# Connectivity

### Connection endpoints <a href="#mtsconnectivity-v3.0-connectionendpoints" id="mtsconnectivity-v3.0-connectionendpoints"></a>

Client integration environment (WebSocket over TLS 1.2/1.3 secure connection)

Host: **wss.dataplane-nonprod.sportradar.dev**\
Port: **443**

Production environment (WebSocket over TLS 1.2/1.3 secure connection)

Host: **wss.dataplane.sportradar.com**\
Port: **443**

### Authentication <a href="#mtsconnectivity-v3.0-authentication" id="mtsconnectivity-v3.0-authentication"></a>

Before connecting to the above connection endpoints, the client must obtain a token. To obtain the token, a POST request must be made to **<https://auth.sportradar.com/oauth/token>**. The request must include a Content-Type header and in the body, 4 url encoded key-value pairs are required:

<table><thead><tr><th width="271.69091796875"></th><th width="139.685791015625">Attribute name</th><th>Attribute value</th></tr></thead><tbody><tr><td>Header</td><td>Content-Type</td><td>application/x-www-form-urlencoded</td></tr><tr><td>Body - url encoded key value pair</td><td>client_id</td><td>&#x3C;Sportradar provided client id></td></tr><tr><td>Body - url encoded key value pair</td><td>client_secret</td><td>&#x3C;Sportradar provided client secret></td></tr><tr><td>Body - url encoded key value pair</td><td>audience</td><td><p>mbs-dp-non-prod-wss (integration env)</p><p>mbs-dp-production-wss (production env)</p></td></tr><tr><td>Body - url encoded key value pair</td><td>grant_type</td><td>client_credentials</td></tr></tbody></table>

**Example using cURL:**

```xml
curl -L -X POST 'https://auth.sportradar.com/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<provided client id>' \
--data-urlencode 'client_secret=<provided client secret>' \
--data-urlencode 'audience=mbs-dp-non-prod-wss' \
--data-urlencode 'grant_type=client_credentials'
```

The request returns a JSON response with "access\_token" field/attribute that is necessary to establish a WebSocket connection:

```json
{
    "access_token": "GENERATED_TOKEN",
    "expires_in": 300,
    "token_type": "Bearer"
}
```

When establishing a connection to the WebSocket, the value of access\_token must be provided in an Authorization header. Value of the header must be: Bearer GENERATED\_TOKEN, where GENERATED\_TOKEN must be replaced with the value obtained from the JSON response.

**Example using wscat:**

```xml
wscat -H "Authorization: Bearer GENERATED_TOKEN" --connect wss://wss.dataplane-nonprod.sportradar.dev
```

The access\_token must be included in the Authorization header of all subsequent API requests. Tokens are valid for a relatively short timeframe (5 mins) and **must be reused during their validity timeframe**. If the token has expired, follow the procedure outlined above to generate a new one.

{% hint style="danger" %}
**Note**

Clients must reuse non-expired tokens. A new token should be requested only a few seconds before the existing one has expired.&#x20;
{% endhint %}

{% hint style="info" %}
**Note**

If you believe your credentials have been compromised or accessed without authorization, please contact your Operational Account Manager (OAM), Service Delivery Manager (SDM), or email <MTS-servicedelivery@sportradar.com> and we will rotate your Client ID and/or Client Secret.
{% endhint %}

### Connections <a href="#mtsconnectivity-v3.0-connections" id="mtsconnectivity-v3.0-connections"></a>

For establishing the connection, token is needed (see above). Maximum connection duration is 2h. After 2h connection is automatically terminated and new connection must be established with new token. Each client's node should establish at least one websocket connection to the MTS endpoint. MTS servers will reply back with a response through the same connection on which the request was received. In the case of unexpected connection termination, the client should resend all requests for which the response was not received. For such requests, MTS will reply with an original response (the same response as it would be received if the termination of a connection would not occur).

### Rate Limiting <a href="#mtsconnectivity-v3.0-ratelimiting" id="mtsconnectivity-v3.0-ratelimiting"></a>

MTS performs the client request rate limiting described below. The values are valid:

* Per client
* For all request types (operation types) combined

| Requests per second | Requests per minute |
| ------------------- | ------------------- |
| 500                 | 5.000               |

### Limitations <a href="#mtsconnectivity-v3.0-limitations" id="mtsconnectivity-v3.0-limitations"></a>

Maximum supported size of a websocket frame is 32 KB. Maximum supported size of the message payload is 128 KB. Because of the websocket frame-size quota of 32 KB, a message larger than 32 KB must be split into multiple frames, each 32 KB or smaller (maximum number of frames is 4). If a larger message (or larger frame size) is received, the connection is closed with code 1009.

### Avoid IP-based whitelisting

{% hint style="danger" %}
Clients should avoid IP-based whitelisting for WebSocket connections to MBS Dataplane because WebSocket connections are provided through the AWS API Gateway. AWS dynamically manages the underlying infrastructure, so IPs may change without notice. Attempting to whitelist specific IPs may result in unintended connectivity failures. Any issues resulting from such configurations are the sole responsibility of the client and are considered a known risk.\
Instead, clients should rely on TLS-secured WebSocket (wss\://) connections with MBS Dataplane. There is a valid server certificate from the TLS handshake, which clients should verify based on the Fully Qualified Domain Name (FQDN) they are connecting to: <wss://wss.dataplane.sportradar.com/>

By verifying the server certificate against this FQDN, clients ensure a secure and trusted connection without relying on static IPs.
{% endhint %}