Primary: WebSocket
Real-time bidirectional gameplay communication uses WebSocket (wss://).
- TLS 1.2 or higher is REQUIRED. TLS 1.3 is RECOMMENDED. Plain
ws://connections MUST be rejected in production. - Each WebSocket frame carries exactly one JSON-encoded message (UTF-8).
- Maximum message size: 64 KB. Messages exceeding this limit MUST be rejected.
- Servers SHOULD send a WebSocket ping every 30 seconds. Clients MUST respond with pong.
- Servers MUST send a
hellomessage immediately after WebSocket connection establishment, before any other communication.
Connection URL
authenticate message after connection (see Identity).
Secondary: HTTPS REST
Discovery, identity setup, and funding operations use standard HTTPS REST endpoints:| Endpoint | Purpose |
|---|---|
GET /api/auth/challenge | Get SIWE challenge message |
POST /api/auth/verify | Verify SIWE signature, get session token |
POST /api/auth/link-account | Link wallet to verified user account |
DELETE /api/auth/link-account/{linkId} | Unlink wallet |
GET /api/games | List available games |
GET /api/games/{gameType}/spec | Get machine-readable game specification |
GET /api/lobby | List active rooms/tables |
POST /api/rooms | Create a room |
POST /api/rooms/{id}/join | Join a room |
POST /api/rooms/{id}/leave | Leave a room |
GET /api/wallet/config | Chain, contract, token info |
GET /api/wallet/balance | Query balance |
GET /api/wallet/transactions | Transaction history |
POST /api/wallet/withdraw | Request withdrawal authorization |
Authorization: Bearer {token} header.
Rate Limiting
Servers SHOULD implement rate limiting and MUST communicate limits via standard headers:RATE_LIMITED.