks for the full request/response schemas.
| Endpoint | Tested For |
|---|---|
POST /callback/authenticate |
Player verification, balance on launch, HMAC security, invalid player |
POST /callback/debit |
Bet placement, insufficient funds, idempotency, attack resistance |
POST /callback/credit |
Win crediting, zero-amount loss, idempotency |
POST /callback/balance |
Balance queries |
POST /callback/rollback |
Bet reversal, ordering constraints, non-existent transactions |