Cashier API Documentation
This document describes the API for Cashier and Sub. Cashier player operations: authentication, player creation, player details, password changes, deposits, withdrawals, and reverse.
Base URL:
Replace
https://YOUR-DOMAIN.com/apiReplace
YOUR-DOMAIN.com with the domain where the gaming system is installed. Every request must include key=SHOP_API_KEY. The key is created in /backend/api and is linked to SHOP, API Domain, and API IP.
Important about API Domain: for browser requests, the external website domain must be configured in the
API Domain field of the API Key. If the domain is empty or does not match the request Origin, the browser will reject the API request because of CORS even when the key is correct. Server-to-server requests without an Origin header are not affected by CORS, but they still pass key, SHOP, and API IP validation.
Required Headers
| Header | Required | Description |
|---|---|---|
Accept: application/json | Yes | All API responses are JSON. |
Content-Type: application/json | For JSON body | Required for POST/PUT requests with a JSON body. |
Authorization: Bearer JWT_TOKEN | Protected routes | Required for all /cashier/* requests and logout. |
Balance Logic
| Mode | Create Player | Deposit | Withdraw |
|---|---|---|---|
Default | You may send a custom username and password. | You may use wager=true for Wager Bonus. | Withdraws from the player's available balance. |
River | The system generates the player login/password automatically in River format. | You may use apply_bounceback=true for Bounce Back. | Withdraws from balance_Win. |
Authentication
First request a JWT token through /login. Send the returned token in the Authorization header for all protected requests.
Downloads
Use the ready HTML demo client for quick API testing, or download the ZIP archive when it is uploaded to the server.
| File | Description | Download |
|---|---|---|
cashier-api-demo.html |
Interactive HTML client for login, player listing, player creation, deposit, withdraw, reverse, and password changes. | API Demo |
cashier-api-demo.zip |
Archive with the demo client. This file should be uploaded to the server separately. | Download ZIP |
Rate Limits
Standard request limits are applied to keep API responses stable. When the limit is reached, the response tells when the request can be retried.
| Limit | Default | Config |
|---|---|---|
| Login requests | 10 requests per minute |
API_LOGIN_RATE_LIMIT_PER_MINUTE |
| Cashier API requests | 60 requests per minute |
API_RATE_LIMIT_PER_MINUTE |
When the limit is exceeded, the API returns 429 Too Many Requests and a Retry-After header with the number of seconds before retrying.
Rate Limit Error Example
json
{
"fail": true,
"message": "Too many API requests. Please retry later.",
"retry_after": 42
}Login
POST/login
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
key | query string | Yes | Shop API Key from /backend/api. |
username | string | Yes | Cashier or Sub. Cashier login. |
password | string | Yes | Cashier or Sub. Cashier password. |
Example Request
sh
curl --location --request POST 'https://YOUR-DOMAIN.com/api/login?key=SHOP_API_KEY' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data-raw '{
"username": "CASHIER_LOGIN",
"password": "CASHIER_PASSWORD"
}'Example Response
json
{
"success": true,
"message": "Authorization is successful.",
"token": "JWT_TOKEN"
}Logout
POST/logout
Example Request
sh
curl --location --request POST 'https://YOUR-DOMAIN.com/api/logout?key=SHOP_API_KEY' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer JWT_TOKEN'
Example Response
json
{
"success": true,
"message": "Logout is successful."
}Cashier Info
GET/cashier/me
Returns the authenticated cashier and the current balance logic mode.
Example Request
sh
curl --location --request GET 'https://YOUR-DOMAIN.com/api/cashier/me?key=SHOP_API_KEY' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer JWT_TOKEN'
Example Response
json
{
"success": true,
"data": {
"cashier": {
"id": 12,
"username": "S_686886574",
"role": "cashier",
"shop_id": 1,
"shop": "SHOP1",
"shop_balance": 4460
},
"logic_of_balance": "river"
}
}List Players
GET/cashier/players
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
key | string | Yes | Shop API Key. |
search | string | No | Search by username or first_name. |
per_page | number | No | Allowed values: 10, 25, 50, 100. Default is 50. |
page | number | No | Pagination page. |
Example Request
sh
curl --location --request GET 'https://YOUR-DOMAIN.com/api/cashier/players?key=SHOP_API_KEY&per_page=50&search=112233' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer JWT_TOKEN'
Example Response
json
{
"success": true,
"data": [
{
"id": 19,
"username": "112233",
"river_login": "11-22-33",
"first_name": "95471877",
"status": "Active",
"shop_id": 1,
"parent_id": 12,
"balance": 25,
"balance_Win": 0,
"withdrawal": 0,
"wager_bonus": 0,
"wager_bonus_amount": 0,
"bounce_back": 0,
"created_at": "2026-06-21 06:00:00"
}
],
"meta": {
"current_page": 1,
"last_page": 1,
"per_page": 50,
"total": 1
}
}Get Player
GET/cashier/player
GET/cashier/players/{user}
Returns one player by id or username. The player must belong to the authenticated cashier's SHOP.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
key | string | Yes | Shop API Key. |
id | number | One of id/username | Player ID. |
username | string | One of id/username | Player username. |
Example Requests
sh
curl --location --request GET 'https://YOUR-DOMAIN.com/api/cashier/player?key=SHOP_API_KEY&id=PLAYER_ID' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer JWT_TOKEN' curl --location --request GET 'https://YOUR-DOMAIN.com/api/cashier/player?key=SHOP_API_KEY&username=PLAYER_USERNAME' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer JWT_TOKEN' curl --location --request GET 'https://YOUR-DOMAIN.com/api/cashier/players/PLAYER_ID?key=SHOP_API_KEY' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer JWT_TOKEN'
Example Response
json
{
"success": true,
"data": {
"id": 19,
"username": "112233",
