LennyFighter — Battle for LennyCoin

Authentication

All authenticated endpoints require an API key in the X-API-Key header. Obtain your key by registering a player via POST /api/v1/players.

curl -H "X-API-Key: pk_your_api_key" \
  https://lennyfighter.example.com/api/v1/wallet

PII & Compliance Architecture

Developers are never exposed to PII or PCI scope. Sensitive data flows:

Player → LennyFighter Hosted iframe → LennyFighter PCI Backend
                                              ↓
                                    bank_token returned
                                              ↓
                              Developer stores bank_token (not PII)
                                              ↓
                     POST /api/v1/payouts { bank_token: "btok_..." }

KYC Flow:
  Developer → POST /api/v1/kyc { player_id }
  LennyFighter → Returns verification_url (hosted by LennyFighter)
  Player → Completes verification on LennyFighter's domain
  LennyFighter → Webhook: kyc.verified { player_id, status }
  Developer → Never handles identity documents

Webhooks

All webhooks are signed with HMAC-SHA256. Verify using the X-LennyFighter-Signature header.

POST https://your-server.com/webhooks/lennyfighter
Headers:
  Content-Type: application/json
  X-LennyFighter-Signature: hmac_sha256_hex
  X-LennyFighter-Event: payout.completed

Body:
{
  "id": "evt_uuid",
  "event": "payout.completed",
  "timestamp": "2026-03-19T10:00:00Z",
  "data": {
    "payout_id": "po_abc123",
    "amount_cents": 5000
  }
}

1. Payout to Bank

Developers trigger bank account payouts on behalf of users. Requires KYC verification. Daily limit: $10,000.

POST/api/v1/payoutsInitiate a payout to a player's linked bank account▶

GET/api/v1/payouts/:idGet payout status▶

POST/api/v1/payouts/:id/retryRetry a failed payout (max 3 retries)▶

GET/api/v1/payoutsList payouts for a player with pagination▶

2. Wallet Loading

Allow users to fund a wallet from a linked bank account. Bank details are captured via a LennyFighter-hosted iframe — the developer never touches raw PII.

POST/api/v1/wallet/link-bankLink a bank account (returns tokenized bank_token)▶

POST/api/v1/walletLoad wallet from linked bank account▶

GET/api/v1/walletGet wallet balance (fiat + virtual currency)▶

GET/api/v1/wallet/transactionsTransaction history with pagination and type filtering▶

3. Virtual Currency

A convertible virtual currency (LennyCoin) for in-game transactions. Backed by LennyFighter's virtual ledger. Buy rate: 100 PC/$1. Sell rate: 95 PC/$1 (5% spread).

GET/api/v1/currencyGet virtual currency balance and exchange rates▶

POST/api/v1/currency/purchaseBuy virtual currency with fiat balance▶

POST/api/v1/currency/cashoutCash out virtual currency to fiat (requires KYC)▶

POST/api/v1/currency/transferTransfer virtual currency between players▶

GET/api/v1/currency/exchange-rateGet current exchange rates (public, no auth required)▶

4. Wagers

Players stake LennyCoin on matches. Winner takes the pot minus 5% platform fee. Both sides escrow before match starts.

POST/api/v1/wagersCreate a wager (creator's LennyCoin is escrowed)▶

POST/api/v1/wagers/:id/acceptAccept a wager (opponent's LennyCoin is escrowed)▶

POST/api/v1/wagers/:id/resolveResolve wager after match completion▶

5. Tournaments

Entry-fee tournaments with prize pool distribution. Prize split: 1st 50%, 2nd 30%, 3rd 15%, platform 5%.

POST/api/v1/tournamentsCreate a tournament▶

POST/api/v1/tournaments/:id/joinJoin a tournament (pays entry fee)▶

POST/api/v1/tournaments/:id/payoutDistribute prizes to top finishers▶

6. KYC / Identity

Identity verification for bank operations and cashout. KYC is handled by LennyFighter — the developer initiates the flow and receives status via webhook. No identity documents pass through the developer's systems.

POST/api/v1/kycInitiate KYC verification for a player▶

GET/api/v1/kyc?player_id=uuidCheck KYC status▶

POST/api/v1/kyc/verifyComplete KYC verification (called by KYC provider webhook)▶

7. Players

Player registration and API key management.

POST/api/v1/playersRegister a new player (returns API key)▶

Error Response Format

{
  "success": false,
  "error": {
    "code": "INSUFFICIENT_BALANCE",
    "message": "Insufficient wallet balance for payout"
  }
}

HTTP Status Codes:
  200 — Success
  400 — Bad Request (validation error)
  401 — Unauthorized (invalid/missing API key)
  404 — Resource Not Found
  429 — Rate Limited
  500 — Internal Server Error

API Documentation