# Authentication and Authorization To ensure secure and authorized access to the Bettor Sense API, we are relying on the Oauth 2.0 Authorization Framework. Oauth 2.0 is an industry-standard framework that enables third-party applications to obtain limited access to API services. The authentication and authorization flow for integrating with the API can be summarized as follows: 1. **Client provisioning**: After the commercial details have been confirmed and appropriate packages have been assigned, we will generate a unique client\_id and client\_secret (each environment will have its own details). This will be shared with the client with encryption or using Keeper (or other secure way of sharing the secret). 2. **Authentication**: The client's platform initiates the OAuth 2.0 authentication flow by providing their application credentials *(client\_ID* and *client\_secret)* to the Auth0 Authorization Server. 3. **Access token retrieval**: Auth0 Authorization Server validates the application's credentials and upon successful authentication, the service issues an *access\_token* to the client platform. The access token represents the authorization granted to the client's platform to access the API. The *access\_token* should be reused. 4. **Authentication and authorization**: The API verifies the provided *access\_token* to authenticate the client's platform. Additionally, it performs authorization checks to ensure the client platform has the necessary permissions to access specific resources or perform certain actions. ### Authentication request example:
FieldIntegrationProduction
URLhttps://auth.sportradar.com/oauth/tokenhttps://auth.sportradar.com/oauth/token
HeaderContent-Typeapplication/x-www-form-urlencodedapplication/x-www-form-urlencoded
Dataclient-idReceived in the encrypted file.Received in the encrypted file.
client-secretReceived in the encrypted file.Received in the encrypted file.
audiencemts-insight-tech-non-prodmts-insight-tech
grant-typeclient_credentialsclient_credentials
{% code title="Request example" %} ```sh curl -L -X POST 'https://stg-auth.sportradar.com/oauth/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'client_id=ew27623ybFwq82nsjkdpsdwsh' \ --data-urlencode 'client_secret=bccws2523wqlj10yGhW83Je' \ --data-urlencode 'audience=mts-insight-tech' \ --data-urlencode 'grant_type=client_credentials' ``` {% endcode %} {% code title="Response example" %} ```json { "access_token": "wk19ahxiOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjcyZHlYTDlJZGlKRy1LdnpjeTFSZCJ9.eyJodHRwczovL3Nwb3J0cmFkYXIvY29tbW9uLWlhbS9hY2NvdW50cyI6WyJpfDIiXSwiaXNzIjoiaHR0cHM6Ly9zdGctYXV0aC5zcG9ydHJhZGFyLmNvbS8iLCJzdWIiOiI0TFdHaENmODBqdnJ3N2hZU21FY3BwU1psU1h4WGljUEBjbGllbnRzIiwiYXVkIjoibXRzLWluc2lnaHQtdGVjaCIsImlhdCI6MTcyMTI5Mjg1MSwiZXhwIjoxNzIxMjkzMTUxLCJndHkiOiJjbGllbnQtY3JlZGVudGlhbHMiLCJhenAiOiI0TFdHaENmODBqdnJ3N2hZU21FY3BwU1psU1h4WGljUCJ9.zAGZ5O9gh3dQOOBGO0Fn_JDmuimmYa77YnUVR4R18REVz-TGUzcVl4AG-ydLD_YNuvM_fCoIy8WDVSBc7Ezn8erBkmG3R4fQ4aWiAT16SDoX-lFEiIHdOicsOh_2dnl54v96DTbG7JQuyyP1dgt5IaOxEY7Lk901Z0wzBzSlpdkw0eb0ODJv2cvP21sUL5x0XUNr5LHhATnRK9SOvCKPt7VwYIRbSjW5oyY-LzWpeudTakAwEdvi38D42zCgRv-iEXsp_D8hIXIprKYvKvwLYXzm9uoyUmFJQsOSAHVrh4Pyu5ihgRVLCpBfLQSHjqpENAWzAXI-D5D23xdalwwe", "expires_in": 600, "token_type": Bearer" } ``` {% endcode %} {% hint style="info" %} `client_id`, `client_secret`, `access_token` displayed above are random strings generated for illustration purposes only {% endhint %} The access\_token must be included in the Authorization header of all subsequent API requests. Tokens are valid for a relatively short timeframe (5 mins) and **must be reused during their validity timeframe**. Your application should refresh them automatically. {% hint style="danger" %} Note Clients must reuse non-expired tokens. A new token should be requested only a few seconds before the existing one has expired. {% endhint %}