REST API v1

API Connection Guide

How to connect your PHP website or app to SmileOne Order API. Use your approved API key to place orders, redeem codes, and check wallet balance.

Overview

This API lets you automate game top-ups (Mobile Legends, Magic Chess, Where Winds Meet). Orders run on the SmileOne network. Your reseller wallet is charged when an order succeeds.

What you need

Approved reseller account
API key from admin
PHP website/server with cURL enabled

Admin setup and operation notes are available at Admin Guide.

1. Get your API key

Get approved Ask admin to approve your reseller account and issue an API key.
Save your key Store the API key safely in your PHP website configuration.
Keep it secret Anyone with your key can spend your wallet balance.

2. Base URL

All API requests use this base path:

https://royalplayapi.duckdns.org/api/v1

Example: health check = BASE/health

3. Authentication

Add your API key to every request except GET /health.

Option A — Bearer token (recommended)

Authorization: Bearer YOUR_API_KEY

Option B — Header

X-Api-Key: YOUR_API_KEY

4. Connect & test

Health check (no key) Confirms API is online.
Check account balance Uses your API key; returns BR and PHP wallet.
SmileOne status (optional) GET /smileone/status — server ready for orders.

Health — cURL

curl -s "HOST/api/v1/health"

Account — cURL

curl -s "HOST/api/v1/account" \
  -H "Authorization: Bearer YOUR_API_KEY"

Expected: {"ok":true,"userId":"...","wallets":{"br":0,"php":0}}

Account — PHP

<?php
$apiKey = 'YOUR_API_KEY';
$ch = curl_init('HOST/api/v1/account');
curl_setopt_array($ch, [
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_HTTPHEADER => [
    'Authorization: Bearer ' . $apiKey,
  ],
]);
$response = curl_exec($ch);
curl_close($ch);
echo $response;

5. Get game products

List available packages before ordering. Use the name field as product in your order.

GET /products/ml
GET /products/mc
GET /products/w

Example response

{
  "ok": true,
  "game": "ml",
  "products": [
    { "name": "86", "country": "br", "price": 120 }
  ]
}

6. Place order (auto)

POST to the game endpoint. Wallet is debited first; SmileOne processes the recharge; partial failures are refunded.

Mobile Legends / Magic Chess

curl -X POST "HOST/api/v1/orders/ml" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"userId":"GAME_ID","zoneId":"ZONE_ID","product":"86","count":1}'

Mobile Legends / Magic Chess — PHP

<?php
$apiKey = 'YOUR_API_KEY';
$payload = [
  'userId' => 'GAME_ID',
  'zoneId' => 'ZONE_ID',
  'product' => '86',
  'count' => 1,
];
$ch = curl_init('HOST/api/v1/orders/ml');
curl_setopt_array($ch, [
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_POST => true,
  CURLOPT_HTTPHEADER => [
    'Authorization: Bearer ' . $apiKey,
    'Content-Type: application/json',
  ],
  CURLOPT_POSTFIELDS => json_encode($payload),
]);
$response = curl_exec($ch);
curl_close($ch);
echo $response;

Where Winds Meet (no zoneId)

curl -X POST "HOST/api/v1/orders/w" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"userId":"GAME_UID","product":"PACK_NAME"}'

Check account before order (optional)

POST /check/ml
{"userId":"123456789","zoneId":"1234","product":"86"}

Batch orders

{"orders":[
  {"userId":"111","zoneId":"1001","product":"86"},
  {"userId":"222","zoneId":"1002","product":"172"}
]}

7. Redeem Smile Code (wallet top-up)

Redeem a SmileOne code into your reseller wallet (BR or PHP). Check first, then redeem to credit your balance.

Check code (preview)

curl -X POST "HOST/api/v1/redeem/check" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"code":"YOUR_SMILE_CODE"}'

Expected: {"ok":true,"code":"...","country":"br","amount":100,"currency":"BR"}

Redeem (check + recharge + credit wallet)

curl -X POST "HOST/api/v1/redeem" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"code":"YOUR_SMILE_CODE"}'

Redeem — PHP

<?php
$apiKey = 'YOUR_API_KEY';
$payload = ['code' => 'YOUR_SMILE_CODE'];
$ch = curl_init('HOST/api/v1/redeem');
curl_setopt_array($ch, [
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_POST => true,
  CURLOPT_HTTPHEADER => [
    'Authorization: Bearer ' . $apiKey,
    'Content-Type: application/json',
  ],
  CURLOPT_POSTFIELDS => json_encode($payload),
]);
$response = curl_exec($ch);
curl_close($ch);
echo $response;

Expected: {"ok":true,"credited":100,"currency":"BR","balanceAfter":100,"wallets":{"br":100,"php":0}}

Body field code also accepts sec or redeemCode.

All endpoints

	Path	Description
GET	/health	No auth — API online
GET	/smileone/status	SmileOne ready
GET	/account	Your wallet
GET	/products/:game	ml, mc, w
GET	/history	Order history
POST	/check/ml, /check/mc, /check/w	Verify game ID
POST	/orders/ml, /orders/mc, /orders/w	Place order
POST	/redeem/check	Preview Smile code (BR/PHP + amount)
POST	/redeem	Redeem code → credit wallet

HTTP errors

401 — Wrong or missing API key
403 — Account not approved yet
207 — Some orders failed (see results)
503 — SmileOne cookies not set on server