Draft / v1 Multi-currency Transfer Wallet Single Wallet
Updated 2026-07-03
Merchant Integration Guide

Lucky Mermaid Merchant API Integration Guide

A formal integration guide for merchant engineering teams, covering the multi-currency player model, signature rules, transfer wallet, single-wallet callbacks, public catalog APIs, game records, reports, and integration checks.

/api/v1Unified business API prefix
currencyRequired by all business APIs
AES + SignStable signature model
Public CatalogPublic game and currency directory

Lucky Mermaid Merchant API Integration Guide

This is the primary Lucky Mermaid (LM) merchant integration document for technical teams.

1. Integration Flow

text
Merchant provides onboarding data
  -> LM creates Merchant / Agent
  -> LM configures Agent currencies, games, wallet mode, and IP whitelist
  -> LM issues the Agent API key
  -> Merchant calls LM APIs using the documented signature rules
  -> Both sides verify player creation, transfer, game login, betting, balance, records, and reports
  -> Production switch uses production domains, IP whitelist, and API keys

Lucky Mermaid provides an independent merchant API. Merchants should integrate using the /api/v1 paths, the LM signature model, and the multi-currency player rules described below.

2. Merchant Inputs

ItemRequiredDescription
Company nameYesUsed for business and back-office identification.
Merchant nameYesUsed to create the Merchant.
Agent nameYesThe agentName used in API requests. LM creates and provides it.
CurrenciesYesFor example CNY, USD, THB. Every business API request must include currency.
Game scopeYesGame IDs to enable, or all games.
Wallet modeYestransfer wallet or single wallet.
Wallet callback URLRequired for single walletHTTPS callback URL for single-wallet mode.
Wallet crypto parametersRequired for single walletAES Key and AES IV for callbacks. Key length must be 16/24/32 characters; IV length must be 16 characters.
Merchant server outbound IPsRecommendedUsed for API whitelist. Provide server outbound IPs, not player IPs.
Technical contactYesUsed for integration, signature, transfer, and game-login troubleshooting.

If the merchant uses multiple servers or NAT, provide every possible outbound public IP. A single IP should normally be written as CIDR /32, for example 203.0.113.4/32.

3. Platform Configuration

ConfigurationDescription
MerchantThe merchant entity.
AgentThe integration channel under the merchant. Request field agentName maps to this record.
Agent API KeyThe identity used in request header KEY. The key may be independent from agentName.
Agent currenciesControls which currency values this Agent can use.
Game authorizationControls which games this Agent can open.
Wallet modeControls the funds model. The first version supports transfer and single.
IP whitelistLimits which merchant outbound IPs can call the API.
Single-wallet callbackConfigure the merchant callback URL, AES Key, and AES IV in the admin UI. The internal wallet JSON is generated automatically.
Currency exchange / bet rateInternal platform configuration for reports and game limits. Merchant APIs return original-currency amounts.

4. Environments and Base URL

EnvironmentBase URLDescription
TestTo be assignedLM test environment.
ProductionTo be assigned before launchProvided by LM before production release.
text
POST <base>/api/v1/...
Content-Type: application/json

5. Common Rules

5.1 Request Format

  • All requests and responses use UTF-8 JSON.
  • Unless explicitly stated, business APIs use POST.
  • All business APIs require currency.
  • currency must be an uppercase ISO-style currency code, such as CNY, USD, or THB.
  • Amounts are decimals in the requested original currency.

5.2 Request Headers

HeaderRequiredDescription
KEYYesAgent API key assigned by LM.
timestampYesUnix timestamp in seconds.
signYesRequest signature. See section 6.

5.3 Common Response

json
{ "code": 200, "data": {}, "msg": "success" }
  • code=200 means success.
  • code!=200 means business failure. Check msg and the error-code table.
  • For signed business APIs, data is AES encrypted. Examples in this document show the decrypted structure for readability.
  • Public catalog APIs return plain JSON and do not encrypt data.

