Session Manager API | Bingão do Brasil

Validates an active player session and verifies its authenticity.

post

Validates session existence, expiration, and updates last activity timestamp.

Required headers: X-Player-Token

Sample request:

{
    "playerId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "sessionId": "3fa85f64-5717-4562-b3fc-2c963f66afa6"
}

Sample response:

{
    "sessionId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "status": "valid",
    "expiresAt": "2025-10-08T14:00:00Z"
}

Authorizations

AuthorizationstringRequired

REQUIRED - JWT Authorization header using the Bearer scheme. All API endpoints require authentication, except for authentication endpoints (Connect/authentication). Example: "Authorization: Bearer {token}"

Query parameters

api-versionstringOptional

Header parameters

X-Transaction-Idstring · uuidOptional

Unique transaction identifier for request tracking

Example: 97df7c31-9d90-47da-a198-d0380f223156

X-Player-TokenstringOptional

Player access token for session validation

Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Body

playerIdstring · uuidOptional

sessionIdstring · uuidOptional

Responses

200

Session validation completed successfully. Check the 'status' field to determine if the session is valid.

sessionIdstring · uuidOptional

playerIdstring · uuid · nullableOptional

issuedAtstring · date-time · nullableOptional

expiresAtstring · date-time · nullableOptional

statusstring · nullableOptional

requireIpMatchboolean · nullableOptional

requireUserAgentMatchboolean · nullableOptional

400

Invalid request data, missing required fields, or malformed identifiers.

401

Invalid or missing X-Player-Token header authentication.

post

/session/validate

POST /session/validate HTTP/1.1
Host: operator-api.mgm.bingaodobrasil.com.br
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 102

{
  "playerId": "123e4567-e89b-12d3-a456-426614174000",
  "sessionId": "123e4567-e89b-12d3-a456-426614174000"
}

{
  "sessionId": "123e4567-e89b-12d3-a456-426614174000",
  "playerId": "123e4567-e89b-12d3-a456-426614174000",
  "issuedAt": "2026-03-02T02:27:11.343Z",
  "expiresAt": "2026-03-02T02:27:11.343Z",
  "status": "text",
  "requireIpMatch": true,
  "requireUserAgentMatch": true
}

Retrieves all active gaming sessions for a specific player.

get

Returns active sessions (status 'Active' and not expired) for the specified player.

Required headers: X-Player-Token

Sample response:

[
  {
    "sessionId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "createdAt": "2025-10-08T10:00:00Z",
    "expiresAt": "2025-10-08T14:00:00Z",
    "status": "Active",
    "gameId": "550e8400-e29b-41d4-a716-446655440000"
  }
]

Authorizations

AuthorizationstringRequired

REQUIRED - JWT Authorization header using the Bearer scheme. All API endpoints require authentication, except for authentication endpoints (Connect/authentication). Example: "Authorization: Bearer {token}"

Path parameters

playerIdstring · uuidRequired

The unique identifier of the player whose active sessions to retrieve.

Query parameters

api-versionstringOptional

Header parameters

X-Player-TokenstringOptional

Player access token for session validation

Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Responses

200

Successfully retrieved active sessions. May return empty array if no active sessions exist.

sessionIdstring · uuidOptional

playerIdstring · uuidOptional

createdAtstring · date-timeOptional

lastActivityAtstring · date-timeOptional

issuedAtstring · date-timeOptional

expiresAtstring · date-timeOptional

ipAddressstring · nullableOptional

userAgentstring · nullableOptional

statusinteger · enumOptionalPossible values:

requireIpMatchbooleanOptional

requireUserAgentMatchbooleanOptional

gameIdstring · uuid · nullableOptional

400

Invalid player ID format or missing required authentication.

401

Invalid or missing X-Player-Token header authentication.

get

/session/player/{playerId}/active-sessions

GET /session/player/{playerId}/active-sessions HTTP/1.1
Host: operator-api.mgm.bingaodobrasil.com.br
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

[
  {
    "sessionId": "123e4567-e89b-12d3-a456-426614174000",
    "playerId": "123e4567-e89b-12d3-a456-426614174000",
    "createdAt": "2026-03-02T02:27:11.343Z",
    "lastActivityAt": "2026-03-02T02:27:11.343Z",
    "issuedAt": "2026-03-02T02:27:11.343Z",
    "expiresAt": "2026-03-02T02:27:11.343Z",
    "ipAddress": "text",
    "userAgent": "text",
    "status": 1,
    "requireIpMatch": true,
    "requireUserAgentMatch": true,
    "gameId": "123e4567-e89b-12d3-a456-426614174000"
  }
]

Retrieves player sessions that were active during a specified date and time.

get

Performs historical session lookup for sessions active at a specific time. A session is considered active if the activity date falls between creation and expiration time.

Use cases: audit trails, compliance reporting, historical analysis. Authentication: Anonymous access allowed for administrative purposes.

