Request Signature

Every (Callback API) request have a special field in header Hash-Authorization, which is obligatory for use, in order to verify that call was received from the FUNGAMESS system.
This key is generated automatically, and is based on the following formula: sha256(['REQUEST_GET']['KEY']).
You can see your KEY, received from "Integration → Config" settings page, at your back office on FUNGAMESS.

Error response example for not valid request

{
    "status": false,
    "errors": {
        "error": "Request not validate"
    }
}

note

Note, that if you want to send a request to certain API method for example https://example.com/api/ you MUST put a slash "/" after the name of API method, for example https://example.com/api/apimethodname/.

Also, if you want to call back a certain parameter you MUST put a question mark "?" after the name of the API method. For example https://www.your-brand.com/apimethodname?{parameters}.

Example PHP

function checkSign(): bool
{
    // php >= 7.0
    $hashAuthorizationKey = '424c65e51942160021fefe9d6d603492'; // Key from back office

    $hashAuth = getallheaders()['Hash-Authorization'] ?? ''; // Get hash from request or specify empty

    if ($_SERVER['REQUEST_METHOD'] === 'POST') {  // Retrieving data from a request
        $data = $_POST;
    } else {
        $data = $_GET;
    }
    if (array_key_exists('extraData', $data)) {
        unset($data['extraData']);
    }
    ksort($data);
    $data = array_map('strval', $data);
    $data = json_encode($data);
    
    $hashAuthLocal = hash('sha256',$data . $hashAuthorizationKey); // Hashing of data

    // Compare the collected hash and the one received from NUXGAME
    // Description returned: {true - Return an error!}, {false - Skip the request.}
    return $hashAuthLocal !== $hashAuth;
}

if (checkSign()) {
    return [
        'status' => false,
        'message' => 'Error sign.'
    ];
}