Integration Guide
A practical step-by-step guide for connecting a casino platform or PAM system to Syncora.
Integration overview
Casino / PAM backend
Owns wallets, sessions, and bonuses.
Syncora
Owns CRM, segments, journeys, analytics, and gamification.
Player-facing surfaces
Use widget tokens — never raw API keys.
Step 1 — Prepare partner credentials
Generate and store your API key
- Generate or retrieve the partner API key inside Syncora.
- Store it in your backend secret manager.
- Never put
x-api-keyin frontend JavaScript or mobile apps.
Step 2 — Send player events
const response = await fetch("https://syncoralab.com/api/public/v1/ingest", {
method: "POST",
headers: {
"content-type": "application/json",
"x-api-key": process.env.SYNCORA_API_KEY!,
},
body: JSON.stringify({
player_id: "ext_123",
type: "deposit",
data: {
amount: 50,
currency: "EUR",
status: "completed",
},
}),
});
if (!response.ok) {
const err = await response.text();
console.error("Syncora ingest failed", response.status, err);
}Step 3 — Map important casino events
| Casino action | Syncora event | Important metadata |
|---|---|---|
| Registration | login (with data.registration = true) | email, country, language |
| Login | login | country, device, ip (if appropriate) |
| Deposit | deposit | amount, currency, method, status |
| Bet | bet | amount, currency, game_id, provider_id |
| Win | win | amount, currency, game_id, provider_id |
| KYC update | kyc_change | status |
| Bonus claim | free_spin_used / bonus_claimed | granted_bonus_id, amount |
A dedicated registration event type is not currently accepted by the ingest schema. Send registration as type: "login" with data.registration = true and include profile fields like email, country, and language.
Step 4 — Fetch player state
const res = await fetch(
"https://syncoralab.com/api/public/v1/player/ext_123",
{
headers: { "x-api-key": process.env.SYNCORA_API_KEY! },
},
);
const player = await res.json();Use this endpoint from partner backend systems to inspect CRM and player state where supported. Do not call it from the browser with a raw API key.
Step 5 — Connect bonus fulfilment
Syncora handles
- Bonus templates and business rules
- Granted bonus history per player
- Journey and CRM-triggered grants
- Audit trail and reward outbox
Partner PAM handles
- Actual wallet, free-spin, or bonus balance changes
- Wagering enforcement
- Player-facing bonus UI in the casino
- Regulatory reporting where required
Step 6 — Test the integration
- API key stored server-side only
- Ingest endpoint returns 200 for a sample event
- Player appears in Syncora after first event
- Events appear in the Event Inspector
- Journey triggers fire as expected
- Bonus grant appears in the player profile
- Error logging is enabled on the partner side
Common mistakes
Exposing API key in browser
Any browser-visible API key is compromised. Use widget tokens instead.
Wrong API namespace
Send events to /api/public/v1/... only. Older /api/v1 routes are not the partner surface.
Missing OPTIONS / CORS handling
If you must call from a browser, use widget tokens and confirm CORS is configured for your origin.
Wrong player ID mapping
Use a stable external ID from your PAM. Do not mix ephemeral session IDs.
Sending too much PII
Only send the fields Syncora needs. Avoid sensitive personal data in event payloads.
Skipping end-to-end bonus tests
Confirm bonus grants land in your PAM wallet and reflect back in Syncora.