Oddlyx LogoOddlyx

Authentication

Learn how to authenticate your API requests using API keys. All requests require valid authentication.

API Keys

API keys are the primary method of authentication. Each key is unique to your account and provides access to all API endpoints based on your subscription plan.

Getting Your API Key

Generate your API key from the dashboard. You can create multiple keys for different applications or environments.

Authentication Method

Authenticate every request by sending your API key in the Authorization header using the Bearer format.

Authorization Header (Important)

Use the standard Bearer token format:

Authorization: Bearer sk_your_api_key_here

Code Examples

JavaScript / TypeScript

const apiKey = process.env.ODDS_API_KEY;

const response = await fetch(
  'https://odds-marketplace.onrender.com/api/v1/nba/odds/games',
  {
    headers: {
      'Authorization': `Bearer ${apiKey}`,
      'Content-Type': 'application/json'
    }
  }
);

Python

import os
import requests

api_key = os.getenv('ODDS_API_KEY')

response = requests.get(
    'https://odds-marketplace.onrender.com/api/v1/nba/odds/games',
    headers={
        'Authorization': f'Bearer {api_key}',
        'Content-Type': 'application/json'
    }
)

cURL

curl -X GET "https://odds-marketplace.onrender.com/api/v1/nba/odds/games" \
  -H "Authorization: Bearer sk_your_api_key_here" \
  -H "Content-Type: application/json"

Error Responses

If authentication fails, you'll receive one of these error responses:

401 Unauthorized

Missing or invalid API key:

{
  "success": false,
  "error": "Unauthorized: missing authentication token or API key"
}

403 Forbidden

Valid API key but subscription expired or inactive:

{
  "success": false,
  "error": "Subscription has expired. Please renew your subscription to continue using the API."
}

Subscription Status

API keys are tied to your subscription status. If your subscription expires or is cancelled, your API keys will stop working after the subscription end date.

Best Practices

  • Never expose API keys in client-side code or public repositories
  • Use environment variables to store API keys
  • Rotate keys regularly for enhanced security
  • Use different keys for development and production environments
  • Revoke compromised keys immediately from your dashboard