AdministrationSuper Admin

Super-Admin (Platform)

The Platform section is exclusively for Puntra super-administrators. It provides cross-operator management capabilities including operator lifecycle management, admin user provisioning, role-based access control, feature flags, system health monitoring, and revenue reporting.

Super-Admin Access Only

All pages in this section require the super_adminrole. These pages are not visible to operator-level admins. If you cannot see the "Puntra Platform" section in the sidebar, contact your platform administrator.

Overview

The Platform section appears at the top of the sidebar with a red accent header. It includes: Operators, Admins, Roles, Feature Flags, Settings, Health, Revenue, Integrations, Announcements, Maintenance, and Audit Logs.

Platform Dashboard

The Platform Dashboard shows cross-operator KPIs:

Column / FieldDescription
Total OperatorsNumber of operators (tenants) on the platform
Active OperatorsOperators with active or trial status
Total PlayersAggregate player count across all operators
Platform GGRCombined gross gaming revenue
Platform FeesRevenue share fees collected
Active IntegrationsNumber of connected third-party services

Quick action buttons provide shortcuts to common tasks: Create Operator, Platform Revenue, System Health, Audit Logs, and Global Settings.

An Operator Grid below shows all operators with their status, player count, bet count, GGR, and last activity. Click any operator to view its detail page.

Operator Management

The Operators page (Platform > Operators) is the central hub for managing all operators (tenants) on the platform.

Creating a New Operator

  1. 1

    Click 'Create Operator'

    Opens the operator onboarding form.

  2. 2

    Fill in basic details

    Name: The operator's business name. Slug: URL-safe identifier (e.g., 'lucky-bet'). Brand Name: Display name shown to players.

  3. 3

    Configure domains

    Add the operator's custom domain(s) (e.g., luckybet.com). These are used for tenant resolution — when a player visits luckybet.com, they see this operator's branded experience.

  4. 4

    Set defaults

    Default currency, primary brand color, and revenue share percentage.

  5. 5

    Create initial admin

    Provide an email address for the operator's first admin user. They will receive login credentials.

  6. 6

    Save and configure

    After creation, navigate to the operator detail page to configure integrations, payment providers, and feature flags.

Operator Detail Page

Click an operator row to view its comprehensive detail page with six tabs:

Operator Tabs

  • Overview — Operator info, current status, headline metrics (users, bets, revenue)
  • Status — Change operator status:
    • active — Full operational access
    • trial — Limited trial period
    • suspended — Access blocked, players see 503
    • deactivated — Permanently deactivated
  • Admins — Admin users assigned to this operator. Add new admins, change roles, or remove access.
  • Domains— Custom domains, SSL status, and DNS configuration. Players access the operator's site through these domains.
  • Billing — Revenue share percentage, transaction volume, calculated fees, and invoice history.
  • Integrations — Connected services: payment providers, sportsbook feeds, casino providers, analytics tools. Configure per-operator credentials and settings.

Connecting a Custom Domain

Every operator gets automatic subdomains on Puntra ({slug}.puntra.io for players and {slug}-admin.puntra.io for the admin panel). To use a custom domain (e.g., luckybet.com), you need to connect it through the Domains tab and configure DNS via Cloudflare.

Cloudflare Is Required

The Puntra platform uses Cloudflare for automated DNS management. Your operator's domain must be managed on Cloudflare (nameservers pointing to Cloudflare). If the domain is not yet on Cloudflare, the operator must first add it to their Cloudflare account before proceeding.

Cloudflare Setup (Required)

Before connecting any custom domain, the operator must have their domain on Cloudflare. Here is what the operator needs to do on their end:

  1. 1

    Create a Cloudflare account

    If the operator doesn't already have one, they need to sign up at cloudflare.com.

  2. 2

    Add their domain to Cloudflare

    In the Cloudflare dashboard, click 'Add a Site' and enter the domain (e.g., luckybet.com). Cloudflare will scan existing DNS records.

  3. 3

    Update nameservers at the registrar

    Cloudflare will provide two nameservers (e.g., rustam.ns.cloudflare.com and sky.ns.cloudflare.com). The operator must update their domain registrar (GoDaddy, Namecheap, etc.) to point to these Cloudflare nameservers. This can take up to 24 hours to propagate.

  4. 4

    Generate a Cloudflare API Token

    In Cloudflare Dashboard: go to My Profile > API Tokens > Create Token. Use the 'Edit zone DNS' template or create a custom token with Zone:DNS:Edit and Zone:Zone:Read permissions for the specific domain. Copy the generated token — it will only be shown once.