Sample request:

GET /session/player/3fa85f64-5717-4562-b3fc-2c963f66afa6/by-activity?activityDate=2025-10-08T10:00:00Z

Sample response:

[
  {
    "sessionId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "createdAt": "2025-10-08T09:30:00Z",
    "expiresAt": "2025-10-08T13:30:00Z",
    "status": "Expired"
  }
]

Authorizations

AuthorizationstringRequired

REQUIRED - JWT Authorization header using the Bearer scheme. All API endpoints require authentication, except for authentication endpoints (Connect/authentication). Example: "Authorization: Bearer {token}"

Path parameters

playerIdstring · uuidRequired

The unique identifier of the player to search sessions for.

Query parameters

activityDatestring · date-timeOptional

The specific date and time (ISO 8601 format) to check for active sessions. Must be a valid DateTimeOffset value.

api-versionstringOptional

Responses

200

Successfully found sessions that were active during the specified time period.

sessionIdstring · uuidOptional

playerIdstring · uuidOptional

createdAtstring · date-timeOptional

lastActivityAtstring · date-timeOptional

issuedAtstring · date-timeOptional

expiresAtstring · date-timeOptional

ipAddressstring · nullableOptional

userAgentstring · nullableOptional

statusinteger · enumOptionalPossible values:

requireIpMatchbooleanOptional

requireUserAgentMatchbooleanOptional

gameIdstring · uuid · nullableOptional

400

Invalid player ID format or malformed activity date parameter.

404

No sessions were found active during the specified time period.

get

/session/player/{playerId}/by-activity

GET /session/player/{playerId}/by-activity HTTP/1.1
Host: operator-api.mgm.bingaodobrasil.com.br
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

[
  {
    "sessionId": "123e4567-e89b-12d3-a456-426614174000",
    "playerId": "123e4567-e89b-12d3-a456-426614174000",
    "createdAt": "2026-03-02T02:27:11.343Z",
    "lastActivityAt": "2026-03-02T02:27:11.343Z",
    "issuedAt": "2026-03-02T02:27:11.343Z",
    "expiresAt": "2026-03-02T02:27:11.343Z",
    "ipAddress": "text",
    "userAgent": "text",
    "status": 1,
    "requireIpMatch": true,
    "requireUserAgentMatch": true,
    "gameId": "123e4567-e89b-12d3-a456-426614174000"
  }
]

Permanently revokes an active player session.

delete

Immediately terminates a player session by setting status to 'Revoked'. Once revoked, the session cannot be reactivated.

Required headers: X-Player-Token

Sample request:

{
    "playerId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "sessionId": "3fa85f64-5717-4562-b3fc-2c963f66afa6"
}

Sample response:

{
    "sessionId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "status": "revoked"
}

Authorizations

AuthorizationstringRequired

REQUIRED - JWT Authorization header using the Bearer scheme. All API endpoints require authentication, except for authentication endpoints (Connect/authentication). Example: "Authorization: Bearer {token}"

Query parameters

api-versionstringOptional

Header parameters

X-Transaction-Idstring · uuidOptional

Unique transaction identifier for request tracking

Example: 66680177-6641-4eed-a299-5676d52e55eb

X-Player-TokenstringOptional

Player access token for session validation

Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Body

playerIdstring · uuidOptional

sessionIdstring · uuidOptional

Responses

200

Session successfully revoked and is no longer valid for authentication.

sessionIdstring · uuidOptional

playerIdstring · uuid · nullableOptional

issuedAtstring · date-time · nullableOptional

expiresAtstring · date-time · nullableOptional

statusstring · nullableOptional

requireIpMatchboolean · nullableOptional

requireUserAgentMatchboolean · nullableOptional

400

Invalid request data, missing required fields, or malformed identifiers.

401

Invalid or missing X-Player-Token header authentication.

delete

/session/revoke

DELETE /session/revoke HTTP/1.1
Host: operator-api.mgm.bingaodobrasil.com.br
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 102

{
  "playerId": "123e4567-e89b-12d3-a456-426614174000",
  "sessionId": "123e4567-e89b-12d3-a456-426614174000"
}

{
  "sessionId": "123e4567-e89b-12d3-a456-426614174000",
  "playerId": "123e4567-e89b-12d3-a456-426614174000",
  "issuedAt": "2026-03-02T02:27:11.343Z",
  "expiresAt": "2026-03-02T02:27:11.343Z",
  "status": "text",
  "requireIpMatch": true,
  "requireUserAgentMatch": true
}

hashtagValidates an active player session and verifies its authenticity.

hashtagRetrieves all active gaming sessions for a specific player.

hashtagRetrieves player sessions that were active during a specified date and time.

hashtagPermanently revokes an active player session.

Validates an active player session and verifies its authenticity.

Retrieves all active gaming sessions for a specific player.

Retrieves player sessions that were active during a specified date and time.

Permanently revokes an active player session.