RVO Bridge API – Integration Manual for BetConstruct

Operator: ALEKS CZ s.r.o. (ICO: 26212013)

Version: 2.0

1. Purpose and Scope

This document describes the RVO Bridge API that BetConstruct (BC) will use to integrate with the Czech Ministry of Finance Automated Gambling Information System (AISG). The Bridge exposes a stable REST/JSON interface in English for BC and internally communicates with Czech state systems (ROB and RVO) in the required MF/AISG formats.

The key principle is stability: after the operator obtains the license and the Bridge is fully connected to AISG, BC will not need to change anything in its integration – endpoints, payloads and behaviour remain identical.

2. Base URL and Environment

The RVO Bridge is available over HTTPS only.

Environment	Base URL
RVO Bridge	`https://rvo.apibridge.cz/api/v1/rvo/`

All endpoints documented below are relative to this base path.

3. Authentication

All endpoints under /api/v1/ require an API key.

Header	Value	Notes
`X-API-Key`	`e25c73414f9aba113fdf7baa986e305e`	Required for all business endpoints.
`Content-Type`	`application/json`	Request and response payloads are JSON.

Every request should also include the operator identifier (ICO) in the payload where required. For ALEKS CZ the value is:

operatorId (ICO): 26212013

4. General Conventions

4.1 HTTP Methods and Status Codes

GET is used for health check.
POST is used for all business endpoints.

Status	Meaning
200 OK	Request was processed successfully.
400 Bad Request	Validation error or missing/invalid data in the request.
401 Unauthorized	Missing or invalid `X-API-Key`.
500 Internal Server Error	Unexpected server-side error.

4.2 Time Format

All timestamps are UTC and use ISO 8601 format:

YYYY-MM-DDTHH:mm:ssZ
e.g. 2025-11-15T10:12:30Z

4.3 Error Object

When a request fails validation or processing, the response body contains an error object:

{
  "error": {
    "code": "INVALID_REQUEST",
    "message": "player.birthDate is required"
  }
}

The list of all possible error codes is provided in section 8.

4.4 MF Mapping Block (`mf`)

Some responses contain an additional mf object with fields used for the internal mapping to MF/AISG services. Example:

"mf": {
  "duvod": "Registrace",
  "plnoleta": "ANO",
  "nalezenaROB": "NEPROVEDENA",
  "nalezenaRVO": "NE"
}

BetConstruct can safely ignore this block. It is provided for traceability and for debugging integration with AISG.

5. Verify Player

The verify-player endpoint verifies a player for one of three purposes: registration, entry, or login. It checks:

age (18+ requirement),
RVO exclusion status,
and, in full AISG integration, existence of the person in the population register (ROB).

This call never creates an exclusion. It is purely a check used during registration/login/entry.

5.1 Endpoint

Method	Path
POST	`/verify-player`

5.2 Request Body

Example request:

{
  "requestId": "d2f79b2b-6d5d-4e52-91e2-7bcb0d963a10",
  "reason": "REGISTRATION",
  "operatorId": "26212013",
  "hid": null,
  "player": {
    "firstName": "John",
    "lastName": "Doe",
    "birthDate": "1985-04-10",
    "citizenship": "CZ"
  },
  "placeId": "26212013|PRAHA_KASINO_01",
  "locationType": null
}

5.2.1 Top-Level Fields

Field	Type	Required	Description
`requestId`	string	YES	Unique identifier of the request (UUID recommended). Echoed back in the response.
`reason`	string	YES	Purpose of the verification. One of: `REGISTRATION`, `ENTRY`, `LOGIN`.
`operatorId`	string	YES	Operator identifier (ICO). For ALEKS CZ always use `26212013`.
`hid`	string	Conditional	Player's Gaming Identifier (HID). Required for `LOGIN`. Optional for `ENTRY`. For `REGISTRATION` it may be omitted; the Bridge can generate a new HID.
`player`	object	Conditional	Player identification data. Required for `REGISTRATION`. For `ENTRY` either `player` or `hid` must be provided. For `LOGIN` it is not necessary.
`placeId`	string	Conditional	Identifier of the physical location (casino / gaming hall). Required if `locationType` is not provided.
`locationType`	string	Conditional	Type of location. Currently typical value is `INTERNET` for online environment. Required if `placeId` is not provided.

