API Information

API Versioning

The API is versioned, and all requests should be made by supplying an Accept header with the following value:

application/vnd.imggaming.dde.api+json;version=1

Authentication / Authorisation

Calls to the API are authenticated using the API token. All calls to the REST endpoints need to be made with the following header set:

Authorization: Bearer {auth_token}

Note the space between Bearer and the token itself. An example of the data to be set (with a truncated token) is:

Bearer eyJhbGciOiJIUzUxMiIIkpXVCJ9.eyJqdGkiOiIyNmQ2

Attempting to access a resource without the header included will result in a permission denied error. The response body will contain the details in the following format:

{ “error”: “<reason of the error>”, “status”: <HTTP status code> }

When accessing the streaming web sockets it is not possible to include a header on the initial GET request, so instead the token needs to be sent over the web socket before the stream will start. See 'Connecting to a Streams Endpoint' for examples of how to do this.

Security

All calls to the API must be made over HTTPS. This ensures that the tokens used for authentication/authorisation cannot be intercepted and used to access content without permission. For the same reason, you must make sure that you do not expose your token externally, though this is mitigated by the use of the IP whitelist.

We do not provide a fixed set of IP addresses for our services. Therefore if you use IP-based security rules, you will need to dynamically resolve our services IPs with each request that you make.

Additionally, for DNS resolution we present a 1 hour TTL and you will also need to ensure this is being effectively respected when resolving from CNAME to host.

Date & Time Formats

All DateTime objects are returned using the ISO 8601 combined format. For more information about ISO 8601, please read here.

Examples: • Date only – 2022-06-01 • UTC Time only – 10:12:54 (also used for match time) • Offset time – 17:20-04:00 or 15:15:30+01:00 • UTC Datetime – 2022-06-01T15:15:30 Note that the date and time returned in UTC local time.

Polling limits

IMG Arena monitor the incoming traffic from our customers and strive to ensure that traffic is controlled, in-keeping with our guidelines and not unnecessarily excessive. We would suggest a polling rate of 5 requests per second, whilst we strive towards implementing rate limiting.