API Reference
A API do CSGOFlip segue os princípios REST e está documentada usando OpenAPI 3.1 (Scalar).
Base URL
Produção: https://api.csgoflip.com/api
Desenvolvimento: http://localhost:3000/apiDocumentação Interativa
- Scalar UI:
/api/docs - OpenAPI JSON:
/api/docs-json
Autenticação
A API usa autenticação baseada em sessões. O sessionId é enviado via cookie ou header.
Via Cookie (Recomendado)
http
Cookie: sessionId=abc123...Via Header
http
Authorization: Bearer abc123...Headers Padrão
http
Content-Type: application/json
Accept: application/jsonRespostas
Sucesso
json
{
"data": { ... },
"meta": {
"page": 1,
"limit": 20,
"total": 100
}
}Erro
json
{
"statusCode": 400,
"message": "Validation failed",
"errors": [
{
"field": "amountCents",
"message": "must be a positive number"
}
]
}Códigos de Status
| Código | Significado |
|---|---|
| 200 | OK |
| 201 | Created |
| 400 | Bad Request |
| 401 | Unauthorized |
| 403 | Forbidden |
| 404 | Not Found |
| 409 | Conflict |
| 422 | Unprocessable Entity |
| 429 | Too Many Requests |
| 500 | Internal Server Error |
Rate Limiting
| Tipo | Limite | Janela |
|---|---|---|
| Global | 100 req | 1 min |
| Auth endpoints | 10 req | 1 min |
| Case open | 5 req | 1 min |
| Withdrawal | 3 req | 1 min |
Headers de rate limit:
http
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1705312800Endpoints por Módulo
Autenticação
| Método | Endpoint | Descrição |
|---|---|---|
| GET | /auth/steam/login | Iniciar login Steam |
| GET | /auth/steam/callback | Callback Steam OAuth |
| POST | /auth/logout | Logout |
| GET | /auth/me | Dados do usuário logado |
Caixas
| Método | Endpoint | Descrição |
|---|---|---|
| GET | /cases | Listar caixas |
| GET | /cases/:id | Detalhes da caixa |
| POST | /cases/:id/open | Abrir caixa |
| GET | /cases/openings | Histórico de aberturas |
Batalhas
| Método | Endpoint | Descrição |
|---|---|---|
| GET | /battles | Listar batalhas |
| GET | /battles/:id | Detalhes da batalha |
| POST | /battles | Criar batalha |
| POST | /battles/:id/join | Entrar na batalha |
| POST | /battles/:id/leave | Sair da batalha |
Pagamentos
| Método | Endpoint | Descrição |
|---|---|---|
| POST | /deposits/initiate | Iniciar depósito |
| GET | /deposits | Histórico de depósitos |
| POST | /withdrawals/request | Solicitar saque |
| GET | /withdrawals | Histórico de saques |
| POST | /withdrawals/:id/cancel | Cancelar saque |
Inventário
| Método | Endpoint | Descrição |
|---|---|---|
| GET | /inventory | Listar itens |
| POST | /inventory/:id/sell | Vender item |
| POST | /inventory/sell-all | Vender todos |
Upgrades
| Método | Endpoint | Descrição |
|---|---|---|
| GET | /upgrades/probability | Calcular probabilidade |
| POST | /upgrades | Executar upgrade |
| GET | /upgrades/history | Histórico |
Sorteios
| Método | Endpoint | Descrição |
|---|---|---|
| GET | /raffles | Listar sorteios |
| GET | /raffles/:id | Detalhes |
| POST | /raffles/:id/tickets | Comprar tickets |
Live Drops
| Método | Endpoint | Descrição |
|---|---|---|
| GET | /live-drops/recent | Drops recentes |
| POST | /live-drops/emit | Emitir drop |
Provably Fair
| Método | Endpoint | Descrição |
|---|---|---|
| GET | /provably-fair/client-seed | Obter client seed |
| PUT | /provably-fair/client-seed | Atualizar client seed |
| GET | /provably-fair/verify/:id | Verificar resultado |
Admin
| Método | Endpoint | Descrição |
|---|---|---|
| GET | /admin/dashboard | Estatísticas |
| GET | /admin/users | Listar usuários |
| POST | /admin/users/:id/ban | Banir usuário |
| GET | /admin/withdrawals | Fila de saques |
| POST | /admin/withdrawals/:id/approve | Aprovar saque |
Exemplos
Abrir Caixa
bash
curl -X POST https://api.csgoflip.com/api/cases/123/open \
-H "Cookie: sessionId=abc123" \
-H "Content-Type: application/json"Response:
json
{
"openingId": "789012345678901234",
"item": {
"id": "456",
"name": "AWP | Dragon Lore",
"rarity": "EXTRAORDINARY",
"valueCents": 250000,
"imageUrl": "https://..."
},
"roll": 45230,
"serverSeedHash": "abc123...",
"isFlip": false
}Solicitar Saque
bash
curl -X POST https://api.csgoflip.com/api/withdrawals/request \
-H "Cookie: sessionId=abc123" \
-H "Content-Type: application/json" \
-d '{
"amountCents": 10000,
"paymentMethod": "PIX",
"paymentDetails": {
"pixKey": "email@example.com",
"pixKeyType": "EMAIL"
},
"twoFactorCode": "123456"
}'Response:
json
{
"id": "wd123456789",
"amountCents": 10000,
"status": "PENDING",
"requestedAt": "2024-01-15T10:30:00Z"
}SDKs
JavaScript/TypeScript
typescript
import { CSGOFlipClient } from '@csgoflip/sdk';
const client = new CSGOFlipClient({
baseUrl: 'https://api.csgoflip.com',
sessionId: 'abc123...',
});
// Abrir caixa
const result = await client.cases.open('123');
// Listar inventário
const inventory = await client.inventory.list();
// Solicitar saque
const withdrawal = await client.withdrawals.request({
amountCents: 10000,
paymentMethod: 'PIX',
paymentDetails: { pixKey: 'email@example.com' },
});Webhooks
Para integrações, a API pode enviar webhooks para eventos:
deposit.confirmedwithdrawal.completedbattle.finished
Configuração
bash
curl -X POST https://api.csgoflip.com/api/webhooks \
-H "Authorization: Bearer {adminToken}" \
-d '{
"url": "https://yoursite.com/webhook",
"events": ["deposit.confirmed", "withdrawal.completed"],
"secret": "your-webhook-secret"
}'Payload
json
{
"event": "deposit.confirmed",
"timestamp": "2024-01-15T10:30:00Z",
"data": {
"depositId": "123",
"userId": "456",
"amountCents": 10000
},
"signature": "sha256=..."
}Verificação
typescript
const isValid = verifyWebhookSignature(
payload,
headers['x-webhook-signature'],
secret,
);