Skip to Content
Authentication

Authentication

All API requests require authentication via an API key. Your key starts with sk_ followed by live_ or test_.

Authentication Methods

SharpAPI supports three authentication methods, listed in priority order:

The most secure method for server-side applications.

curl -H "X-API-Key: sk_live_your_key" \
  https://api.sharpapi.io/api/v1/odds

2. Authorization Bearer Header

Standard OAuth-style bearer token format.

curl -H "Authorization: Bearer sk_live_your_key" \
  https://api.sharpapi.io/api/v1/odds

3. Query Parameter

Useful for SSE streaming in browsers where you cannot set custom headers.

curl "https://api.sharpapi.io/api/v1/stream?api_key=sk_live_your_key"

Security Warning: Never expose your API key in client-side code or public repositories. Use a backend proxy for browser applications.

Getting Your API Key

  1. Sign Up - Create an account at sharpapi.io/sign-up 
  2. Access Dashboard - Log in to your dashboard
  3. Copy Key - Your API key is displayed on the main dashboard

Test Keys

For development and testing, use test keys that don’t count against your quota:

KeyTierUse Case
sk_test_freeFreeBasic testing
sk_test_proProFull feature access
sk_test_sharpSharpUnlimited testing

Test keys return real data but are rate-limited and don’t affect your billing.

Subscription Tiers

TierPriceRequests/MinData DelayKey Features
Free$0/mo1260sOdds, Events
Hobby$79/mo120Real-timeOdds, Events, Arbitrage
Pro$229/mo300Real-time+ EV, Middles
Sharp$399/mo1,000Real-time+ Priority Support
EnterpriseCustomCustomReal-time+ SLA

See Pricing for full details.

Rate Limits

Rate limits are enforced per API key. Current limits are returned in response headers:

X-RateLimit-Limit: 300
X-RateLimit-Remaining: 299
X-RateLimit-Reset: 1705804800
HeaderDescription
X-RateLimit-LimitMaximum requests per minute for your tier
X-RateLimit-RemainingRequests remaining in current window
X-RateLimit-ResetUnix timestamp when limit resets

Rate Limit Response

When exceeded, you’ll receive a 429 response:

{
  "error": {
    "code": "rate_limited",
    "message": "Rate limit exceeded. Upgrade your plan or wait before retrying.",
    "docs": "https://sharpapi.io/docs/authentication#rate-limits"
  }
}

Implement exponential backoff when you receive a 429 response. Check X-RateLimit-Reset for when the window resets.

Feature Access by Tier

FeatureFreeHobbyProSharpEnterprise
GET /oddsYesYesYesYesYes
GET /odds/bestYesYesYesYesYes
GET /odds/comparisonYesYesYesYesYes
POST /odds/batchYesYesYesYesYes
GET /eventsYesYesYesYesYes
GET /events/:eventIdYesYesYesYesYes
GET /events/:eventId/oddsYesYesYesYesYes
GET /events/:eventId/marketsYesYesYesYesYes
GET /opportunities/evNoNoYesYesYes
GET /opportunities/arbitrageNoYesYesYesYes
GET /opportunities/middlesNoNoYesYesYes
GET /streamNoAdd-onAdd-onAdd-onYes
GET /accountYesYesYesYesYes
GET /account/usageYesYesYesYesYes
GET /account/keysYesYesYesYesYes

Streaming requires the WebSocket add-on ($99/mo) on any paid tier. Enterprise includes streaming at no extra cost.

Public Reference Endpoints

The following reference data endpoints are accessible without authentication at 10 requests/minute:

  • GET /api/v1/sports - List all sports
  • GET /api/v1/sports/{sportId} - Get sport details
  • GET /api/v1/leagues - List all leagues
  • GET /api/v1/sportsbooks - List all sportsbooks
  • GET /api/v1/sportsbooks/{bookId} - Get sportsbook details
  • GET /api/v1/markets - List all market types
  • GET /api/v1/health - Health check

Authenticated requests receive higher rate limits based on your subscription tier.

Error Codes

CodeHTTP StatusDescription
unauthorized401API key missing or invalid
forbidden403Feature requires higher tier
rate_limited429Too many requests
tier_restricted403Endpoint not available on your tier
invalid_request400Malformed request parameters
not_found404Resource not found
upstream_error502Temporary issue fetching data
internal_error500Server error

Error Response Format

All errors follow a consistent format:

{
  "error": {
    "code": "unauthorized",
    "message": "Invalid API key. Check that your key is correct and active.",
    "docs": "https://sharpapi.io/docs/authentication"
  }
}

Best Practices

  1. Store keys securely - Use environment variables, never commit to version control
  2. Use server-side requests - Never expose keys in client-side JavaScript
  3. Implement retry logic - Handle 429 errors with exponential backoff
  4. Monitor usage - Check the /account/usage endpoint to track consumption
  5. Rotate keys regularly - Use the /account/keys/:keyId/rotate endpoint periodically for security
Last updated on
Quick StartPricing