PLLAY Platform API

Enterprise-grade competitive gaming platform

v1.0.0
Sandbox API Production API

🔒 Webhook Security

All webhook requests include an X-PLLAY-Signature header containing an HMAC-SHA256 signature. Verify this signature to ensure webhook authenticity:

// Node.js verification example
const crypto = require('crypto');

function verifyWebhookSignature(payload, signature, secret) {
    const computedSignature = crypto
        .createHmac('sha256', secret)
        .update(payload, 'utf8')
        .digest('hex');
    
    const expectedSignature = `sha256=${computedSignature}`;
    
    return crypto.timingSafeEqual(
        Buffer.from(signature),
        Buffer.from(expectedSignature)
    );
}

// Python verification example
import hmac
import hashlib

def verify_webhook_signature(payload, signature, secret):
    expected_signature = 'sha256=' + hmac.new(
        secret.encode('utf-8'),
        payload.encode('utf-8'),
        hashlib.sha256
    ).hexdigest()
    
    return hmac.compare_digest(signature, expected_signature)

Webhook Retry Policy: Failed webhook deliveries are retried up to 3 times with exponential backoff (1s, 2s, 4s).

Support Terms of Service Privacy Policy API Examples API Status

© 2025 PLLAY Labs Inc. All rights reserved. | api-support@pllay.io