Authentication

Gameball APIs are secured using API Keys to add an additional layer of protection to your account. Two types of keys are provided: the API Key and the Secret Key (also referred to as the transaction key).

• The API Key is used for regular, non-sensitive endpoints.

• The Secret Key must be used along with the API Key when performing sensitive operations.

For each API request, include your account's API Key, and in some cases, the Secret Key as well, in the request headers. For more details on how to retrieve your API Key and Secret Key, refer to our Help Center.

Example: Authentication with API Key

curl --request POST \
  --url 'https://api.gameball.co/api/v4.0/integrations/event' \
  --header 'APIKey: ue7eh32eiwlsncoko08u8b'

Example: Authentication with API Key and Secret Key

curl --request POST \
  --url 'https://api.gameball.co/api/v4.0/integrations/transaction/cashback' \
  --header 'APIKey: ue7eh32eiwlsncoko08u8b'
  --header 'SecretKey: kz7eh32eiwldlowbo08u5p'

High Security Mode (Optional)

To enhance security across your integration, you can enable High Security Mode from your Gameball Dashboard.

When this mode is enabled, all API requests — even those that typically require only the API Key — will also require the Secret Key in the request headers.

This ensures that every API call is authenticated with both keys, offering a stricter level of protection against unauthorized access.

Note: Enabling High Security Mode is recommended for clients with heightened security requirements. Once activated, all integration endpoints will reject requests that do not include both APIKey and SecretKey headers.