Hesgoals: FIFA World Cup 2026 scores, live results, standings

World CupWC 2026
News
Players
Developer
Docs
Search
LOGIN

Authentication

All Public API endpoints require authentication via API key Bearer tokens. Keys are managed from the Developer Dashboard.

API keys

API keys are unique tokens that identify your account. All keys are prefixed with sk_live_ for easy identification.

sk_live_API key prefix — used for all requests

Using your API key

Include your API key in the Authorization header as a Bearer token:

http
GET /api/public/v1/matches HTTP/1.1
Host: your-domain.com
Authorization: Bearer sk_live_xxxxxxxxxxxxx

Security best practices

  • Never expose keys in client-side code. API calls should be made from your backend server.
  • Use environment variables. Store keys in .env files, not in source code.
  • Rotate keys regularly. You can create multiple keys and revoke old ones from the dashboard.

Key storage

For your security, API keys are stored as SHA-256 hashes. The full key is displayed only once when created — we cannot retrieve it for you. If you lose your key, create a new one and revoke the old one.

Response headers

Every authenticated response includes rate limit headers:

response headers
X-RateLimit-Limit: 30
X-RateLimit-Remaining: 28
X-RateLimit-Reset: 1780474200
← PreviousQuickstartNext →Rate Limits & Quota