Skip to main content
All ABP endpoints require authentication via the x-api-key header, except the unauthenticated infrastructure endpoints (/health, /ready, /status, /metrics).

How to authenticate

Pass your API key in the x-api-key request header:
curl -H "x-api-key: your-api-key" \
  https://v2.55-tech.com/accounts

API key metadata

Each API key resolves to a client and its access rules:
FieldDescription
clientNameYour client identifier — all accounts, orders, and bets are filtered by it
bookmakersAllowed bookmaker slugs (empty = all bookmakers)
rpsRequests per second allowed for this client (default: 100)
activeWhether this key is active
Your API key determines which accounts, orders, and bets you can access. All data is filtered by your clientName.

WebSocket authentication

For WebSocket connections, authenticate via the login message after connecting (the /ws endpoint itself does not require the x-api-key header):
{
  "type": "login",
  "apiKey": "your-api-key",
  "channels": []
}
You must send the login message within 30 seconds of connecting, or the connection is closed. See WebSocket for details.

Rate limiting

Requests are rate-limited per client — by default 100 requests per second, with a maximum of 5 concurrent WebSocket connections per API key. Full detail, headers, and backoff guidance live in Rate limits.

Error responses

The auth middleware emits errors under an error key, while application-level errors (validation, not-found, etc.) use the FastAPI-standard detail key. Handle both shapes.
SituationStatusBody
Header missing403{"detail": "Missing API key header: x-api-key"}
Key invalid / inactive / expired401{"error": "Invalid or inactive API key"}
Key valid but not allowed for the endpoint / sport / bookmaker403{"error": "Access denied to endpoint"}
Rate limit exceeded429{"detail": "Rate limit exceeded", "limit": "100", "retry_after": 1}

Next steps

Quickstart

Place your first bet in 5 steps.

Limits & Reliability

Per-client rate limits, circuit breakers, and emergency mode.