- Identity — a signed token: who the user is (their Bankroll handle), that they’ve passed identity verification, and their age.
- Geo — the user’s region as an ISO 3166-2 code, so you can enforce where play is allowed. Delivered in the same token as identity.
- Payments — charge the user’s Bankroll balance to your wallet in one call.
@joinbankroll/sdk
npm package is the whole integration — there is no wallet for your page to
manage and no private keys anywhere near your code.
How it works
When Bankroll opens your site, it injects a small host object into your page before it loads. The SDK wraps that host with host detection, token caching, input validation, and typed errors:A user opens your app
From a Bankroll deep link —
https://joinbankroll.com/play?url=<your-app-url> —
the Bankroll app loads your site in its host webview.Bankroll reads your manifest
The host fetches
https://<your-origin>/.well-known/bankroll.json to learn
your app’s name, icon, the capabilities it uses, and the wallet that receives
payments. See The manifest.The user consents once
The first time your app calls a capability, Bankroll shows the user exactly
what your app will get (handle, region, age) and what it can do (charge their
balance). They approve once, per app.
Under the hood, the host is
window.bankroll — { version, identity(), pay() },
injected before your page loads. You can call it directly, but the SDK is the
supported surface: it feature-detects old hosts, caches identity tokens,
validates pay input, and normalises every rejection into a typed
BankrollError.The trust model
The security of the integration comes from native being the only thing that signs, not from trusting your page:- Your page can ask for identity, but the token is minted and signed by Bankroll’s servers — your page cannot forge who the user is.
- Your page can ask to charge an amount, but the recipient is always the
merchantWalletin your manifest. A compromised page can over-charge a consented amount to your own wallet — it can never redirect funds elsewhere. - Everything the user shares is gated by an explicit, per-app consent prompt.
Opening a third-party app in Bankroll is in early access and currently
limited. To get your app enabled, reach out to the Bankroll team — see
Launch your app.
Next
Quickstart
Ship a working integration end-to-end — SDK, manifest, identity, pay, deep link.
The manifest
The
/.well-known/bankroll.json your app serves.Identity
Get and verify a signed identity token.
Payments
Charge the user’s balance and verify the payment.