FAQs - Api & Integrations

Can operators sync Reward Shop inventory with an external fulfillment provider via API?

Yes. The Gamanza Engage platform can sync Reward Shop inventory with external fulfillment providers via API. For example, the PrizeShark integration lets operators connect their Reward Shop to the PrizeShark catalog through a feature flag and API settings. Once enabled, inventory, product details, and order statuses are updated automatically between the two systems.

Does Gamanza Engage provide a certified connector for Salesforce Marketing Cloud, or should operators use webhooks?

There is no certified connector for Salesforce Marketing Cloud. Integrations with external systems are handled through the Gamanza Engage API and webhooks, which can be configured to send or receive the required data.

Does Gamanza Engage send webhook failure alerts to Slack or Microsoft Teams?

No. Gamanza Engage does not send webhook failure alerts to Slack or Teams. Operators who need notifications can set up their own monitoring or use third-party tools to forward errors into collaboration channels.

How does Gamanza Engage handle API versioning and the support of deprecated endpoints?****

The platform does not currently define a formal versioning or deprecation policy in its API documentation. Breaking changes are typically introduced by adding new endpoints or updated specifications, while existing endpoints remain stable. No official timeline is provided for deprecated endpoints, so operators should monitor release notes and coordinate with their Customer Success Manager to stay informed about upcoming changes.

How can operators retrieve a player’s active promotions via API for display in a mobile app?

Operators can retrieve active promotions using the Frontend API Gateway. By initializing the required widgets and calling the getPlayer function, the system returns player-specific information, including promotions. Once the data is loaded, the GamanzaEngage_Client_Initialized event confirms availability for display in the mobile app.

How does Gamanza Engage handle webhook delivery, and what options exist for retries with exponential backoff?

Webhook events are delivered in real time, giving operators immediate access to player and platform activity as it happens. While there is no formal SLA and retries with exponential backoff are not built in, operators have full flexibility to implement their own monitoring and retry logic. This approach ensures that webhook handling can be tailored to each operator’s infrastructure and reliability requirements.

How can operators refresh OAuth tokens programmatically without exposing secrets on the client side?

OAuth tokens should always be refreshed server-side to avoid exposing sensitive credentials in the client application. Operators can use the OAuth 2.0 Client Credentials Flow, where the client ID and client secret are securely stored on the backend. The backend then requests a new access token from the authorization server (/api/oauth/v1/token) and injects it into API calls on behalf of the client. This ensures that secrets remain protected while keeping token refresh fully automated.

Does Gamanza Engage provide a GraphQL endpoint, or only REST APIs?

Gamanza Engage APIs are delivered through a RESTful architecture and documented using the OpenAPI specification. At this time, there is no GraphQL endpoint available. Operators integrate via the provided REST APIs for platform, frontend, and operator integrations.

How can asynchronous event webhooks be reconciled with REST queries for idempotency?

Unique IDs such as transactionId or eventId should be used to avoid duplicate processing, and workflows should be designed to be idempotent. Real-time webhooks can be complemented with periodic Data Fetch API queries (using the delta parameter) to ensure completeness and consistency.

Are rate limits per IP, per key, or per tenant, and can we request higher limits?

Rate limits are applied per API client key (OAuth credentials), not per IP. For the Data Fetch API and Credit APIs, the standard limit is 100 requests per minute within a sliding one-minute window. If higher limits are required, operators should coordinate with the Customer Success Manager to request an exception.

What authentication flow does the Gamanza Engage Platform support?

Gamanza Engage supports the OAuth 2.0 Client Credentials flow for authenticating operator backend systems. This process issues a valid JWT access token that must be included in subsequent API requests

How can operators grant tokens manually, for example as a goodwill gesture?

Operators can manually grant or remove tokens in two ways:

  1. Through the Player Card: Adjust XP by selecting the action (Add/Remove), entering the amount, and providing a comment for the transaction. The player’s XP balance is updated instantly, and all details—including comments and the user performing the action—are logged for auditing and transparency.