5.4 Time Rules

  • Request header timestamp is Unix seconds.
  • Business time fields use yyyy-MM-dd HH:mm:ss.
  • Business dates use yyyy-MM-dd.
  • Merchant API business time is interpreted in GMT+8 unless otherwise agreed.

6. Authentication and Signature

6.1 Signature Flow

  1. Prepare the JSON request body.
  2. Sort business parameters by key in ascending ASCII order.
  3. Serialize as compact JSON.
  4. Encrypt the serialized string with the Agent secret using AES.
  5. Concatenate the encrypted string with timestamp.
  6. Calculate MD5 to produce sign.
  7. Send KEY, timestamp, sign, and the encrypted request body.
currency is a business parameter and must participate in the signature.

6.2 AES Rules

  • AES key and exact mode are assigned by LM with the Agent API key.
  • The encrypted payload should be transmitted as the agreed encoded string.
  • The same canonical JSON rules must be used on both sides.

6.3 Signature Example: Create Player

json
{
  "agentName": "agent01",
  "loginName": "player001",
  "currency": "USD"
}
text
canonical JSON -> AES encrypt -> encrypted + timestamp -> MD5 sign

6.4 Common Signature Errors

CauseDescription
Missing currencycurrency is required and must be included in the signature.
Wrong key orderBoth sides must use the same canonical parameter order.
Whitespace mismatchUse compact JSON without unstable formatting.
Timestamp expiredThe timestamp must be close to the current server time.
Wrong API keyKEY must match the Agent secret used for signing.

7. Multi-currency Player Model

  • A player wallet is identified by agentName + loginName + currency.
  • The same loginName can exist under multiple currencies, and balances are separated.
  • Transfers, balances, reports, records, login, and test-play requests all use the requested currency.
  • If a currency is disabled for the Agent, business APIs should return an unsupported-currency error.

8. Wallet Modes

8.1 Transfer Wallet

In transfer-wallet mode, the merchant transfers funds into or out of the LM player wallet. LM maintains the in-game balance.

  • Transfer in before game entry.
  • Game bets and settlements update the LM wallet.
  • Transfer out after the player leaves the game or when allowed by business rules.
  • orderNo must be idempotent under agentName + currency + orderNo.

8.2 Single Wallet

In single-wallet mode, the merchant owns the source of funds. LM calls merchant callbacks using action codes for balance, bet, settlement, cancel-bet, and combined bet-settle requests.

  • Merchant callback must be public HTTPS.
  • Merchant must provide callback AES Key and AES IV. Key length must be 16/24/32 characters; IV length must be 16 characters.
  • Merchant must verify callback signatures against the encrypted outer envelope.
  • Merchant must handle retry and idempotency by transferId.
  • Balance must stay synchronized after betting and settlement.

Admin configuration:

  • Select the wallet mode when creating or editing an Agent.
  • Transfer wallet does not require wallet callback configuration.
  • Single wallet shows structured fields for callback URL, AES Key, and AES IV.
  • The admin UI generates the internal wallet JSON automatically; operators should not edit JSON by hand.

9. API Flows

9.1 Transfer Wallet Flow

text
createPlayer -> transfer(type=1) -> getBalance -> login -> game bet/settle -> gameRecord -> transferRecord -> transfer(type=2)

9.2 Demo Play Flow

text
testPlay -> open returned URL -> play with demo funds

9.3 Single Wallet Flow

text
createPlayer -> login/testPlay -> action=6 balance callback -> action=9 bet callback -> action=10/11/8 settlement callback -> gameRecord

10. API List

10.0 Public Catalog APIs

APIPurposeRequiredDescription
GET /api/v1/public/currencyListCurrent supported currenciesRecommendedReturns currency and name.
GET /api/v1/public/gameListCurrent available gamesRecommendedReturns gameId, gameName, gameType, and gameTypeName.
POST /api/v1/public/hotGameTop10Previous-month hot game rankingOptionalRequires merchant signature; encrypted data; ranks by previous calendar month reporting-currency turnover and supports gameType filtering.

