TS Market Games Integration

Appearance

Implementation Notes

Security best practices

  • HTTPS-only on your wallet API. Modern TLS (1.2 minimum, 1.3 preferred).
  • IP allowlist: TS will send you its outbound IP ranges. Restrict your wallet API to only accept calls from those IPs.
  • Validate every call: HMAC signature, token lookup, currency matches the user's currency.
  • SameSite=None; Secure on any cookies your wallet API sets (rare in this integration since all calls are server-to-server, but worth noting).
  • CSRF: not applicable to server-to-server calls. DO still protect your /authenticate from accidental browser-initiated calls.
  • Secrets: store the HMAC shared secret in a vault, never in code. Rotate quarterly. Monitor HMAC mismatch rates as a leading indicator of secret drift / clock drift.

Implementation notes (Tap-specific)

  • High-frequency settlement. A winning cell closes ~80 ms after the touch event detected by TS's engine. Bursts on /closetrade are normal — peak rates of dozens of trades per second per player are realistic during fast-paced sessions. Size your wallet API accordingly (target p99 < 200 ms on /closetrade for smooth UX).
  • Idempotency or it didn't happen. TS retries on any non-2xx response or timeout. Use externalTradeId as your idempotency key in a unique index. Returning a duplicate 200 Ok is the correct response for an already-applied trade.
  • Atomic state transitions. A reservation lifecycle is open → closed. There's no "edit" for Tap. If you see /opentrade with an externalTradeId you've already closed (rare, but possible during retries against a stale window), reject with InvalidToken or Ok — your call, document it.
  • String precision. All amounts (amount, balance, stake, payout, pnl) are strings. Do not coerce to floats during HMAC body hashing or balance arithmetic. Use a decimal library on your side.
  • touchPrice is informational. Reporting only. Never use for wallet math.
  • Cancellation at window boundaries. Rare but normal: a trade that opened at the very edge of a trading-window close may settle as a cancellation with no prior partner signal. Treat it as a tie (amount === stake).
  • Clock sync. NTP-sync your wallet API hosts. HMAC X-Timestamp tolerates only ±60 s drift; clock drift = silent rejection of every callback.

TradesMarter