Architecture-Aligned with The Backend of Luck

AcmeToCasino Dev Platform

A production-grade modular monolith for iGambling, built with FastAPI and domain-driven design. Server-side RNG, event-sourced wallet, KYC/AML compliance, and responsible gaming controls.

sports_esports Play 40 Games casino Lobby dashboard Operator Dashboard description Swagger Docs monitoring Performance deployed_code Deployments
Checking...
database Database: ...
storage Redis: ...
Last check: --
hub

System Architecture

devices
BROWSER
Dashboard / Game UI
security
API GATEWAY
Nginx + TLS + Rate Limit
hub
Microservices
Python / FastAPI + Go
code Python / FastAPI
person
PAM
CPF/KYC/Biometric
shield
AML / FRAUD
Graph + ML + COAF
redeem
BONUS
SIGAP Portaria 615
health_and_safety
RESP. GAMING
Portaria 1231
assignment
SIGAP
Real-time reporting
terminal Go
sports_soccer
BETTING
SIGAP integrity
account_balance_wallet
WALLET
PIX-native
receipt_long
SETTLEMENT
GGR + Tax
trending_up
ODDS FEED
SSE streaming
casino
CASINO
GAL protocol
stream
Kafka KRaft (no Zookeeper)
database PostgreSQL
storage
Redis (cache + sessions)
share Neo4j
search Elasticsearch
cloud Low-Cost Alternative — Cloudflare Workers Edge

A viable low-cost architecture for regulated iGaming using Cloudflare Workers, KV, D1 and Durable Objects. Demonstrated as a complete alternative to traditional infrastructure — ideal for startups and emerging markets like Brazil (.bet.br). See Chapter 46: Complete Brazilian Betting Platform in The Backend of Luck.

API Gateway PIX Webhook SIGAP Reporter Odds Feed Session Manager | KV: Sessions D1: Database R2: KYC Docs Durable Objects
grid_view

Domain Modules

person
Online
Player Account Management
/players, /auth/*

Registration, JWT authentication (access + refresh tokens), player profiles with KYC status and VIP tier tracking.

Endpoints
POST/players
GET/players/{id}
POST/auth/login
POST/auth/refresh
account_balance_wallet
Online
Event-Sourced Wallet
/wallet/{player_id}/*

Append-only event log: BET, WIN, DEPOSIT, WITHDRAWAL, BONUS_CREDIT, BONUS_DEBIT. Balance computed from events, never updated directly.

Endpoints
GET/wallet/{id}/balance
POST/wallet/{id}/transaction
GET/wallet/{id}/history
casino
Online
Game Aggregation Layer
/gal/*

Game sessions, server-side CSPRNG bet resolution, RNG seed hash audit trail. Integrates with wallet for atomic bet/win.

Endpoints
POST/gal/launch
POST/gal/bet
GET/gal/sessions/{id}
verified_user
Online
Compliance (KYC / AML)
/compliance/*

KYC document submission and operator verification, AML velocity-based alerts with risk scoring (low/medium/high/critical).

Endpoints
POST/compliance/kyc/{id}/submit
POST/compliance/kyc/{id}/verify
GET/compliance/aml/alerts
schedule
Online
Responsible Gaming
/responsible-gaming/*

Player deposit limits (daily/weekly/monthly), self-exclusion with enforced cooling-off, reality checks with net position tracking.

Endpoints
POST/responsible-gaming/limits/{id}
POST/responsible-gaming/exclude/{id}
GET/responsible-gaming/status/{id}
settings_suggest
Online
Game Control
/game-control/*

Server-side RTP configuration (80-99%) per game, aggregate statistics, actual vs target RTP deviation tracking.

Endpoints
GET/game-control/rtp
PUT/game-control/rtp/{slug}
GET/game-control/stats
layers

How This Platform Works

A microservices architecture with Python and Go services, Kafka KRaft event streaming, and Cloudflare Workers edge deployment. Nine bounded contexts handle every domain of regulated iGaming operations, including Brazilian betting under Lei 14.790/2023.

