Skip to main content
Every Sportrix Data API key inherits a set of scopes from your account. Scopes are the permission layer that controls which endpoints you can call. If you request an endpoint your key is not scoped for, the API returns 403 Forbidden. Understanding which scope you need before you build saves debugging time later.

Scopes reference

ScopeGrants access to
fixturesGET /sports, GET /leagues, GET /leagues/active, GET /matches, GET /matches/active, GET /matches/{id}
live_scoresGET /matches/{id}/live
live_scores_statisticsReal-time WebSocket stream and GET /matches/{id}/live
final_scoresGET /matches/{id}/result
GET /matches/{id}/live accepts either live_scores or live_scores_statistics — you only need one of them to call that endpoint.
The WebSocket stream requires live_scores_statistics specifically. The live_scores scope alone is not sufficient to open a WebSocket connection.

Sport allowlist

In addition to scopes, your account is configured with a set of enabled sports. Access is deny-by-default: you only ever see sports, leagues, and matches for your enabled sports. Requesting data outside your allowlist is not treated as an error by the API:
  • GET /leagues?sport=<disabled sport> returns an empty items array.
  • GET /matches/{id} for a match in a disabled sport returns 404 Not Found.
This means your code will not need special handling for allowlist mismatches — you simply receive no data rather than an exception.

What 403 Forbidden means

A 403 Forbidden response means your API key exists and is valid, but lacks the required scope for the endpoint you called. The response body will identify the missing scope: 
{ "detail": "Missing required scope: live_scores" }
This is distinct from 401 Unauthorized, which means the key itself was not recognized, is disabled, or has expired.
To add scopes or enable additional sports on your account, contact Sportrix Data support. Changes take effect on your next request — no key rotation needed.