ACCOUNT_NOW_LOCKED |
the account was just |
|
locked |
ACCOUNT_ALREADY_LOCKED |
the account is already |
|
locked |
Login FAQs
When should I use the non-interactive login?
You should use the non-interactive login when the user will not be present to log into the application themselves. An example of this are automated bots that might need to login without the user triggering a login. 3rd Party interfaces to Betfair, used by multiple users, and which act as a direct proxy of a user request should use the interactive login instead.
Why is the redirect URL required for the interactive login?
The redirect URL is required in order to post the session token to the application at the end of the login process. For further details of how to handle the session token please see Interactive Login from a Desktop
Why isn’t there a non-interactive endpoint that accepts only a username and a password?
Betfair take user security very seriously and have made many recent enhancements to the login process alongside additional changes which have been made at the request of some of our regulators. This means that you cannot rely upon a username and password being the only pieces of information that may be required at login. Some examples of workflows currently in use are 2 factor authorisation codes, Additional National Identifiers for a region or requests for additional account information or account migration.
Why does my session time out, even though I’ve been retrieving prices?
For security reasons, we require that the application using the API explicitly calls the keep-alive operation no more than once every 15 minutes in a response to user activity. In the case of non-interactive applications, these should call the keep-alive operation every 15 minutes whilst they are active.
Why is the certificate upload form in the “My Security” page not visible by default?
We plan to make this visible by default in the near future.
Why is my interactive login/logout request failing with errorCode=FORBIDDEN?
Your Application Key App Key & redirect URL has not yet been white-listed by Betfair. To get your App Key white-listed you should raise a Support Ticket via Support > Create A Support Ticket and provide details of your intended use of the interactive login (i.e. whether this is for personal use or for an application that you intend to distribute to Betfair customers).
Keep Alive
You can use Keep Alive to extend the session timeout period. The minimum session time is currently 20 minutes (Italian Exchange). On the international (.com) Exchange the current session time is 12 hours.. Therefore, you should request Keep Alive within this time to prevent session expiry. If you don't call Keep Alive within the specified timeout period, the session will expire. Session times aren't determined or extended based on API activity.
URL Definition
https://identitysso.betfair.com/api/keepAlive
The presence of the "Accept: application/json" header will signal that the service should respond with JSON and not an HTML page
Headers
Name |
Description |
Sample |
Accept (mandatory) |
Header that signals that the |
application/json |
|
response should be returned as |
|
|
JSON |
|
X-Authentication (mandatory) |
Header that represents the session |
Session Token |
|
token that needs to be keep alive |
|
X-Application (optional) |
Header the Application Key used by |
App Key |
|
the customer to identify the product. |
|
Response structure
{
"token":"<token_passed_as_header>", "product":"product_passed_as_header", "status":"<status>", "error":"<error>"
}
Status values
SUCCESS
FAIL
Error values
INPUT_VALIDATION_ERROR
INTERNAL_ERROR
NO_SESSION
Call sample
# full request
curl -k -i -H "Accept: application/json" -H "X -Application: AppKey" -H "X-Authentication: <token>" https://identitysso.betfair.com/api/k eepAlive
Keep Alive success:
curl -k -i -H "Accept: application/json" -H "X -Application: AppKey" -H "X-Authentication: SESSIONTOKEN" https://identitysso.betfair.com/ api/keepAlive
{
"token":"SESSIONTOKEN", "product":"AppKey", "status":"SUCCESS", "error":""
}
Logout
You can use Logout to terminate your existing session.
URL Definition
https://identitysso.betfair.com/api/logout
The presence of the "Accept: application/json" header will signal that the service should respond with JSON and not an HTML page
Headers
Name |
Description |
Sample |
Accept (mandatory) |
Header that signals that the |
application/json |
|
response should be returned as |
|
|
JSON |
|
X-Authentication (mandatory) |
Header that represents the session |
Session Token |
|
token created at login. |
|
X-Application (optional) |
Header the Application Key used by |
App Key |
|
the customer to identify the product. |
|
Response structure
{
"token":"<token_passed_as_header>", "product":"product_passed_as_header", "status":"<status>", "error":"<error>"
}
Status values
SUCCESS
FAIL
Error values
INPUT_VALIDATION_ERROR
INTERNAL_ERROR
NO_SESSION
Call sample