Quick Start
This guide walks you through the minimum steps required to go from zero to a live brand on the Ruby platform. The entire onboarding flow takes approximately 30 minutes for an experienced developer.
Prerequisites
- A Ruby account with an assigned
team_api_keyandteam_api_secret - Basic familiarity with REST APIs and HMAC-SHA256 signing
curlor any HTTP client for testing
Step 1: Receive Your API Credentials
Your Ruby account manager will provide:
| Credential | Description |
|---|---|
team_api_key | Public key, sent in the X-Team-Key header with every request |
team_api_secret | Secret key, used to compute the HMAC-SHA256 signature — never share or expose this |
Store both values securely in your environment variables or secret manager before proceeding.
Step 2: Set Up HMAC-SHA256 Signing
All requests to the Ruby API must be signed using HMAC-SHA256. The signature is computed from the request timestamp, HTTP method, path (including query string), and raw request body.
See the HMAC Signing Guide for the full algorithm, worked examples, and code samples in Python, Node.js, and Java.
Required headers for every API request:
X-Team-Key: <your team_api_key>
X-Team-Timestamp: <unix timestamp in seconds>
X-Team-Signature: <HMAC-SHA256 signature>
Content-Type: application/json
Step 3: Create Your First Brand
Use POST /api/brand/create to create a brand under your team. The response includes the brand's api_key and api_secret — the api_secret is returned only once and cannot be retrieved again.
Request
The example below shows a complete signed request. Replace the placeholder values with your actual credentials.
# Configuration
TEAM_API_KEY="your_team_api_key"
TEAM_API_SECRET="your_team_api_secret"
BASE_URL="https://api-test.ruby-gaming.com"
TIMESTAMP=$(date +%s)
# Request body — must be byte-for-byte identical to what is sent
BODY='{"name":"My First Brand","code":"brand01","wallet_mode":"transfer","currency":"KRW"}'
# Compute HMAC-SHA256 signature
# Signature string: {timestamp}{METHOD}{path}{raw_body}
SIGNATURE=$(echo -n "${TIMESTAMP}POST/api/brand/create${BODY}" \
| openssl dgst -sha256 -hmac "${TEAM_API_SECRET}" -hex | awk '{print $2}')
# Send the request
curl -s -X POST "${BASE_URL}/api/brand/create" \
-H "Content-Type: application/json" \
-H "X-Team-Key: ${TEAM_API_KEY}" \
-H "X-Team-Timestamp: ${TIMESTAMP}" \
-H "X-Team-Signature: ${SIGNATURE}" \
-d "${BODY}"
Response
{
"id": 42,
"team_id": 7,
"name": "My First Brand",
"code": "brand01",
"api_key": "aBcDeFgH...",
"api_secret": "xYzSeCrEt...",
"wallet_mode": "transfer",
"callback_url": null,
"ggr_limit_enabled": 0,
"prepaid_balance": "0.00",
"currency": "KRW",
"status": 1,
"created_at": "2026-04-06T09:00:00Z",
"updated_at": "2026-04-06T09:00:00Z"
}
The api_secret field is returned only in this response. Subsequent calls to retrieve the brand will not include it. Store it securely before proceeding.
Key request fields:
| Field | Required | Description |
|---|---|---|
name | Yes | Human-readable brand name (max 100 characters) |
code | Yes | Short identifier, unique within your team (max 50 characters) |
wallet_mode | Yes | "seamless" or "transfer" |
callback_url | No | Required if wallet_mode is "seamless" |
currency | No | Defaults to "KRW" |
Step 4: Configure the Provider Whitelist
Before players can launch games, you must whitelist at least one provider for the brand. Use POST /api/brand/{id}/providers with the full list of provider_id values you want to enable.
This endpoint replaces the entire whitelist. Always send the complete intended list, not a diff. Sending an empty array removes all providers.
BRAND_ID=42
BODY='{"provider_ids":[1,2]}'
TIMESTAMP=$(date +%s)
PATH_WITH_QUERY="/api/brand/${BRAND_ID}/providers"
SIGNATURE=$(echo -n "${TIMESTAMP}POST${PATH_WITH_QUERY}${BODY}" \
| openssl dgst -sha256 -hmac "${TEAM_API_SECRET}" -hex | awk '{print $2}')
curl -s -X POST "${BASE_URL}${PATH_WITH_QUERY}" \
-H "Content-Type: application/json" \
-H "X-Team-Key: ${TEAM_API_KEY}" \
-H "X-Team-Timestamp: ${TIMESTAMP}" \
-H "X-Team-Signature: ${SIGNATURE}" \
-d "${BODY}"
Contact your Ruby account manager for the list of available provider_id values for your team.
Step 5: Implement Seamless Callbacks (Seamless Mode Only)
If your brand uses wallet_mode: "seamless", you must implement the four callback endpoints that Ruby will call during gameplay:
| Callback | When Ruby calls it |
|---|---|
balance | When a game session starts (Ruby queries the player's current balance) |
debit | When a player places a bet |
credit | When a bet is settled and winnings are paid |
rollback | When a previously debited bet is cancelled |
Ruby calls your callback_url for all four operations. Each request is signed with an HMAC signature so you can verify it originated from Ruby.
See Seamless Wallet Overview for the complete callback request/response specification.
Next Steps
- Read the HMAC Signing Guide for signing details and multi-language code samples
- Explore the Brand Management Guide for the full brand lifecycle (update, recharge, list)
- Review Error Codes to handle API errors gracefully