> For the complete documentation index, see [llms.txt](https://docs.sportradar.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sportradar.com/bettor-sense/bettor-sense-api/authentication-and-authorization.md).

# Authentication and Authorization

To ensure secure and authorized access to the Bettor Sense API, we are relying on the Oauth 2.0 Authorization Framework. Oauth 2.0 is an industry-standard framework that enables third-party applications to obtain limited access to API services. The authentication and authorization flow for integrating with the API can be summarized as follows:

1. **Client provisioning**: After the commercial details have been confirmed and appropriate packages have been assigned, we will generate a unique client\_id and client\_secret (each environment will have its own details). This will be shared with the client with encryption or using Keeper (or other secure way of sharing the secret).
2. **Authentication**: The client's platform initiates the OAuth 2.0 authentication flow by providing their application credentials *(client\_ID* and *client\_secret)* to the Auth0 Authorization Server.
3. **Access token retrieval**: Auth0 Authorization Server validates the application's credentials and upon successful authentication, the service issues an *access\_token* to the client platform. The access token represents the authorization granted to the client's platform to access the API. The *access\_token* should be reused.
4. **Authentication and authorization**: The API verifies the provided *access\_token* to authenticate the client's platform. Additionally, it performs authorization checks to ensure the client platform has the necessary permissions to access specific resources or perform certain actions.

### Authentication request example:

<table><thead><tr><th width="84.092041015625">Field</th><th width="151.16497802734375"></th><th>Integration</th><th>Production</th></tr></thead><tbody><tr><td><strong>URL</strong></td><td></td><td><a href="https://auth.sportradar.com/oauth/token"><mark style="color:$primary;">https://auth.sportradar.com/oauth/token</mark></a></td><td><a href="https://auth.sportradar.com/oauth/token">https://auth.sportradar.com/oauth/token</a></td></tr><tr><td><strong>Header</strong></td><td><code>Content-Type</code></td><td>application/x-www-form-urlencoded</td><td>application/x-www-form-urlencoded</td></tr><tr><td><strong>Data</strong></td><td><code>client-id</code></td><td><em>Received in the encrypted file.</em></td><td><em>Received in the encrypted file.</em></td></tr><tr><td></td><td><code>client-secret</code></td><td><em>Received in the encrypted file.</em></td><td><em>Received in the encrypted file.</em></td></tr><tr><td></td><td><code>audience</code></td><td><code>mts-insight-tech-non-prod</code></td><td><code>mts-insight-tech</code></td></tr><tr><td></td><td><code>grant-type</code></td><td><code>client_credentials</code></td><td><code>client_credentials</code></td></tr></tbody></table>

{% code title="Request example" %}

```sh
curl -L -X POST 'https://stg-auth.sportradar.com/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=ew27623ybFwq82nsjkdpsdwsh' \
--data-urlencode 'client_secret=bccws2523wqlj10yGhW83Je' \
--data-urlencode 'audience=mts-insight-tech' \
--data-urlencode 'grant_type=client_credentials'
```

{% endcode %}

{% code title="Response example" %}

```json
{
    "access_token": "wk19ahxiOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjcyZHlYTDlJZGlKRy1LdnpjeTFSZCJ9.eyJodHRwczovL3Nwb3J0cmFkYXIvY29tbW9uLWlhbS9hY2NvdW50cyI6WyJpfDIiXSwiaXNzIjoiaHR0cHM6Ly9zdGctYXV0aC5zcG9ydHJhZGFyLmNvbS8iLCJzdWIiOiI0TFdHaENmODBqdnJ3N2hZU21FY3BwU1psU1h4WGljUEBjbGllbnRzIiwiYXVkIjoibXRzLWluc2lnaHQtdGVjaCIsImlhdCI6MTcyMTI5Mjg1MSwiZXhwIjoxNzIxMjkzMTUxLCJndHkiOiJjbGllbnQtY3JlZGVudGlhbHMiLCJhenAiOiI0TFdHaENmODBqdnJ3N2hZU21FY3BwU1psU1h4WGljUCJ9.zAGZ5O9gh3dQOOBGO0Fn_JDmuimmYa77YnUVR4R18REVz-TGUzcVl4AG-ydLD_YNuvM_fCoIy8WDVSBc7Ezn8erBkmG3R4fQ4aWiAT16SDoX-lFEiIHdOicsOh_2dnl54v96DTbG7JQuyyP1dgt5IaOxEY7Lk901Z0wzBzSlpdkw0eb0ODJv2cvP21sUL5x0XUNr5LHhATnRK9SOvCKPt7VwYIRbSjW5oyY-LzWpeudTakAwEdvi38D42zCgRv-iEXsp_D8hIXIprKYvKvwLYXzm9uoyUmFJQsOSAHVrh4Pyu5ihgRVLCpBfLQSHjqpENAWzAXI-D5D23xdalwwe",
    "expires_in": 600,
    "token_type": Bearer"
}
```

{% endcode %}

{% hint style="info" %}
`client_id`, `client_secret`, `access_token` displayed above are random strings generated for illustration purposes only
{% endhint %}

The access\_token must be included in the Authorization header of all subsequent API requests. Tokens are valid for a relatively short timeframe (5 mins) and **must be reused during their validity timeframe**. Your application should refresh them automatically.

{% hint style="danger" %}
Note

Clients must reuse non-expired tokens. A new token should be requested only a few seconds before the existing one has expired.
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sportradar.com/bettor-sense/bettor-sense-api/authentication-and-authorization.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.