API Authentication and Access

This page explains authentication requirements for Sportzcast external APIs in general, including MQTT ingress and other protected API endpoints.

1) Request access

Before integration, request access through Sportzcast support.

After approval, you receive Machine-to-Machine credentials:

  • clientId
  • clientSecret
  • audience
  • access token URL

These are used to obtain an OAuth 2.0 access token.

2) Get an access token (Client Credentials)

Use Auth0 Client Credentials grant to obtain a bearer token.

C# example (token request)

private static async Task<string> GetAccessToken()
{
    var client = new HttpClient();
    var requestBody = new
    {
        client_id = "clientId",
        client_secret = "clientSecret",
        audience = "audience",
        grant_type = "client_credentials"
    };

    var json = Newtonsoft.Json.JsonConvert.SerializeObject(requestBody);
    var content = new StringContent(json, Encoding.UTF8, "application/json");
    var response = await client.PostAsync("access-token-url", content);

    if (!response.IsSuccessStatusCode) return string.Empty;

    var responseBody = await response.Content.ReadAsStringAsync();
    var tokenData = Newtonsoft.Json.JsonConvert.DeserializeObject<Dictionary<string, string>>(responseBody);
    return tokenData!["access_token"];
}

3) Required headers for protected API requests

Every protected API request must include:

  • Authorization: Bearer <access_token>
  • X-Username: <your-platform-username>
  • X-Token: <your-sportzcast-user-token>

You can find your user token in: https://sportzcast.net/Account/UserInfo

C# example (adding headers)

private async Task CallApi()
{
    var httpClient = new HttpClient();
    var token = await GetAccessToken();

    httpClient.DefaultRequestHeaders.Authorization =
        new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token);
    httpClient.DefaultRequestHeaders.Add("X-Username", "username");
    httpClient.DefaultRequestHeaders.Add("X-Token", "token");

    // Call any protected Sportzcast API endpoint here with httpClient.
}

Common authentication issues

  • Invalid/expired bearer token
  • Missing X-Username or X-Token
  • User token not active
  • Access not enabled for your account, feature, or target bots