Spain's gambling regulator, the DGOJ, has released the technical specifications for the Joint Deposit Limits System – the software infrastructure underpinning the government's recently approved joint deposit limits framework. The document marks the first concrete technical blueprint of the system and makes clear that the sector faces substantial integration work in the months ahead.
Real-Time API Verification at the Core of Spain's Joint Deposit Limits System
The centrepiece of the new architecture is a mandatory real-time communication requirement. Every time a player initiates a deposit, the operator must submit the transaction to the DGOJ's centralised platform via an REST API service and wait for the system's response before accepting or rejecting the deposit. There is no offline fallback: the regulator's platform becomes the definitive checkpoint for every single transaction.
The data payload operators must transmit is extensive. Each request must include the player's identity document, full name, date of birth, deposit amount, and a unique operation identifier. Incomplete submissions are not silently failed – missing identification data, absent deposit information, or incorrectly formatted fields will automatically trigger rejection, with specific error codes returned for each validation failure.
The system also supports deposit reversals, though with a strict sequencing condition: a previously registered deposit may only be cancelled once the platform has already confirmed the original operation.
Integration with Player Verification and Version Management
The following table summarises the mandatory data fields operators must include in every deposit request submitted to the DGOJ platform, along with the consequences of omission or formatting errors.
| Required Data Field | Consequence if Missing or Malformed |
|---|---|
| Player identity document | Automatic rejection with specific error code |
| Full name | Automatic rejection with specific error code |
| Date of birth | Automatic rejection with specific error code |
| Deposit amount | Automatic rejection with specific error code |
| Unique operation identifier | Automatic rejection with specific error code |
Together, these five fields form the minimum viable payload — any gap in this data set will block the transaction before deposit limit logic is even evaluated.
Warning
The DGOJ architecture explicitly eliminates any offline processing option. If the centralised platform is unavailable at the moment of a deposit attempt, operators have no approved alternative pathway — meaning platform uptime and latency on the regulator's side become direct dependencies for operator revenue continuity. Operators should factor third-party platform availability into their risk assessments before go-live.
The Joint Deposit Limits System does not operate in isolation. It is tightly coupled with the DGOJ's existing Player Verification Service, which the platform queries to check a user's status at the point of each deposit request. In certain circumstances – for instance, when a verification query cannot be completed – the system will return dedicated response codes to signal the issue.
Managing ongoing platform evolution is built into the architecture from the outset. The DGOJ will permit up to two simultaneous versions of the service to run concurrently, allowing operators to migrate progressively rather than face hard cut-overs. The regulator has also committed to communicating any version changes with sufficient advance notice to allow the sector to prepare.
Access to the production environment will be restricted by IP whitelisting. Each operator may register a maximum of four IP addresses, with any additional addresses requiring express justification. Before go-live, operators will have access to a dedicated testing environment to validate their integrations ahead of full deployment.
What Operators Should Prepare For Under the New DGOJ Framework
For the first time, the DGOJ will become the central verification point for every deposit made across state-regulated online gambling in Spain.
The publication of these specifications allows operators to begin sizing the technical effort required. The obligations are layered: real-time API calls on every deposit, dependency on a centrally managed platform, continuous adaptation as the DGOJ releases updated versions, and strict IP access controls all compound the compliance burden.
The coupling with the Player Verification Service adds another dimension. Operators will need to ensure their systems handle not just the deposit limit response but also the distinct error states that arise when verification queries are incomplete – edge cases that could affect player experience if not handled gracefully.
Spain's licensed operators have absorbed a steady stream of regulatory and technical changes in recent years. The DGOJ's broader gambling law reform agenda signals that this integration demand sits within a wider overhaul of the regulatory framework. The Joint Deposit Limits System represents a structural shift, not an incremental one — and Spain's Q1 2026 online gambling market, which reached €454 million in gross gaming revenue, underscores the commercial stakes of uninterrupted deposit processing. The question decision-makers should now be asking is not whether integration is feasible, but whether existing compliance and IT resource pipelines can absorb the timeline the DGOJ ultimately sets for production deployment. The testing environment will be critical – operators who engage early will be far better positioned when the live calendar is confirmed.
Prioritise Edge-Case Handling in Your Integration Design
The Joint Deposit Limits System returns distinct error codes for verification query failures, not just deposit limit rejections. Operators whose front-end and back-end systems treat all non-approval responses the same way risk degrading the player experience at critical touchpoints. Build separate handling logic for each documented error state — including the specific codes triggered when the Player Verification Service query cannot be completed — before submitting for testing environment validation.
The technical specifications make clear there is no offline fallback — the regulator's platform is the definitive checkpoint for every transaction. The source does not disclose a contingency protocol for platform outages, so operators should raise this scenario directly with the DGOJ and define internal incident-response procedures before production deployment.
The architecture supports up to two simultaneous service versions, and the DGOJ has committed to providing advance notice before version changes. Operators should build version-aware integration layers that can route requests to the correct API version without requiring a full system re-deployment, reducing the risk of compliance gaps during transition windows.
The article indicates that a dedicated testing environment will be available for operators to validate integrations before full deployment. While the source does not specify what pass criteria or certification steps — if any — the DGOJ requires before granting production access, early engagement with the testing environment is explicitly identified as a competitive advantage when the live calendar is confirmed.
According to AzarPlus.




