Authentication and Authorization

To ensure secure and authorized access to the Bettor Sense API, we are relying on the Oauth 2.0 Authorization Framework. Oauth 2.0 is an industry-standard framework that enables third-party applications to obtain limited access to API services. The authentication and authorization flow for integrating with the API can be summarized as follows:

Client provisioning: After the commercial details have been confirmed and appropriate packages have been assigned, we will generate a unique client_id and client_secret (each environment will have its own details). This will be shared with the client with encryption or using Keeper (or other secure way of sharing the secret).
Authentication: The client's platform initiates the OAuth 2.0 authentication flow by providing their application credentials (client_ID and client_secret) to the Auth0 Authorization Server.
Access token retrieval: Auth0 Authorization Server validates the application's credentials and upon successful authentication, the service issues an access_token to the client platform. The access token represents the authorization granted to the client's platform to access the API. The access_token should be reused.
Authentication and authorization: The API verifies the provided access_token to authenticate the client's platform. Additionally, it performs authorization checks to ensure the client platform has the necessary permissions to access specific resources or perform certain actions.

Authentication request example:

Field

Integration

Production

URL

https://auth.sportradar.com/oauth/token

Header

Content-Type

application/x-www-form-urlencoded

Data

client-id

Received in the encrypted file.

client-secret

Received in the encrypted file.

audience

mts-insight-tech-non-prod

mts-insight-tech

grant-type

client_credentials

Request example

curl -L -X POST 'https://stg-auth.sportradar.com/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=ew27623ybFwq82nsjkdpsdwsh' \
--data-urlencode 'client_secret=bccws2523wqlj10yGhW83Je' \
--data-urlencode 'audience=mts-insight-tech' \
--data-urlencode 'grant_type=client_credentials'

Response example

{
    "access_token": "wk19ahxiOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjcyZHlYTDlJZGlKRy1LdnpjeTFSZCJ9.eyJodHRwczovL3Nwb3J0cmFkYXIvY29tbW9uLWlhbS9hY2NvdW50cyI6WyJpfDIiXSwiaXNzIjoiaHR0cHM6Ly9zdGctYXV0aC5zcG9ydHJhZGFyLmNvbS8iLCJzdWIiOiI0TFdHaENmODBqdnJ3N2hZU21FY3BwU1psU1h4WGljUEBjbGllbnRzIiwiYXVkIjoibXRzLWluc2lnaHQtdGVjaCIsImlhdCI6MTcyMTI5Mjg1MSwiZXhwIjoxNzIxMjkzMTUxLCJndHkiOiJjbGllbnQtY3JlZGVudGlhbHMiLCJhenAiOiI0TFdHaENmODBqdnJ3N2hZU21FY3BwU1psU1h4WGljUCJ9.zAGZ5O9gh3dQOOBGO0Fn_JDmuimmYa77YnUVR4R18REVz-TGUzcVl4AG-ydLD_YNuvM_fCoIy8WDVSBc7Ezn8erBkmG3R4fQ4aWiAT16SDoX-lFEiIHdOicsOh_2dnl54v96DTbG7JQuyyP1dgt5IaOxEY7Lk901Z0wzBzSlpdkw0eb0ODJv2cvP21sUL5x0XUNr5LHhATnRK9SOvCKPt7VwYIRbSjW5oyY-LzWpeudTakAwEdvi38D42zCgRv-iEXsp_D8hIXIprKYvKvwLYXzm9uoyUmFJQsOSAHVrh4Pyu5ihgRVLCpBfLQSHjqpENAWzAXI-D5D23xdalwwe",
    "expires_in": 600,
    "token_type": Bearer"
}

client_id, client_secret, access_token displayed above are random strings generated for illustration purposes only

The access_token must be included in the Authorization header of all subsequent API requests. Tokens are valid for a relatively short timeframe (5 mins) and must be reused during their validity timeframe. Your application should refresh them automatically.

Note

Clients must reuse non-expired tokens. A new token should be requested only a few seconds before the existing one has expired.

PreviousAPI Integration Best Practices NextEndpoints

Last updated 22 days ago

Was this helpful?

Good afternoon

Authentication request example: