API Authentication

API Authentication

What the Authorization header looks like and how the token is used.

Essentials

API Authentication

All API requests require authentication using your API key in the Authorization header.

Authorization header

Every request must send a valid bearer token. Without it, the API returns 401.

Authorization: Bearer YOUR_API_KEY

How to send it

Server-side
Keep the key in env vars or secure config.
Client apps
Do not expose the key in browser code.
One header
Send a single Bearer token per request.
Always HTTPS
Protect the token in transit.

Security rules

Keep private
Never put the key in frontend code.
One key per env
Use different keys for sandbox and live.

Endpoint pattern

GET /odds
Best for live market snapshots.
GET /fixtures
Useful for scheduling and pregame views.

Related links