Authentication

Authenticate your API requests using an API key.

API Key Authentication

All API requests require an API key passed via the X-API-Key header.

curl -H "X-API-Key: YOUR_API_KEY" \
  https://api.hkjc-api.com/api/v1/results/2025-03-01

Obtaining an API Key

1. Sign up at the pricing page
2. After subscribing, your API key will be emailed to you
3. Store your key securely — do not expose it in client-side code

Security Best Practices

• Never commit API keys to version control
• Use environment variables to store your key
• Rotate your key if you suspect it has been compromised
• Use server-side code to make API requests — never expose your key in browser JavaScript

WebSocket Authentication

For WebSocket connections, pass your API key as a query parameter:

const ws = new WebSocket(
  "wss://api.hkjc-api.com/ws/live/odds?api_key=YOUR_API_KEY"
);

Error Responses

If authentication fails, you will receive a 401 Unauthorized response:

{
  "error": "unauthorized",
  "message": "Invalid or missing API key"
}