The currency and game list APIs are plain JSON APIs for documentation, configuration checks, and operational synchronization. Hot Game Top10 is merchant-only: it requires KEY, timestamp, and sign, and returns encrypted data. The live visual catalog is shown in the appendix.

10.1 Transfer Wallet APIs

APIPurposeRequiredKey fields
POST /api/v1/createPlayerCreate player walletYesagentName, loginName, currency
POST /api/v1/transferTransfer in/outTransfer modeorderNo, type, amount, currency
POST /api/v1/getBalanceQuery balanceYesagentName, loginName, currency
POST /api/v1/loginGet real-game URLYesgameId, language, currency
POST /api/v1/testPlayGet demo-game URLOptionalgameId, language, currency
POST /api/v1/transferRecordQuery transfer orderRecommendedorderNo, currency
POST /api/v1/gameRecordQuery game recordsYesstartTime, endTime, currency
POST /api/v1/gameRecordLinkGet record detail URLOptionalrecordId
POST /api/v1/dayReportDaily detail reportOptionaldate, currency
POST /api/v1/summaryReportMulti-day summary reportOptionalstartDate, endDate, currency
POST /api/v1/playerInfoQuery player infoOptionalloginName, currency
POST /api/v1/kickPlayerForce player offlineOptionalloginName, currency

10.2 Single Wallet APIs

APISingle-wallet rule
createPlayerStill required before game entry.
login / testPlayLM opens the game and performs wallet callbacks during play.
getBalanceMay trigger merchant-side balance verification depending on configuration.
transferNormally not used in single-wallet mode.
gameRecordStill used to query game records.

11. API Details

11.1 Query Supported Currencies

text
GET /api/v1/public/currencyList
FieldDescription
currencyCurrency code used by business APIs.
nameDisplay name.

11.2 Query Game List

text
GET /api/v1/public/gameList
FieldDescription
gameIdGame ID used in login and testPlay.
gameNameGame display name.
gameTypeGame type code.
gameTypeNameGame type display name.

11.2.1 Query Hot Game Top10

text
POST /api/v1/public/hotGameTop10

This merchant-only API requires the same KEY, timestamp, and sign rules as business APIs, and returns encrypted data. It ranks real-account game turnover for the previous calendar month. For example, on 2026-07-03, the ranking period is 2026-06-01 to 2026-06-30.

ParameterRequiredDescription
gameTypeYesGame type ID. Send 0 to query the platform-wide Top10.

Request example:

json
{
  "gameType": 2
}

Response example:

json
{
  "code": 200,
  "data": "AES_ENCRYPTED_DATA",
  "msg": "Success"
}

Decrypted data example:

json
[
  {
    "rank": 1,
    "gameId": 1000,
    "gameName": "Flying Dragon Fishing+",
    "gameType": 2,
    "gameTypeName": "Fishing"
  }
]
FieldDescription
rankRanking number, starting from 1.
gameIdGame ID.
gameNameGame display name.
gameTypeGame type ID.
gameTypeNameGame type display name.

11.3 Create Player

text
POST /api/v1/createPlayer
ParameterRequiredDescription
agentNameYesAgent account.
loginNameYesMerchant player account.
currencyYesPlayer wallet currency.
nicknameNoDisplay nickname.

11.4 Login Game

text
POST /api/v1/login
ParameterRequiredDescription
agentNameYesAgent account.
loginNameYesPlayer account.
currencyYesPlayer wallet currency.
gameIdYesGame ID.
languageYesLanguage code.
backUrlNoReturn URL.

11.5 Get Demo URL

POST /api/v1/testPlay returns a demo-game URL. Parameters are similar to login, but use demo funds.

