Checking API
Player operations
One account for play, wallet, security and admin access.
Login is intentionally compact like the target product, but every sensitive flow is still routed through server authority, region checks, 2FA readiness and audit-friendly account events.
Session
Server-side sessions with httpOnly cookies.
2FA
Authenticator-code login is enforced when enabled.
Region
Restricted regions are blocked before gameplay.
Ledger
Wallet changes flow through immutable entries.