Versions Compared

Old Version 46

changes.mady.by.user PepikM

Saved on

compared with

New Version 47

changes.mady.by.user PepikM

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

When & How to Use Vendor Services

...

  • client_id: your vendor ID
  • grant_type: in this context, this will have to be set to 'AUTHORIZATION_CODE' 
  • code: the code you were returned 
  • client_secret: your secret, obtained from GetDeveloperAppKeys

And returns the following information:Response Parameters

  • access_token: the access token, used to call Betfair on the user's behalf 
  • token_type: meta data for the access token (see 'Making calls on the user's behalf') 
  • expires_in: how long the access token will be valid for (in seconds)
  • refresh_token: a token that can be used to create a new access token (see 'Using the refresh token')
  • application_subscription: contains the vendor client ID, a unique identifier for a user. Can also contain some subscription related information (See 'Legacy Subscriptions')

IMPORTANT

 

To protect sensitive information such as your app key and secret, it is important that the token operation only be called from server to server.

Example

call using

Token request - REST

Headers
  • X-Application' : 'your app key'
  • 'X-Authentication' : 'your session token'

Endpoint
https://api.betfair.com/exchange/account/rest/v1.0/token/?

Request Body

client_id=VENDOR_ID
client_secret=VENDOR_SECRET
grant_type=AUTHORIZATION_CODE
code=THE_AUTH_CODE

 

Example

...

Response

 

{"access_token":"KeOi+kyg2RvDK4HM+W46CvSnP5w=","refresh_token":"50d76117-7f85-375v-a38f-ffb332713f93","application_subscription":{"vendor_client_id":"456238"},"token_type":"BEARER","expires_in":"14400"}

 

Example Token request - Json-RPC

Headers
  • X-Application' : 'your app key'
  • 'X-Authentication' : 'your session token'
Endpoint

https://api.betfair.com/exchange/account/json-rpc/v1

Request

{"jsonrpc": "2.0",
"method": "AccountAPING/v1.0/token",
"params": {"client_id":"CLIENTID","grant_type":"AUTHORIZATION_CODE","code":"CODE","client_secret":"CLIENTSECRET"},
"id": 1
}

OAuth 2 Flow - Using the Refresh Token

...

 

{"access_token":"KeOi+kyg2RvDK4HM+W46CvSnP5w=","refresh_token":"50d76117-7f85-375v-a38f-ffb332713f93","application_subscription":{"vendor_client_id":"456238"},"token_type":"BEARER","expires_in":"14400"}

 

 
You can user the 'expires_in' value to determine when the access token will stop being valid. Alternatively, if calls made with the access token start returning an INVALID_SESSION error, it is likely that the token has expired.

...