API Token Permissions

The Cloudflare API token needs these minimum permissions:
  • Zone : DNS : Edit — To create and delete DNS records
  • Zone : Zone : Read — To look up the zone ID for the domain
Scope the token to the specific zone (domain) for maximum security. The operator should never share their Global API Key — a scoped API token is the correct approach.

Saving the Cloudflare Token in Puntra

Once the operator has their Cloudflare API token, a super-admin saves it in the Puntra admin panel:

  1. 1

    Navigate to the operator's detail page

    Go to Platform > Operators, click the operator, then go to the Domains tab.

  2. 2

    Enter the Cloudflare API Token

    In the Cloudflare configuration section, paste the operator's API token. Optionally provide the Cloudflare Account ID (found in the Cloudflare Dashboard under the domain's Overview page, right sidebar).

  3. 3

    Save and verify

    Click 'Save'. The system automatically verifies the token with Cloudflare's API. If the token is valid and active, it will be encrypted and stored securely. If verification fails, you'll see an error — double-check the token was copied correctly.

Token Security

The Cloudflare API token is encrypted with AES-256-GCM using a tenant-specific key before being stored in the database. It is never exposed in API responses or logs. Each operator has their own encrypted token — operators cannot see each other's credentials.

Adding a Domain

With the Cloudflare token saved, you can now add custom domains:

  1. 1

    Go to the Domains tab

    On the operator's detail page, click the Domains tab. You'll see existing domains (including auto-generated .puntra.io subdomains).

  2. 2

    Select domain type

    Choose 'Player Site' for the player-facing website (e.g., luckybet.com) or 'Admin Panel' for the admin dashboard (e.g., admin.luckybet.com).

  3. 3

    Enter the domain name

    Type the full domain (e.g., luckybet.com or bet.luckybet.com). The system strips any protocol (https://) automatically. The domain must contain at least one dot and use only lowercase letters, numbers, and hyphens.

  4. 4

    Click 'Add Domain'

    The system validates the domain, checks it isn't already used by another operator, and registers it. If Cloudflare is configured, DNS records are created automatically (see below).

Domain Types

Column / FieldDescription
Player SiteThe main betting website that players visit. Creates DNS records for both the root domain and www subdomain.
Admin PanelThe admin dashboard URL (usually admin.domain.com). Operator admins log in here to manage the platform.

Automatic DNS Setup (Recommended)

When the Cloudflare API token is configured, the system automatically creates the required DNS records when you add a domain. No manual DNS configuration needed.

The system creates the following CNAME records via the Cloudflare API:

DNS Records Created Automatically

Column / FieldDescription
Player SiteCNAME: domain.com → ghs.googlehosted.com AND www.domain.com → ghs.googlehosted.com
Admin PanelCNAME: admin.domain.com → ghs.googlehosted.com
API (optional)CNAME: api.domain.com → ghs.googlehosted.com

Cloudflare Proxy Must Be OFF

All DNS records are created with Proxy disabled (grey cloud / DNS only). This is critical — Google Cloud Run needs to provision the SSL certificate directly. If Cloudflare proxy (orange cloud) is enabled, SSL provisioning will fail. If the operator accidentally enables proxy in their Cloudflare dashboard, they must toggle it back to "DNS only".

Manual DNS Setup (Fallback)

If the Cloudflare token is not configured (or the operator prefers to manage DNS themselves), they must manually add DNS records:

  1. 1

    Copy the CNAME target

    The Domains page shows a blue info box with the CNAME target: ghs.googlehosted.com. Click the copy button to copy it to clipboard.

  2. 2

    Open the DNS provider dashboard

    Go to the operator's Cloudflare dashboard (or wherever DNS is managed) and navigate to the DNS Records section.

  3. 3

    Create CNAME records

    Add a CNAME record: Name = the domain (e.g., @ for root or the subdomain), Target = ghs.googlehosted.com. For player sites, also add a www CNAME. Set Proxy Status to 'DNS only' (grey cloud). TTL can be Auto.

  4. 4

    Wait for propagation

    DNS changes typically propagate within minutes but can take up to 24 hours. SSL will be provisioned automatically once DNS resolves correctly.

SSL Certificate & Verification

After adding a domain, the SSL certificate is provisioned automatically by Google Cloud Run. The Domains tab shows the current status for each domain:

Column / FieldDescription
SSL Active (green)Certificate is provisioned and the domain is fully live. HTTPS is working.
SSL Pending (amber)DNS has been detected but the certificate is still being provisioned. This usually takes 5-15 minutes after DNS propagates.
SSL Error (red)Certificate provisioning failed. Common causes: DNS not pointing to ghs.googlehosted.com, Cloudflare proxy enabled (orange cloud), or DNS hasn't propagated yet.