5.2.2 `reason` Values

Value	Description	MF Mapping
`REGISTRATION`	Player registration with the operator.	`Registrace`
`ENTRY`	Entry to a gaming space (physical or online).	`Vstup`
`LOGIN`	Login to online player account.	`Prihlaseni`

5.2.3 `player` Object

Field	Type	Required	Description
`firstName`	string	YES	Player's first name.
`lastName`	string	YES	Player's last name.
`birthDate`	string (YYYY-MM-DD)	YES	Date of birth. Used to check if player is 18+.
`citizenship`	string	YES	Country code, e.g. `CZ`.
`maidenName`	string	NO	Optional previous surname.
`birthPlace`	object	NO	Optional place of birth (city, district, country).
`permanentAddress`	object	NO	Optional official permanent address.

5.3 Behaviour and Validation

REGISTRATION: player is required; hid is optional.
LOGIN: hid is required; player is not required.
ENTRY: at least one of hid or player must be present.
At least one of placeId or locationType must be provided.
If player.birthDate is present, the Bridge calculates isAdult (18+).

5.4 Response Body

Example successful response:

{
  "requestId": "d2f79b2b-6d5d-4e52-91e2-7bcb0d963a10",
  "hid": "0b0a236d-6e6b-4a3e-8e8b-4f5eb095b7fb",
  "isAdult": true,
  "robStatus": "NOT_PERFORMED",
  "rvoStatus": "NOT_EXCLUDED",
  "allowed": true,
  "checkedAt": "2025-11-15T10:12:30Z",
  "source": "MIASCON_BRIDGE_RVO",
  "mf": {
    "duvod": "Registrace",
    "plnoleta": "ANO",
    "nalezenaROB": "NEPROVEDENA",
    "nalezenaRVO": "NE"
  },
  "error": null
}

5.4.1 Response Fields

Field	Type	Description
`requestId`	string	Echo of the request ID.
`hid`	string	Player HID. Returned as provided, or generated for REGISTRATION.
`isAdult`	boolean	`true` if player is 18+, otherwise `false`.
`robStatus`	string	Result of ROB population registry check (see 5.4.2).
`rvoStatus`	string	Result of RVO exclusion check (see 5.4.3).
`allowed`	boolean	Convenience value: `true` if `isAdult == true` and `rvoStatus != EXCLUDED`.
`checkedAt`	string	Timestamp of the verification (UTC).
`source`	string	Identifier of the Bridge instance.
`mf`	object/null	MF/AISG mapping block. Can be ignored by BC.
`error`	object/null	Error details if the request failed; `null` on success.

5.4.2 `robStatus` Values

Value	Description (BC)	MF Mapping (`NalezenaROB`)
`FOUND`	Person exists in the population register.	`NALEZENA`
`NOT_FOUND`	No matching person in the population register.	`NENALEZENA`
`DECEASED`	Person is registered as deceased.	`MRTVA`
`DUPLICATE`	More than one matching person (identity conflict).	`DUPLICITA`
`NO_RESPONSE`	No response from ROB (timeout or technical issue).	`NEODPOVEZENO`
`NOT_PERFORMED`	The ROB check was not performed.	`NEPROVEDENA`

5.4.3 `rvoStatus` Values

Value	Description	MF Mapping (`NalezenaRVO`)
`NOT_EXCLUDED`	Player is not excluded.	`NE`
`EXCLUDED`	Player is currently excluded.	`ANO`
`NOT_VERIFIED`	Exclusion status could not be determined.	`NEOVERENO`

6. Panic Button – 48h Exclusion

The panic-button endpoint creates a temporary exclusion for the player for exactly 48 hours. It is meant to implement the legal requirement of a fast self-protection mechanism. Internally it maps to MF AISG method VyloucitNa48hod.