Request Flow: Player to Database

Every request passes through the API gateway, gets routed to the correct domain module, and interacts with shared data stores.

Client
computer
DASHBOARD
Operator UI
sports_esports
GAME UI
Player-facing
description
SWAGGER
API Explorer
Gateway
cloud
CF WORKERS
Edge (.bet.br)
security
NGINX + TLS
Reverse proxy
bolt
FASTAPI
ASGI Router
Modules
Python / FastAPI
PAM
CPF/KYC
AML/FRAUD
Graph + COAF
BONUS
SIGAP 615
RESP. GAMING
Portaria 1231
SIGAP
Real-time
Go
BETTING
SIGAP integrity
WALLET
PIX-native
SETTLEMENT
GGR + Tax
ODDS FEED
SSE
CASINO
GAL protocol
Events
stream
KAFKA KRAFT
Event streaming
Data
database
POSTGRESQL
Persistent storage
storage
REDIS
Cache (S/M scale)
hub
NEO4J
Graph DB
search
ELASTICSEARCH
Full-text search
menu_book
Chapter 10: Complete Platform Architecture covers the core architecture. Chapter 46 details the complete Brazilian betting platform with 9 microservices, PIX payments, and SIGAP compliance. Read in The Backend of Luck →
shield

Fraud Detection Pipeline

A real-time fraud detection and analytics pipeline built on a Kubernetes cluster. Wallet events are collected, scored by a rules engine, and streamed through Kafka into a full analytics stack for batch ML and compliance reporting.

casino
Casino Platform
Real-time wallet events
wallet events
schedule_send
Event Pusher
cron 60s · HTTPS encrypted batch
HTTPS batch
policy
Fraud Detection API
Rules Engine · 10 fraud rules
Analytics Cluster (K8s)
search
Elasticsearch
158K+ events indexed
1.9K+ fraud alerts
stream
Kafka Bridge
topic: fraud.events
durable streaming
bolt
Apache Flink
Real-time scoring
Apache Iceberg — Table Storage
transactions
alerts
sessions
risk_scores
folder_open
RustFS-HA
S3-compatible object storage · HA cluster on K8s
analytics
Apache Spark
Batch analytics + ML training
dashboard
Dashboard
Live Fraud System · Redis cache → real-time display
ingestion
streaming
search & indexing
real-time processing
storage layer
batch analytics
menu_book
Chapter 29: Fraud Detection & AML Pipeline covers real-time event scoring, graph-based detection, and the full analytics stack from Kafka through Spark ML. Read in The Backend of Luck →
developer_board

Module Deep Dives

Click any module to expand its details, see available endpoints, and find the corresponding book chapters.

Handles player registration, JWT-based authentication (access + refresh tokens), KYC document verification, player profile management, and VIP tier tracking. Every player interaction starts here.

Key Endpoints
POST/pam/register
POST/pam/login
GET/pam/players
GET/pam/players/{id}
menu_book
Chapters 10 & 24: Platform Architecture & Security Compliance. Get the book →

Manages deposits, withdrawals, bet/win transactions, and real-time balance computation. Uses an append-only event log -- balances are derived from the event stream, never updated directly. Supports BET, WIN, DEPOSIT, WITHDRAWAL, BONUS_CREDIT, and BONUS_DEBIT event types.

Key Endpoints
GET/wallet/{player_id}/balance
POST/wallet/deposit
GET/wallet/recent-events
GET/wallet/{player_id}/history
menu_book
Chapter 12: Real-Time Cash Flow Management -- event sourcing, double-entry accounting, and reconciliation. Get the book →

Provides a unified game API that abstracts multiple providers behind a single interface. Manages game sessions, server-side CSPRNG-based bet resolution, RNG seed hash audit trails, and atomic bet/win transactions with the wallet module.

