Authentication - Elite Prospects API

Every request to the Elite Prospects API must include an API key as the apiKey query parameter.

GET https://api.eliteprospects.com/v1/players?apiKey=YOUR_API_KEY

There is no header-based authentication for the public API. The apiKey query parameter is the only supported mechanism.

Obtaining a key

API keys are issued by Elite Prospects on a per-organisation basis. Contact [email protected] to start the process.

Using the key

Pass the key on every request:

curl "https://api.eliteprospects.com/v1/leagues?apiKey=YOUR_API_KEY"

Keeping your key safe

Because the key travels in the URL, treat every request URL as sensitive. Avoid logging full request URLs, sharing them in support tickets, or embedding the key in client-side code that ends up in browsers or repositories.

Store the key in a server-side environment variable or secret manager.
Make API calls from your backend, not directly from a browser or mobile client.
Rotate the key if you suspect it has been exposed (contact [email protected]).

What your key unlocks

Your subscription controls which regions, leagues, seasons, and data categories your key can see. For a breakdown of those scopes, see Coverage.

Authentication errors

Status	Meaning
`401 Unauthorized`	Missing or invalid `apiKey`.
`403 Forbidden`	The request is for data outside your subscription. See Errors.

Quickstart Conventions

​Obtaining a key

​Using the key

​Keeping your key safe

​What your key unlocks

​Authentication errors

Obtaining a key

Using the key

Keeping your key safe

What your key unlocks

Authentication errors