6.1 Endpoint

Method	Path
POST	`/panic-button`

6.2 Request Body

{
  "requestId": "f1a2b3c4-d5e6-7890-abcd-ef0123456789",
  "operatorId": "26212013",
  "hid": "0b0a236d-6e6b-4a3e-8e8b-4f5eb095b7fb",
  "placeId": "26212013|PRAHA_KASINO_01",
  "locationType": null
}

Field	Type	Required	Description
`requestId`	string	YES	Unique request identifier.
`operatorId`	string	YES	Operator ICO, e.g. `26212013`.
`hid`	string	YES	Player HID to be excluded.
`placeId`	string	Conditional	Required if `locationType` is not set.
`locationType`	string	Conditional	Required if `placeId` is not set. Value `INTERNET` for online usage.

6.3 Response Body

{
  "requestId": "f1a2b3c4-d5e6-7890-abcd-ef0123456789",
  "hid": "0b0a236d-6e6b-4a3e-8e8b-4f5eb095b7fb",
  "result": "PROCESSED",
  "effectiveFrom": "2025-11-15T10:13:00Z",
  "effectiveTo": "2025-11-17T10:13:00Z",
  "source": "MIASCON_BRIDGE_RVO",
  "mf": {
    "vysledekPozadavku": "ZPRACOVAN"
  },
  "error": null
}

Field	Type	Description
`result`	string	On success always `PROCESSED`.
`effectiveFrom`	string	Start of exclusion period (UTC).
`effectiveTo`	string	End of exclusion period (UTC), exactly 48 hours after start.

7. Long-Term Self-Exclusion Request

The request-exclusion endpoint sends a long-term self-exclusion request for the player. Internally it maps to AISG method ZaslatZadostVylouceni.

7.1 Endpoint

Method	Path
POST	`/request-exclusion`

7.2 Request Body

{
  "requestId": "a1b2c3d4-e5f6-7890-abcd-0123456789ef",
  "operatorId": "26212013",
  "hid": "0b0a236d-6e6b-4a3e-8e8b-4f5eb095b7fb",
  "sendByEmail": true,
  "email": "player@example.com",
  "placeId": null,
  "locationType": "INTERNET"
}

Field	Type	Required	Description
`requestId`	string	YES	Unique request identifier.
`operatorId`	string	YES	Operator ICO, e.g. `26212013`.
`hid`	string	YES	Player HID.
`sendByEmail`	boolean	YES	Whether the exclusion form should be delivered by email.
`email`	string	Conditional	Required if `sendByEmail == true`.
`placeId`	string	Conditional	Required if `locationType` is not provided.
`locationType`	string	Conditional	Required if `placeId` is not provided. Typically `INTERNET`.

7.3 Response Body

{
  "requestId": "a1b2c3d4-e5f6-7890-abcd-0123456789ef",
  "hid": "0b0a236d-6e6b-4a3e-8e8b-4f5eb095b7fb",
  "result": "ACCEPTED",
  "source": "MIASCON_BRIDGE_RVO",
  "mf": {
    "vysledekPozadavku": "PRIJAT"
  },
  "error": null
}

Field	Type	Description
`result`	string	On success always `ACCEPTED`.

8. Error Codes

All error responses use the same structure with error.code and error.message.

Code	Description
`UNAUTHORIZED`	Missing or invalid `X-API-Key`.
`INVALID_REQUEST`	Generic validation error (missing or invalid fields).
`INVALID_REASON`	`reason` must be one of REGISTRATION, ENTRY, LOGIN.
`INVALID_LOCATION`	Neither `placeId` nor `locationType` was provided.
`INVALID_PLAYER`	`player` object is missing required fields.
`INVALID_EMAIL`	`email` is required when `sendByEmail == true`.
`INTERNAL_ERROR`	Unexpected server-side error.

9. Health Check Endpoint

Method	Path	Authentication
GET	`/health`	Not required

Example response:

{
  "status": "ok",
  "environment": "MIASCON RVO Playground",
  "time": "2025-11-15T10:12:30Z"
}

10. Future AISG Integration

Once the operator obtains the official license, the Bridge will be connected to the real MF AISG SOAP services for ROB and RVO. All Czech-language structures, XSD formats and SOAP details are handled internally.

For BetConstruct this means:

Same base URL and endpoints.
Same request and response JSON structures.
Same behaviour and error codes.

No changes on the BC side will be required.

11. Contact

Technical integration: MIASCON
Operator: ALEKS CZ s.r.o. (ICO: 26212013)