Predictu
API

S2S Management API

The Server-to-Server Management API provides programmatic control over the operator lifecycle. Register new casino partners, manage their API credentials, configure cryptographic key pairs for secure communication, and validate connectivity, all through a clean, well-documented interface.

Internal administration only. This API is used by the Predictu team to manage the B2B operator lifecycle. Casino operators do not have access to these endpoints.

Operator Registration & Management

The S2S Management API provides full lifecycle control over operator records.

Browse Operators

Retrieve a paginated, filterable list of all operators on the platform. Search by name or domain, filter by onboarding status, and sort by any key metric. Each operator listing includes summary statistics for quick assessment of their activity and health.

Register New Operators

Create a new operator record to begin the onboarding process. Specify the operator’s business details, commercial terms, market access preferences, and platform configuration. The operator begins in an onboarding state and progresses through a structured setup process before going live.

Operator Profiles

Retrieve the complete profile of any operator, including their full configuration, branding settings, onboarding progress, API credential status, recent invoicing history, and summary statistics across users, volume, and revenue.

Configuration Updates

Update any aspect of an operator’s profile: business details, commercial terms, branding, platform configuration, authorized domains, or integration settings. Only the fields you include are modified; everything else remains unchanged. Every change is tracked with a detailed diff in the audit trail.

Instant impact. Certain changes take effect immediately. For example, deactivating an operator instantly pauses all new trading for that operator’s users, while existing open positions remain until resolved. Reactivation restores trading immediately.

API Key Management

Securely manage the authentication credentials that operators use to integrate with Predictu. Each operator receives a key pair consisting of a public key (used in client-side integrations) and a secret key (used for server-to-server authentication).

Key Generation

Generate new API key pairs for operators at any time. When new keys are issued while existing keys are still active, a configurable grace period ensures both old and new keys work simultaneously, enabling zero-downtime credential rotation.

Zero-Downtime Rotation

The key rotation process is designed to prevent any service interruption:

  • New keys become active immediately upon generation
  • Previous keys enter a grace period during which they continue to function
  • After the grace period expires, old keys are permanently deactivated
  • The operator has time to update their server configuration without affecting their users

Public Key Retrieval

A dedicated endpoint for retrieving an operator’s current public key. This is the only endpoint in the S2S Management API that does not require administrator authentication, since public keys are, by definition, safe to share. It is used during embed integration setup and debugging.

One-time visibility. Secret keys are returned only once, at the moment of generation. They are never stored in plaintext and cannot be retrieved again. If a secret key is lost, a new key pair must be generated.

Connectivity Testing

Verify that an operator’s server is properly configured to receive callbacks from Predictu. The connectivity test sends a test callback to the operator’s endpoint and provides a detailed report on the result.

How It Works

A test callback is sent to the operator’s configured endpoint (or a custom URL for pre-save testing). The test validates the full communication chain: DNS resolution, TLS handshake, HTTP connectivity, response format, and latency. The detailed result report helps operators diagnose and resolve any integration issues quickly.

Diagnostic Details

When a connectivity test fails, the response includes specific diagnostic information and actionable suggestions. Common issues like timeouts, connection refusals, DNS failures, TLS errors, unexpected HTTP status codes, and invalid response formats are all identified with clear guidance for resolution.

Callback Event System

Beyond connectivity testing, the S2S Management API integrates with Predictu’s real-time callback event system. Operators receive automated notifications for key platform events, including new user registrations, trades, position settlements, balance changes, and market resolutions. All callbacks include a cryptographic signature for authenticity verification.

Security & Integrity

The S2S Management API is built with enterprise-grade security:

  • Administrator authentication: All management endpoints require verified internal team credentials
  • Cryptographic callback signatures: Every callback sent to operators is signed, allowing them to verify authenticity
  • Comprehensive audit trail: Every operator change, key rotation, and connectivity test is logged with full context
  • HTTPS-only callbacks: Operator callback endpoints must use TLS encryption
  • Rate limiting: Per-endpoint rate limits protect against accidental or intentional overuse