sportradar.comSportradar Support Portal

Authentication and Authorization

To ensure secure and authorized access to the Bettor Sense API, we are relying on the Oauth 2.0 Authorization Framework. Oauth 2.0 is an industry-standard framework that enables third-party applications to obtain limited access to API services. The authentication and authorization flow for integrating with the API can be summarized as follows:

  1. Client provisioning: After the commercial details have been confirmed and appropriate packages have been assigned, we will generate a unique x-api-key, client_id and client_secret (each environment will have its own details). This will be shared with the client with encryption or using Keeper (or other secure way of sharing the secret).

  2. Authentication: The client's platform initiates the OAuth 2.0 authentication flow by providing their application credentials (client_ID and client_secret) to the Auth0 Authorization Server.

  3. Access token retrieval: Auth0 Authorization Server validates the application's credentials and upon successful authentication, the service issues an access_token to the client platform. The access token represents the authorization granted to the client's platform to access the API. The access_token should be reused – additional information will be provided to the client on reusing access tokens.

  4. Authentication and authorization: The API verifies the provided access_token to authenticate the client's platform. Additionally, it performs authorization checks to ensure the client platform has the necessary permissions to access specific resources or perform certain actions.

Authentication request example:

Field
Integration
Production

URL

https://stg-auth.sportradar.com/oauth/token

https://auth.sportradar.com/oauth/token

Header

Content-Type

application/x-www-form-urlencoded

application/x-www-form-urlencoded

Data

client-id

Received in the encrypted file.

Received in the encrypted file.

client-secret

Received in the encrypted file.

Received in the encrypted file.

audience

mts-insight-tech-non-prod

mts-insight-tech

grant-type

client_credentials

client_credentials

Request example
curl -L -X POST 'https://stg-auth.sportradar.com/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=ew27623ybFwq82nsjkdpsdwsh' \
--data-urlencode 'client_secret=bccws2523wqlj10yGhW83Je' \
--data-urlencode 'audience=mts-insight-tech' \
--data-urlencode 'grant_type=client_credentials'
Response example
{
    "access_token": "wk19ahxiOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjcyZHlYTDlJZGlKRy1LdnpjeTFSZCJ9.eyJodHRwczovL3Nwb3J0cmFkYXIvY29tbW9uLWlhbS9hY2NvdW50cyI6WyJpfDIiXSwiaXNzIjoiaHR0cHM6Ly9zdGctYXV0aC5zcG9ydHJhZGFyLmNvbS8iLCJzdWIiOiI0TFdHaENmODBqdnJ3N2hZU21FY3BwU1psU1h4WGljUEBjbGllbnRzIiwiYXVkIjoibXRzLWluc2lnaHQtdGVjaCIsImlhdCI6MTcyMTI5Mjg1MSwiZXhwIjoxNzIxMjkzMTUxLCJndHkiOiJjbGllbnQtY3JlZGVudGlhbHMiLCJhenAiOiI0TFdHaENmODBqdnJ3N2hZU21FY3BwU1psU1h4WGljUCJ9.zAGZ5O9gh3dQOOBGO0Fn_JDmuimmYa77YnUVR4R18REVz-TGUzcVl4AG-ydLD_YNuvM_fCoIy8WDVSBc7Ezn8erBkmG3R4fQ4aWiAT16SDoX-lFEiIHdOicsOh_2dnl54v96DTbG7JQuyyP1dgt5IaOxEY7Lk901Z0wzBzSlpdkw0eb0ODJv2cvP21sUL5x0XUNr5LHhATnRK9SOvCKPt7VwYIRbSjW5oyY-LzWpeudTakAwEdvi38D42zCgRv-iEXsp_D8hIXIprKYvKvwLYXzm9uoyUmFJQsOSAHVrh4Pyu5ihgRVLCpBfLQSHjqpENAWzAXI-D5D23xdalwwe",
    "expires_in": 600,
    "token_type": Bearer"
}

client_id, client_secret, access_token displayed above are random strings generated for illustration purposes only

PreviousAPI Integration Best PracticesNextEndpoints

Last updated

Was this helpful?