🔐Authentication

All of our APIs require authentication. You can create API tokens in MySportmonks.

To make our first request, we’ll need to get authenticated first.

We offer two different options for passing your API token. You are free to choose between the authentication methods. You can also use both of them at the same time. Please note that both methods count towards the same rate-limiting.

  • Authenticate using a query parameter You can pass your API token by passing 'api_token' in your request parameters, like so:

    https://api.sportmonks.com/api/v3/football/livescores?api_token=YOUR_TOKEN

  • Authenticate using a request header You can also pass your token via an 'Authorization' header, like so:

HeaderValue

Authorization

YOUR_TOKEN

You can obtain and manage your API token in MySportmonks. The API token is only meant for your eyes and, as such, should be stored away safely. Our tokens have no expiration date and will remain valid until you manually delete them yourself.

When making a request, a code response will always be returned. The following are all possible HTTP response codes for any request made to the API:

CodeDescription

200: OK

Request succeeded

400: Bad Request

It seems that some part of the request is malformed. The exact reason is returned in the response.

401: Unauthorized

The request is not authenticated.

403: Forbidden

Not authorized. Indicates you're attempting to access a feed that is not accessible from your plan.

429: Too Many Requests

Too many requests. In order to make the API as responsive as possible, you have an hourly request limit. The limit for your current subscription can be found in any successful response. Check the "meta" section to find out your limit.

500: Internal Server Error

An internal error has occurred and has been logged for further inspection. Please email support if you are receiving this error. Check our status page to see if we are aware of any possible issues

Directly integrating an API into the frontend of a web application can be risky as it can expose sensitive information, such as your Sportmonks API token, to potential security breaches.

To avoid this, it is best practice to use a middleware, such as a backend or proxy server, to handle all communication between the frontend and the API. This middleware acts as an intermediary, making sure your API tokens are stored securely and not exposed to users. Using middleware makes it much harder for malicious actors to access sensitive information, keeping your application more secure overall.

Last updated