Key Endpoints
POST/gal/play
GET/gal/games
GET/gal/recent-rounds
POST/gal/launch
menu_book
Chapters 15 & 17: Casino Mathematics & Random Number Generation -- how the house edge works, RNG certification, and provably fair gaming. Get the book →

Manages KYC document submission and operator-side verification, AML velocity-based alerts with risk scoring (low/medium/high/critical), regulatory reporting pipelines, and jurisdiction-specific compliance rules. Integrates with national exclusion databases.

Key Endpoints
POST/compliance/kyc/verify
GET/compliance/kyc/{player_id}
GET/compliance/aml/alerts
POST/compliance/aml/alerts/{id}/review
menu_book
Chapters 24-25: Security & GLI/GSF Compliance -- encryption at rest, PCI-DSS, and regulatory framework across 100+ jurisdictions. Get the book →

Enforces deposit limits (daily/weekly/monthly), session time limits, self-exclusion with mandatory cooldown periods, and behavioral alerts. Monitors real-time player activity to detect harmful patterns and trigger graduated interventions.

Key Endpoints
POST/responsible-gaming/limits
GET/responsible-gaming/limits/{player_id}
POST/responsible-gaming/exclude/{id}
GET/responsible-gaming/status/{id}
menu_book
Chapter 26: Responsible Gaming & Player Protection -- real-time behavioral monitoring, ML-driven addiction detection, and GAMSTOP integration. Get the book →

Server-side RTP management (configurable 80-99% per game), aggregate game statistics, actual vs target RTP deviation tracking, and operator-level controls for game performance tuning. The operator's lever for managing the house edge.

Key Endpoints
GET/game-control/rtp
PUT/game-control/rtp/{slug}
GET/game-control/stats
menu_book
Chapters 15 & 28: Casino Mathematics & Technical Deep Dives -- house edge mechanics, volatility models, and RTP certification. Get the book →
auto_stories Companion Demo

Built from The Backend of Luck

This platform is a working demonstration of the architecture described in the book "The Backend of Luck: Inside the Systems That Power Real Money Gaming". Every module, endpoint, and data flow you see here maps directly to a book chapter.

47
Chapters
774K+
Words
5,957+
Production Scripts
397
Diagrams
menu_book Get the Book
monitoring

Live Data Right Now

Real-time statistics fetched directly from the platform API.

group
Loading...
Players Registered
sports_esports
Loading...
Game Rounds Played
percent
Loading...
Platform RTP
casino
Loading...
Total Games Available
help

Frequently Asked Questions

No. This is a simulation platform built as a companion to the book The Backend of Luck. No real money is involved. All players are simulated, all transactions are fake, and the platform exists purely to demonstrate how a production iGambling backend works under the hood. Think of it as a fully functional prototype for educational purposes.
The architecture patterns demonstrated here are production-grade -- modular monolith with domain-driven design, event-sourced wallet, server-side RNG, and compliance modules. However, this is a demonstration platform. A production deployment would require hardened security, load testing, jurisdiction-specific licensing, third-party KYC provider integration, and regulatory certification. The book covers all of these requirements in detail across 46 chapters.
The platform is built with Python 3.12 and FastAPI for the backend, PostgreSQL for persistent storage, Redis (small/medium scale) for cache, locks, and transient fan-out, Kafka KRaft (enterprise) for durable event streaming, and Docker Compose for orchestration. The frontend uses vanilla HTML/CSS/JavaScript with no framework dependencies. API documentation is auto-generated via Swagger/OpenAPI.
Visit /api/v2/docs for the full interactive Swagger/OpenAPI documentation. You can explore every endpoint, see request/response schemas, and execute test calls directly from your browser. The alternative ReDoc view is also available at /api/v2/redoc.
The operational dashboard is at dashboard.html. It provides real-time visibility into player activity, wallet transactions, game rounds, RTP performance, compliance alerts, and responsible gaming metrics. The dashboard has 17 tabs covering every aspect of platform operations -- the same data an operator would monitor in production.