11.6 Wallet Transfer

POST /api/v1/transfer is used in transfer-wallet mode. type=1 transfers in, type=2 transfers out. orderNo is idempotent by agentName + currency + orderNo.

11.7 Query Transfer Order

POST /api/v1/transferRecord queries an existing transfer by orderNo and currency. Use it after timeout before retrying with a new order.

11.8 Query Balance

POST /api/v1/getBalance returns the player balance in the requested currency.

11.9 Query Game Records

POST /api/v1/gameRecord returns game records by time range, page, and currency. Amounts are original-currency amounts.

POST /api/v1/gameRecordLink returns a URL for viewing a specific game record when supported by the game.

11.11 Daily Detail Report

POST /api/v1/dayReport returns daily detail metrics for the requested currency.

11.12 Multi-day Summary Report

POST /api/v1/summaryReport returns aggregated metrics over a date range.

11.13 Query Player Info

POST /api/v1/playerInfo returns player information for agentName + loginName + currency.

11.14 Force Player Offline

POST /api/v1/kickPlayer requests LM to disconnect a player session.

12. Single Wallet Callback Requirements

For single-wallet mode, merchants must provide a public callback URL. LM sends POST JSON requests using the Lucky Mermaid single-wallet wire format. The HTTP body is an encrypted envelope with dc, x, and parent. The x field contains the encrypted business payload; merchants should verify the outer envelope signature first, then decrypt x, then dispatch by the decrypted action.

The platform admin configuration requires the following fields:

FieldRequiredDescription
Callback URLYesMerchant wallet service endpoint. HTTPS is recommended; test environments may use http/ws/wss as agreed.
AES KeyYesCallback signing/encryption key. Length must be 16/24/32 characters.
AES IVYesCallback encryption IV. Length must be 16 characters.

The admin UI uses these fields to generate the internal wallet configuration automatically. Do not require operators to edit JSON directly. For troubleshooting, the internal shape is {"type":"default","data":{"url":"...","key":"...","iv":"..."}}.

12.1 HTTP Body Envelope

The outer HTTP body format is fixed:

json
{
  "dc": "",
  "x": "ENCRYPTED_PAYLOAD",
  "parent": ""
}
FieldRequiredDescription
dcYesDomain marker. It is usually an empty string in the test environment.
xYesBusiness request encrypted with the configured AES Key and AES IV.
parentNoParent marker. It is usually empty or omitted in the test environment.

The decrypted x payload contains the business fields. Balance query example:

json
{
  "action": 6,
  "ts": 1783080000000,
  "uid": "player001",
  "currency": "HKD",
  "gType": 3,
  "mType": 3006,
  "transferId": 1522700686997852160
}

12.2 Callback Actions

actionWhenMerchant actionIdempotency
6Before login or settlement checkReturn current balance without changing funds.Repeatable.
9Player bet deductionDeduct amount.Idempotent by transferId.
10Settlement or payoutAdd amount and record the round.Idempotent by transferId.
11Cancel betReverse the referenced deduction by refTransferIds.Must be idempotent.
8Bet and settle in one requestHandle deduction and payout atomically.Idempotent by transferId.

12.3 Callback Headers

LM calls merchant callbacks using KEY, timestamp, and sign. The sign is calculated from the outer envelope, not from decrypted business fields: sort dc, x, and parent; serialize compact JSON; encrypt that string with AES/ECB/PKCS5 and standard Base64; append timestamp; then MD5 the result.

Fields such as currency, uid, and action are inside the decrypted x payload. They are protected indirectly because the encrypted x value is part of the signed envelope.

12.4 Decrypted Business Fields

FieldRequiredDescription
actionYesAction code: 6 balance, 9 bet, 10 settle, 11 cancel bet, 8 bet and settle.
tsYesBusiness timestamp in milliseconds.
uidYesPlayer account, equivalent to LM loginName.
currencyYesWallet currency.
gTypeYesGame type.
mTypeYesGame ID.
transferIdYesLM callback transaction ID and merchant idempotency key.
amountRequired for fund actionsDeduction, payout, or reversal amount.
refTransferIdsRequired for cancel/settlement actionsReferenced transaction IDs.
gameRoundSeqNoRequired for game-round actionsGame round ID.

