Guides
Start typing to search…
  1. guides

Authentication

Authentication

Sports Stack API uses Bearer token authentication. Include your API key in the Authorization header for all requests.

Getting Your API Key

  1. Log in to your Sports Stack account
  2. Navigate to Settings → API Keys
  3. Click "Generate New API Key"
  4. Copy the key immediately (it won't be shown again)

Using Your API Key

Include your API key in the Authorization header:

curl -X GET "https://api.sportsstack.io/api/v1/teams" \
  -H "Authorization: Bearer YOUR_API_KEY"
import requests

headers = {
    "Authorization": "Bearer YOUR_API_KEY"
}

response = requests.get(
    "https://api.sportsstack.io/api/v1/teams",
    headers=headers
)
const fetch = require('node-fetch');

const response = await fetch(
  'https://api.sportsstack.io/api/v1/teams',
  {
    headers: {
      'Authorization': 'Bearer YOUR_API_KEY'
    }
  }
);

Security Best Practices

1. Keep Your API Key Secret

  • Never commit API keys to version control
  • Never share API keys in public forums or chat
  • Never expose API keys in client-side code

2. Use Environment Variables

# Set environment variable
export SPORTS_STACK_API_KEY="your-api-key-here"

# Use in code
curl -X GET "https://api.sportsstack.io/api/v1/teams" \
  -H "Authorization: Bearer $SPORTS_STACK_API_KEY"
import os
import requests

api_key = os.environ.get('SPORTS_STACK_API_KEY')

headers = {
    "Authorization": f"Bearer {api_key}"
}

3. Rotate Keys Regularly

  • Generate new API keys periodically
  • Revoke old keys that are no longer needed
  • Monitor API key usage in your dashboard

4. Use Different Keys for Different Environments

  • Use separate API keys for development, staging, and production
  • Rotate keys when team members leave
  • Monitor key usage for suspicious activity

Error Responses

401 Unauthorized

{
  "error": "Unauthorized",
  "message": "Invalid or missing API key"
}

Causes:

  • Missing Authorization header
  • Invalid API key
  • Expired API key

Solution: Check your API key and ensure it's correctly formatted in the header.

403 Forbidden

{
  "error": "Forbidden",
  "message": "Insufficient permissions"
}

Causes:

  • API key doesn't have required permissions
  • Tenant access restrictions

Solution: Check your API key permissions in the dashboard.

Rate Limits

API keys are subject to rate limits. See Rate Limits for details.

Related Documentation

Updated about 1 month ago