  2. Through the API: Use the Credit Experience Points API to grant XP outside of the standard gamification rules. This is especially useful for custom workflows or for granting XP in bulk. Each API request requires the player’s unique ID, transaction details, and a descriptive source, which is then visible in the Admin UI for proper tracking.

How can operators export player data for GDPR requests?

Operators can fulfill GDPR “right to access” requests either through the Admin UI, where a data export option is available in the Player Card, or via the Platform API. Both methods allow exporting all personal data linked to the player, ensuring compliance with GDPR requirements.

Does PEP provide an API to retrieve a player’s full engagement history for Customer Support teams?

Yes. PEP provides APIs through the Data Fetch API that allow operators to retrieve player-level engagement history. Operators can access data such as:

  • Missions & Mission Bundles – current progress and historical states.

  • Ranks & Levels – player rank, level changes, XP balances, and histories.

  • Reward Shop – purchases, orders, suppliers, and reward items.

  • Virtual Currency – token balances, wallet history, token boosters, and contribution rules.

  • Transactional Events – game, money, and sports transactions.

  • Player Events – logins, logouts, registrations, opt-ins, KYC verifications, etc.

These APIs can be used to consolidate a complete engagement timeline for a specific player, making it easier for CS teams to investigate issues or respond to compliance requests.

Are there limits on how many API keys or OAuth clients Operators can create?

There is no fixed hard limit for the number of API keys or OAuth client credentials that can be generated in the Admin UI. Operators can create multiple credentials to support different systems or environments (e.g., staging vs. production). For security and maintainability, it is recommended to:

  • Generate separate credentials per integration or environment.

  • Rotate keys regularly following best practices.

  • Remove unused or obsolete clients to reduce risk.

What are the required APIs for CRM?

The required APIs for CRM are:

  • Authentication (OAuth 2.0) – to generate access tokens.

  • Campaign APIs (Platform RX API) – to send and manage campaigns (direct, content, triggers, unsubscribe).

  • Player Events APIs – to feed CRM with player lifecycle events (e.g., login, logout, registration, KYC).

Other APIs, like Transactional Events and Data Fetch, are optional but useful to enrich CRM activities.

How can operators retrieve bonus information via API?

Operators can use the Data Fetch API to access bonus data:

  • Reward Processor → /api/data-fetch/v1/reward-processor/rewards (all rewards granted, including bonuses).

  • Bonus Granted → /api/data-fetch/v1/bonuses/granted (bonuses awarded to players).

  • Bonus Released → /api/data-fetch/v1/bonuses/released (bonuses released/activated for players).

  • Reward Shop → /api/data-fetch/v1/reward-shop/item and /api/data-fetch/v1/reward-shop/order (bonus items and purchases).

What are Webhooks in the Player Engagement Platform?

Webhooks in the Gamanza Player Engagement Platform are indeed used to deliver real-time notifications to external applications. Key areas to consider when working with webhooks include:

  • Getting started (how to register and configure webhooks)

  • Security features (authentication, signatures, verification)

  • Considerations and limitations (performance, retries, rate limits)

  • Webhook events (player, CRM, transactional, etc.)

  • Third-party integrations

Which endpoint should be used to fetch bonuses?

Operators can use the Data Fetch API to retrieve bonus-related information. The relevant endpoints include:

  • /api/data-fetch/v1/bonuses/bonus-granted – retrieves details of bonuses granted to players.

  • /api/data-fetch/v1/bonuses/bonus-released – retrieves details of bonuses that have been released to players.

Which endpoints are required to integrate the Unsubscribe Report in CRM?

To manage and track unsubscribe actions in CRM, operators should use the following endpoint:

  • POST /rx-api/analytics/v1/register/event/unsubscribe – unsubscribes a player from a specific marketing campaign.

This endpoint requires the playerId, campaignId, reason, and date of Unsubscribe.

PreviousFAQs - Gamification & Token RewardsNextSegments Ideas

Last updated

Was this helpful?