12.5 Callback Response

Merchant responses use the single-wallet callback response format, not the LM merchant API code/data/msg format:

json
{ "status": "0", "balance": 99.00, "err_text": "", "transferId": 1522700686997852160 }
  • Return status="0" or status=0 on success.
  • Successful responses must return the current balance.
  • Return transferId unchanged when possible for reconciliation.
  • Insufficient balance must not deduct funds and should return a non-zero status with clear err_text.
  • Repeated transferId must return an equivalent result.

13. Error Codes

CodeDescription
200Success.
503System maintenance.
4000Agent does not exist.
4001IP is not in API whitelist.
4002Invalid parameter.
4004Game is not enabled.
4005User login failed.
4006User does not exist.
4007Transfer failed.
4008Query time range exceeds limit.
4009Invalid time format. Expected yyyy-MM-dd HH:mm:ss.
4014User already exists.
4015Order does not exist.
4016Order exists or order parameters conflict.
4017Invalid amount.
4018Insufficient amount.
4019Signature error.
4020Timestamp expired.
4024Game is still in progress; funds cannot be transferred out.
4100currency is required.
4101Unsupported currency.
4102Agent has not enabled this currency.
4103Player currency does not exist or does not match.
4104Currency exchange rate is not configured.
4105Currency bet rate is not configured.
4110Single-wallet callback failed.
4111Single-wallet balance is insufficient.
4112Single-wallet callback signature error.

14. IP Whitelist and Security

  • Merchant server outbound IPs should be added to the LM whitelist.
  • Do not submit player IPs as merchant server IPs.
  • Agent API keys must be stored server-side only.
  • Production and test keys should be separated.
  • After a network timeout, use /api/v1/transferRecord to query the original order before deciding whether to retry.
  • Single-wallet callback secrets must be stored server-side and must not be mixed with merchant-to-LM API keys.

15. Integration Checklist

15.1 Basic Checks

  • Agent has been created.
  • Agent API key has been delivered.
  • Agent has at least one enabled currency.
  • Agent has at least one authorized game.
  • Merchant outbound IP is whitelisted.
  • Merchant can generate KEY, timestamp, and sign correctly.

15.2 Multi-currency Checks

  • Create agent01 + player001 + CNY successfully.
  • Create agent01 + player001 + USD successfully.
  • Balances in different currencies are independent.
  • A USD player cannot use a CNY wallet to enter a game.
  • Transfers, balances, records, and reports return original-currency amounts according to request currency.

15.3 Transfer Wallet Checks

  • type=1 transfer-in succeeds.
  • Balance query is correct.
  • Game login succeeds.
  • In-game betting updates the balance correctly.
  • Game records can be queried by currency.
  • type=2 transfer-out succeeds.
  • Timeout scenarios can be resolved with transferRecord.
  • Repeated orderNo does not duplicate fund changes.

15.4 Single Wallet Checks

  • Merchant callback URL is publicly reachable over HTTPS.
  • Merchant verifies LM callback signatures against the encrypted outer envelope.
  • action=6 returns the correct balance.
  • action=9 deducts once and is idempotent by transferId.
  • Insufficient balance fails without deduction.
  • action=10 adds payout once and is idempotent by transferId.
  • action=11 reverses referenced transactions idempotently by refTransferIds.
  • Game entry, bet, settlement, and game-record query pass end to end.

16. Appendix: Currency and Game Catalog

The catalog below is loaded live from public APIs. It helps integration teams look up the current currency codes and gameId values.

Currency List

Use these currency codes in the currency field of business APIs.

--
CurrencyName
Loading currencies...

Game List

Use these game IDs in login and testPlay.

--
Game IDGame NameType
Loading games...