docs(reference): correct auth labels for /sports, /leagues, /markets, /sportsbooks, /teams

Mlaz-code · claude · Mlaz-code · commit 475d2c89945e · 2026-04-16T18:58:37.000-04:00
These five endpoints are wrapped in authMiddleware on the server (verified:
all return 401 without an API key) but every public-facing surface said
otherwise:

- 5 MDX files (sports, leagues, markets, sportsbooks, teams) claimed
  "public endpoint, no authentication required" and showed unauthenticated
  curl/JS/Python examples
- public/openapi.json declared `security: [{}, {ApiKeyHeader: []}]` for
  each (the empty {} marks auth as optional) and listed no 401 response

Updated the MDX callouts to "Requires an API key. Available on all tiers
(Free included)." and added the X-API-Key header to every example. In the
spec, replaced the security blocks with the global standard set
(ApiKeyHeader / BearerAuth / ApiKeyQuery) and added the Unauthorized 401
response.

/health and /deeplink/{id} remain genuinely public and were left untouched.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/content/en/api-reference/leagues.mdx b/content/en/api-reference/leagues.mdx
@@ -13,7 +13,7 @@ GET /api/v1/leagues
 ```
 
 <Callout type="info">
-This is a **public endpoint** -- no authentication required. Unauthenticated requests are rate-limited to 10 requests/minute. Authenticated requests receive your tier's full rate limit.
+Requires an API key. Available on all tiers (Free included). Unauthenticated requests return `401`.
 </Callout>
 
 ## Query Parameters
@@ -27,18 +27,20 @@ This is a **public endpoint** -- no authentication required. Unauthenticated req
 <Tabs items={['cURL', 'JavaScript', 'Python']}>
   <Tabs.Tab>
 ```bash
-# List all leagues (no auth required)
-curl -X GET "https://api.sharpapi.io/api/v1/leagues"
+# List all leagues
+curl -X GET "https://api.sharpapi.io/api/v1/leagues" \
+  -H "X-API-Key: YOUR_API_KEY"
 
 # Filter by sport
-curl -X GET "https://api.sharpapi.io/api/v1/leagues?sport=basketball"
+curl -X GET "https://api.sharpapi.io/api/v1/leagues?sport=basketball" \
+  -H "X-API-Key: YOUR_API_KEY"
 ```
   </Tabs.Tab>
   <Tabs.Tab>
 ```javascript
-// No API key required for public reference endpoints
 const response = await fetch(
-  'https://api.sharpapi.io/api/v1/leagues?sport=basketball'
+  'https://api.sharpapi.io/api/v1/leagues?sport=basketball',
+  { headers: { 'X-API-Key': 'YOUR_API_KEY' } },
 );
 const { data, meta } = await response.json();
 
@@ -51,10 +53,10 @@ data.forEach(league => {
 ```python
 import requests
 
-# No API key required
 response = requests.get(
     'https://api.sharpapi.io/api/v1/leagues',
-    params={'sport': 'basketball'}
+    params={'sport': 'basketball'},
+    headers={'X-API-Key': 'YOUR_API_KEY'},
 )
 result = response.json()
 
diff --git a/content/en/api-reference/markets.mdx b/content/en/api-reference/markets.mdx
@@ -13,7 +13,7 @@ GET /api/v1/markets
 ```
 
 <Callout type="info">
-This is a **public endpoint** -- no authentication required. Unauthenticated requests are rate-limited to 10 requests/minute. Authenticated requests receive your tier's full rate limit.
+Requires an API key. Available on all tiers (Free included). Unauthenticated requests return `401`.
 </Callout>
 
 ## Query Parameters
@@ -27,16 +27,20 @@ This is a **public endpoint** -- no authentication required. Unauthenticated req
 <Tabs items={['cURL', 'JavaScript', 'Python']}>
   <Tabs.Tab>
 ```bash
-# List all markets (no auth required)
-curl -X GET "https://api.sharpapi.io/api/v1/markets"
+# List all markets
+curl -X GET "https://api.sharpapi.io/api/v1/markets" \
+  -H "X-API-Key: YOUR_API_KEY"
 
 # Filter by sport
-curl -X GET "https://api.sharpapi.io/api/v1/markets?sport=basketball"
+curl -X GET "https://api.sharpapi.io/api/v1/markets?sport=basketball" \
+  -H "X-API-Key: YOUR_API_KEY"
 ```
   </Tabs.Tab>
   <Tabs.Tab>
 ```javascript
-const response = await fetch('https://api.sharpapi.io/api/v1/markets');
+const response = await fetch('https://api.sharpapi.io/api/v1/markets', {
+  headers: { 'X-API-Key': 'YOUR_API_KEY' },
+});
 const { data, meta } = await response.json();
 
 // List markets with event counts
@@ -51,7 +55,10 @@ data.forEach(m => {
 ```python
 import requests
 