"river_login": "11-22-33",
"first_name": "95471877",
"status": "Active",
"shop_id": 1,
"parent_id": 12,
"balance": 25,
"balance_Win": 0,
"withdrawal": 0,
"wager_bonus": 0,
"wager_bonus_amount": 0,
"bounce_back": 0,
"created_at": "2026-06-21 06:00:00"
}
}Create Player
POST/cashier/players
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
username | string | Default only | Minimum 6 characters, only A-Z, a-z, 0-9, _. Must be unique. |
password | string | Default only | Minimum 6 characters. In River mode it is generated automatically. |
first_name | string | No | Username/Notes field. Minimum 6 characters, alphanumeric/underscore only, unique. |
balance | number | No | Initial deposit. If greater than 0, minimum is 5. |
wager | boolean | No | Default mode: apply Wager Bonus. |
apply_bounceback | boolean | No | River mode: apply Bounce Back on deposit. |
platform | string | No | River or Thunder7. If omitted, River is used. Values 1/2 are also accepted as River/Thunder7. |
If an invalid platform is sent, for example
River2353454, the API returns a validation error and the player is not created.Default Mode Example Request
sh
curl --location --request POST 'https://YOUR-DOMAIN.com/api/cashier/players?key=SHOP_API_KEY' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer JWT_TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"username": "player10001",
"password": "secret123",
"balance": 10,
"wager": true,
"platform": "River"
}'River Mode Example Request
sh
curl --location --request POST 'https://YOUR-DOMAIN.com/api/cashier/players?key=SHOP_API_KEY' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer JWT_TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"balance": 10,
"apply_bounceback": true,
"platform": "River"
}'Example Response
json
{
"success": true,
"message": "User created successfully.",
"data": {
"id": 20,
"username": "797561482187",
"river_login": "79-75-61-48-21-87",
"first_name": "39268757",
"status": "Active",
"shop_id": 1,
"parent_id": 12,
"balance": 10,
"balance_Win": 0,
"withdrawal": 0,
"wager_bonus": 0,
"wager_bonus_amount": 0,
"bounce_back": 0,
"created_at": "2026-06-21 06:05:00",
"password": "797561482187"
}
}Change Player Password
POST/cashier/player/password
POST/cashier/players/{user}/password
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | query string | For /cashier/player/password | Player ID when using the generic endpoint. |
username | query string | For /cashier/player/password | Player username when using the generic endpoint. |
password | string | Yes | New password, minimum 6 characters. |
Example Request By ID In URL
sh
curl --location --request POST 'https://YOUR-DOMAIN.com/api/cashier/players/PLAYER_ID/password?key=SHOP_API_KEY' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer JWT_TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"password": "newSecret123"
}'Example Request By Username
sh
curl --location --request POST 'https://YOUR-DOMAIN.com/api/cashier/player/password?key=SHOP_API_KEY&username=PLAYER_USERNAME' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer JWT_TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"password": "newSecret123"
}'Deposit
PUT/cashier/players/{user}/balance/add
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
sum | number | Yes | Deposit amount. |
wager | boolean | No | Default mode: use Wager Bonus. |
apply_bounceback | boolean | No | River mode: use Bounce Back. |
Example Request
sh
curl --location --request PUT 'https://YOUR-DOMAIN.com/api/cashier/players/PLAYER_ID/balance/add?key=SHOP_API_KEY' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer JWT_TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"sum": 10,
"wager": true,
"apply_bounceback": true
}'Example Response
json
{
"success": true,
"message": "Balance updated successfully.",
"data": {
"id": 19,
"username": "112233",
"balance": 35,
"balance_Win": 0,
"withdrawal": 0,
"wager_bonus": 0,
"bounce_back": 0
}
}Withdraw
PUT/cashier/players/{user}/balance/out
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
sum | number | Yes if all is false | Withdrawal amount. |
all | boolean | No | If true, withdraw the full available amount. In River mode this uses balance_Win. |
In River mode, withdrawal is taken from
balance_Win. If there are not enough funds there, the API returns an error with the reason.Example Request
sh
curl --location --request PUT 'https://YOUR-DOMAIN.com/api/cashier/players/PLAYER_ID/balance/out?key=SHOP_API_KEY' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer JWT_TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"sum": 10
}'Withdraw All Example
sh
curl --location --request PUT 'https://YOUR-DOMAIN.com/api/cashier/players/PLAYER_ID/balance/out?key=SHOP_API_KEY' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer JWT_TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"all": true
}'Reverse
POST/cashier/players/{user}/reverse
Reverses the latest deposit/bonus if the player has an available reverse record.
Example Request
sh
curl --location --request POST 'https://YOUR-DOMAIN.com/api/cashier/players/PLAYER_ID/reverse?key=SHOP_API_KEY' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer JWT_TOKEN'
Example Response
json
{
"success": true,
"message": "Reverse completed successfully.",
"data": {
"id": 19,
"username": "112233",
"balance": 15,
"balance_Win": 0,
"withdrawal": 0
}
}Errors
On error, the API returns an HTTP status and a JSON body with fail: true and the reason.
Common Error Responses
| Status | Example | Meaning |
|---|---|---|
400 | {"fail":true,"message":"Invalid credentials."} | Wrong login/password, validation error, insufficient balance, or invalid amount. |
403 | {"fail":true,"message":"No permission"} | The token does not belong to a Cashier/Sub. Cashier, or the player is not available to this cashier. |
404 | {"fail":true,"message":"Wrong user"} | The player was not found in the authenticated cashier's SHOP. |
Validation Error Example
json
{
"fail": true,
"message": "The selected platform is invalid."
}