Troubleshooting SSL Issues

If SSL remains in "Pending" or "Error" for more than 30 minutes:
  • Verify the CNAME record exists: run dig domain.com CNAME and confirm it returns ghs.googlehosted.com
  • Ensure Cloudflare proxy is OFF (grey cloud, not orange)
  • Check that no conflicting A records exist for the same domain
  • Wait up to 24 hours for full DNS propagation in rare cases

Managing Existing Domains

The Domains tab displays all configured domains with their type and SSL status:

  • Type badges — Color-coded: Test (auto-generated .puntra.io), Player, Admin
  • External link— Click to open the domain in a new tab to verify it's working
  • Delete — Remove a custom domain. The system immediately invalidates caches (domain stops working right away) and automatically deletes the Cloudflare DNS records in the background if the token is configured.

Info

Auto-generated .puntra.io subdomains cannot be deleted. They are always available as fallback URLs for the operator.

Admin User Management

The Admins page (Platform > Admins) manages all admin accounts across the platform.

Column / FieldDescription
UsernameAdmin login name
EmailAdmin email address
RoleAssigned role (super_admin, operator_admin, etc.)
Assigned Operator(s)Which operators this admin can access
2FA StatusWhether 2FA is enabled
Last ActiveMost recent login
StatusActive, Suspended, Terminated

Creating an Admin User

  1. 1

    Click 'Create Admin'

    Opens the admin creation form.

  2. 2

    Set credentials

    Username, email, and temporary password. The admin will be required to change their password on first login.

  3. 3

    Assign a role

    Select from system roles (super_admin, operator_admin) or custom roles you've created.

  4. 4

    Assign to operators

    For operator-level admins, select which operator(s) they can access.

  5. 5

    Enforce 2FA

    Toggle whether 2FA is required for this admin account.

Additional admin actions:

  • Suspend — Temporarily block admin access
  • Reactivate — Restore suspended admin
  • Terminate Sessions — Force logout all active sessions
  • Reset 2FA — Clear 2FA for re-enrollment

Role Management (RBAC)

The Roles page (Platform > Roles) defines what each admin role can do. Roles use a resource-action permission model.

Creating a Custom Role

  1. 1

    Click 'Create Role'

    Opens the role creation form.

  2. 2

    Name the role

    Provide a name (e.g., 'finance_manager'), display name ('Finance Manager'), and description.

  3. 3

    Set permissions

    Use the permission grid to toggle access. Rows are resources (admin_users, withdrawals, bonuses, etc.) and columns are actions (read, create, update, delete, approve, execute).

  4. 4

    Save

    The role is immediately available for assignment to admin users.

Principle of Least Privilege

Create specific roles with only the permissions needed for each function. For example, a "Support Agent" role needs read access to users and bets but should not have approval permissions for withdrawals.

Feature Flags

Feature flags let you enable or disable platform features for specific operators or globally:

Column / FieldDescription
Flag NameUnique identifier (e.g., 'casino_enabled', 'crash_games')
StatusEnabled or Disabled
DescriptionWhat the flag controls
TargetAll operators, specific operators, or percentage rollout

Toggle flags to enable new features gradually. This is useful for rolling out new functionality to select operators before a full release.

Platform Settings

Global configuration organized by category:

  • General — Platform name, default timezone, date format
  • Email — SMTP configuration for transactional emails
  • SMS — SMS provider configuration
  • Payments — Global payment thresholds and rules
  • Security — Session timeouts, password policies, rate limits
  • UI — Default theme, language fallbacks

Changes require a reason field for the audit trail. Settings take effect immediately across all operators unless overridden at the operator level.

System Health

The Health page monitors platform infrastructure:

  • API Health — Service status and response times
  • Database — Connection pool usage, query performance
  • Cache (Redis) — Hit rates, memory usage
  • Message Queue — Queue depth, processing rates
  • Payment Integrations — Provider connectivity status

A 24-hour history chart shows system health snapshots over time, helping identify patterns and intermittent issues.

Platform Revenue

The Revenue page shows cross-operator financial performance:

  • Total platform GGR by period
  • Revenue share fees collected per operator
  • Operator-by-operator revenue breakdown
  • GGR trend charts

Maintenance Mode

Enable maintenance mode when you need to take the platform offline for updates or emergency fixes:

  • Enable/Disable — Toggle maintenance mode on/off
  • Access List — Configure who can still access (admins only, whitelist)
  • Message — Customize the maintenance message shown to players
  • Schedule — Plan future maintenance windows

Warning

Maintenance mode blocks all player access. Only enable it when absolutely necessary and always communicate the expected duration to your operators in advance.