-response = requests.get('https://api.sharpapi.io/api/v1/markets')
+response = requests.get(
+    'https://api.sharpapi.io/api/v1/markets',
+    headers={'X-API-Key': 'YOUR_API_KEY'},
+)
 result = response.json()
 
 for market in result['data']:
diff --git a/content/en/api-reference/sports.mdx b/content/en/api-reference/sports.mdx
@@ -15,7 +15,7 @@ GET /api/v1/sports
 ```
 
 <Callout type="info">
-These are **public endpoints** -- no authentication required. Unauthenticated requests are rate-limited to 10 requests/minute. Authenticated requests receive your tier's full rate limit.
+Requires an API key. Available on all tiers (Free included). Unauthenticated requests return `401`.
 </Callout>
 
 ## List All Sports
@@ -25,18 +25,15 @@ These are **public endpoints** -- no authentication required. Unauthenticated re
 <Tabs items={['cURL', 'JavaScript', 'Python']}>
   <Tabs.Tab>
 ```bash
-# No API key required
-curl -X GET "https://api.sharpapi.io/api/v1/sports"
-
-# With API key for higher rate limits
 curl -X GET "https://api.sharpapi.io/api/v1/sports" \
   -H "X-API-Key: YOUR_API_KEY"
 ```
   </Tabs.Tab>
   <Tabs.Tab>
 ```javascript
-// No API key required for public reference endpoints
-const response = await fetch('https://api.sharpapi.io/api/v1/sports');
+const response = await fetch('https://api.sharpapi.io/api/v1/sports', {
+  headers: { 'X-API-Key': 'YOUR_API_KEY' },
+});
 const { data, meta } = await response.json();
 
 data.forEach(sport => {
@@ -49,8 +46,10 @@ data.forEach(sport => {
 ```python
 import requests
 
-# No API key required
-response = requests.get('https://api.sharpapi.io/api/v1/sports')
+response = requests.get(
+    'https://api.sharpapi.io/api/v1/sports',
+    headers={'X-API-Key': 'YOUR_API_KEY'},
+)
 result = response.json()
 
 for sport in result['data']:
diff --git a/content/en/api-reference/sportsbooks.mdx b/content/en/api-reference/sportsbooks.mdx
@@ -15,7 +15,7 @@ GET /api/v1/sportsbooks
 ```
 
 <Callout type="info">
-These are **public endpoints** -- no authentication required. Unauthenticated requests are rate-limited to 10 requests/minute. Authenticated requests receive your tier's full rate limit.
+Requires an API key. Available on all tiers (Free included). Unauthenticated requests return `401`.
 </Callout>
 
 ## List All Sportsbooks
@@ -25,17 +25,15 @@ These are **public endpoints** -- no authentication required. Unauthenticated re
 <Tabs items={['cURL', 'JavaScript', 'Python']}>
   <Tabs.Tab>
 ```bash
-# No API key required
-curl -X GET "https://api.sharpapi.io/api/v1/sportsbooks"
-
-# With API key for higher rate limits
 curl -X GET "https://api.sharpapi.io/api/v1/sportsbooks" \
   -H "X-API-Key: YOUR_API_KEY"
 ```
   </Tabs.Tab>
   <Tabs.Tab>
 ```javascript
-const response = await fetch('https://api.sharpapi.io/api/v1/sportsbooks');
+const response = await fetch('https://api.sharpapi.io/api/v1/sportsbooks', {
+  headers: { 'X-API-Key': 'YOUR_API_KEY' },
+});
 const { data, meta } = await response.json();
 
 // Filter for sharp books
@@ -51,7 +49,10 @@ console.log('Pro-tier books:', proBooks.map(b => b.display_name));
 ```python
 import requests
 
-response = requests.get('https://api.sharpapi.io/api/v1/sportsbooks')
+response = requests.get(
+    'https://api.sharpapi.io/api/v1/sportsbooks',
+    headers={'X-API-Key': 'YOUR_API_KEY'},
+)
 result = response.json()
 
 for book in result['data']:
diff --git a/content/en/api-reference/teams.mdx b/content/en/api-reference/teams.mdx
@@ -14,7 +14,7 @@ GET /api/v1/teams
 
 ## Authentication
 
-Public endpoint. No API key required.
+Requires an API key. Available on all tiers (Free included). Unauthenticated requests return `401`.
 
 ## Query Parameters
 
@@ -34,20 +34,24 @@ The `q` parameter searches both the team `name` and `aliases` fields. For exampl
   <Tabs.Tab>
 ```bash
 # Get all NBA teams
-curl "https://api.sharpapi.io/api/v1/teams?league=NBA"
+curl "https://api.sharpapi.io/api/v1/teams?league=NBA" \
+  -H "X-API-Key: YOUR_API_KEY"
 
 # Search for a team by name
-curl "https://api.sharpapi.io/api/v1/teams?q=lakers"
+curl "https://api.sharpapi.io/api/v1/teams?q=lakers" \
+  -H "X-API-Key: YOUR_API_KEY"
 
 # Get all basketball teams
-curl "https://api.sharpapi.io/api/v1/teams?sport=basketball"
+curl "https://api.sharpapi.io/api/v1/teams?sport=basketball" \
+  -H "X-API-Key: YOUR_API_KEY"
 ```
   </Tabs.Tab>
   <Tabs.Tab>
 ```javascript
 // Search for a team
 const response = await fetch(
-  'https://api.sharpapi.io/api/v1/teams?q=arsenal'
+  'https://api.sharpapi.io/api/v1/teams?q=arsenal',
+  { headers: { 'X-API-Key': 'YOUR_API_KEY' } },
 );
 const { data, meta } = await response.json();
 
@@ -65,7 +69,8 @@ import requests
 
 response = requests.get(
     'https://api.sharpapi.io/api/v1/teams',
-    params={'sport': 'basketball', 'league': 'NBA'}
+    params={'sport': 'basketball', 'league': 'NBA'},
+    headers={'X-API-Key': 'YOUR_API_KEY'},
 )
 result = response.json()
 
diff --git a/public/openapi.json b/public/openapi.json
