Authentication - SportsAPI Pro

Your API key works across all SportsAPI Pro endpoints — Football, Basketball, Tennis, Baseball, and every other sport. One key, all sports.

API Key Authentication

All API requests require the x-api-key header:

curl -H "x-api-key: YOUR_API_KEY" \
  "https://v2.football.sportsapipro.com/api/live"

Never share your API key publicly or commit it to version control. Treat it like a password.

Getting Your API Key

Sign up at sportsapipro.com/register
Go to your Dashboard
Copy your API key from the API Credentials section

Regenerating Your Key

If your API key is compromised:

Go to your Dashboard
Click Regenerate Token
Update all applications with the new key

Regenerating immediately invalidates the old key. All applications using it will stop working.

Security Best Practices

Use Environment Variables

Store your API key in environment variables:

# .env file
SPORTSAPI_KEY=your_api_key_here

const API_KEY = process.env.SPORTSAPI_KEY;
const headers = { "x-api-key": API_KEY };

// Same key for all sports
const football = await fetch("https://v2.football.sportsapipro.com/api/live", { headers });
const basketball = await fetch("https://v2.basketball.sportsapipro.com/api/live", { headers });

Server-Side Only

Always make API requests from your backend. Never expose your API key in client-side JavaScript or mobile apps.

Monitor Usage

Check your usage regularly via the /status endpoint or your Dashboard. Unexpected spikes may indicate a compromised key.

Authentication Errors

Status	Error	Description
`401`	Missing API Key	No `x-api-key` header provided
`401`	Invalid API Key	The key is invalid or revoked
`403`	Account Suspended	Your account has been suspended
`429`	Rate Limit Exceeded	Daily quota exceeded

Error Response

{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Valid x-api-key header or Bearer token required"
  }
}

V1 vs V2 vs V3 Authentication

All three API versions use the same x-api-key header. The same API key works across all versions:

Version	Auth Header	WebSocket Auth
V1	`x-api-key: KEY`	`wss://v1.{sport}.sportsapipro.com/ws?x-api-key=KEY`
V2	`x-api-key: KEY`	`wss://v2.{sport}.sportsapipro.com/ws?x-api-key=KEY`
V3	`x-api-key: KEY`	N/A (REST only)

WebSocket Authentication

WebSocket connections authenticate via the x-api-key query parameter:

const ws = new WebSocket(
  "wss://v2.football.sportsapipro.com/ws?x-api-key=YOUR_API_KEY"
);

ws.onopen = () => {
  ws.send(JSON.stringify({
    action: "subscribe",
    channel: "live-scores"
  }));
};

ws.onmessage = (event) => {
  const data = JSON.parse(event.data);
  console.log("Live update:", data);
};

V2 WebSocket requires a JSON subscription message after connecting. V1 WebSocket streams updates automatically upon connection. See the WebSocket Guide for full details.

​API Key Authentication

​Getting Your API Key

​Regenerating Your Key

​Security Best Practices

​Authentication Errors

​Error Response

​V1 vs V2 vs V3 Authentication

​WebSocket Authentication

API Key Authentication

Getting Your API Key

Regenerating Your Key

Security Best Practices

Authentication Errors

Error Response

V1 vs V2 vs V3 Authentication

WebSocket Authentication