Skip to content

Authorizing Purchases on Casino's End

When a player performs a purchase or interaction inside the LoyaltyGyre iframe (such as opening a reward box or claiming a prize), LoyaltyGyre needs to confirm that the data remains in sync with the casino’s backend. To achieve this, LoyaltyGyre will contact the casino's backend to authorize the player's action before proceeding.

Purpose of Authorization

The purpose of authorizing purchases is to:

  • Ensure data consistency: Verify that the user's account data (such as balance, player status, or eligibility) is up-to-date before the purchase is confirmed.
  • Prevent fraud or misuse: Ensure that any action performed within the iframe is legitimate and authorized by the casino’s backend.
  • Confirm availability of resources: Ensure that the player has sufficient balance or eligibility to complete the action (e.g., opening a box, purchasing a reward).

How It Works

  1. Player initiates an action: When the player interacts with the iframe (e.g., attempts to open a box), the action is initiated within the iframe.

  2. LoyaltyGyre sends a request to the casino's backend:

    • LoyaltyGyre will send an authorization request to the casino's backend to confirm that the action can proceed.
    • The request typically includes the player's ID, the specific action (e.g., opening a box or making a purchase), and relevant details (e.g., balance or reward ID).

  3. Casino validates the request:

    • The casino’s backend checks the player's account data to verify that they have the required balance, status, or eligibility for the action.
    • The casino may perform additional checks (e.g., ensuring that the player is active, not banned, etc.).

  4. Casino responds with authorization:

    • The casino's backend responds with a confirmation, either authorizing or denying the request.
    • If authorized, LoyaltyGyre proceeds with the player's action.
    • If denied, LoyaltyGyre will inform the player that the action could not be completed.

Flexibility in Implementation

Each casino may have different internal conventions, APIs, and workflows for handling authorization requests. As such, LoyaltyGyre does not enforce a strict API specification for this interaction. Instead, it is expected that:

  • The casino provides a suitable endpoint that LoyaltyGyre can call to confirm user actions.
  • The casino defines its own logic for validating the player's status, balance, or other criteria.
  • The casino's backend is responsible for ensuring accurate responses to authorization requests.

Handling Failures

If the casino’s backend is unable to authorize a player’s action (due to technical issues or insufficient balance, for example), the action in the iframe will not proceed.

In these cases, the player will receive a message indicating that the action could not be completed.

Workflow

sequenceDiagram
  participant P as Player
  participant C as Casino
  participant L as LoyaltyGyre
  autonumber
  P->>L: Open box
  L->>C: Confirm purchase with casino
  destroy C
  C-->>L: Purchase confirmed
  Note over P,L: Box opened