API Authentication
API Authentication
What the Authorization header looks like and how the token is used.
Essentials
API Authentication
All API requests require authentication using your API key in the Authorization header.
Authorization header
Every request must send a valid bearer token. Without it, the API returns 401.
Authorization: Bearer YOUR_API_KEY
How to send it
Server-side
Keep the key in env vars or secure config.
Client apps
Do not expose the key in browser code.
One header
Send a single Bearer token per request.
Always HTTPS
Protect the token in transit.
Security rules
Keep private
Never put the key in frontend code.
One key per env
Use different keys for sandbox and live.
Endpoint pattern
GET /odds
Best for live market snapshots.
GET /fixtures
Useful for scheduling and pregame views.