Skip to content
MyScore API

Authentication

Here’s the first thing to know: most live-score reads need no login at all. You only need a token for private data (owner/staff-only fields) or a higher rate limit.

Do you even need a token?

Section titled “Do you even need a token?”
flowchart TD Q{What are you<br/>building?} -->|Showing public live scores| NONE([No token 🎉<br/>just call the API]) Q -->|Acting for a logged-in person| JWT([Clerk user JWT]) Q -->|A backend / bot| M2M([Clerk M2M token]) classDef ok fill:#16a34a,stroke:#16a34a,color:#fff; class NONE ok;
When in doubt, start without a token — you can always add one later.

The two kinds of token

Section titled “The two kinds of token”

| Token | For | Looks like | Sent as | |---|---|---|---| | Clerk user JWT | Apps acting for a signed-in person | a JWT | Authorization: Bearer <jwt> | | Clerk M2M token | Partner backends & bots | mt_… | Authorization: Bearer mt_… |

Both ride in the same Authorization: Bearer header (REST) or the Socket.io auth.token field.

User JWT (browser / app)

Section titled “User JWT (browser / app)”

MyScore uses Clerk. Your app signs the user in with Clerk, grabs the token, and attaches it:

const token = await clerk.session?.getToken();
fetch(url, { headers: { Authorization: `Bearer ${token}` } });

Your user and player profile are created automatically on the first authenticated request — GET /auth/me returns them.

Machine token (backend)

Section titled “Machine token (backend)”

For partner backends and bots, use a Clerk M2M token. There’s one classic gotcha (token id vs secret) that trips everyone up once — it’s all on the Partners & Auth » page.

When something’s off

Section titled “When something’s off”

| Code | Meaning | Do | |---|---|---| | 401 | missing/expired token | refresh the token, retry once | | 403 | valid token, not allowed | you don’t have rights to that resource |

More codes on Environments & limits.