STATS uses an application key and secret for it's authentication.  

You will be assigned an application key and secret by STATS.  Your application then uses the key (api_key=), the secret and the current timestamp to create an SHA-256 hash string signature (sig=).

Your call would look something like this:


Examples of Node.js and C# code are shown below:

Node.js code

// setup express to configure a basic web server
 var express = require('express');
 var app = express();
 // moment.js is the preferred date library
 var moment = require('moment');
 // access Node.js Crypto library for signature generation
 var crypto = require('crypto');
 // use request or request-promise to call into STATS API
 var request = require('request');
 // respond to all get requests
 app.get('/', function (req, res) {
   // get the current time
   var timeFromEpoch = moment.utc().unix();
   // set the API key (note that this is not a valid key!)
   var apiKey = 'a5mcbfie9356ld0aax85swhku';
   // set the shared secret key
   var secret = 'fd93Bildaa';
   // generate signature
   var sig = crypto.createHash('sha256').update(apiKey + secret + timeFromEpoch).digest('hex');
   request('' + apiKey + '&sig=' + sig,
       function (err, response, body) {
         // parse the body as JSON
         var parsedBody = JSON.parse(body);
 var port = 3001;
 app.listen(port, function () {
   console.log('Listening on port ' + port);
 // run this file (node [filename]) and go to localhost:3001


C# code

using System;
using System.Collections.Generic;
using System.Net;
using System.IO;
using System.Security.Cryptography;
using System.Net.Http;
using System.Net.Http.Formatting;
using System.Net.Http.Headers;

public partial class _Default
    protected void getStuff
        //get the timestamp value
        string timestamp = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0)).TotalSeconds.ToString();

        //grab just the integer portion
        timestamp = timestamp.Substring(0, timestamp.IndexOf("."));

        //set the API key (note that this is not a valid key!
        string apikey = "a5mcbfie9356ld0aax85swhku";

        //set the shared secret key
        string secret = "fd93Bildaa";

        //call the function to create the hash
        string sig = CreateSHA256Hash(apikey + secret + timestamp);
        string urlBase = "";
        string urlAppend = "/v1/stats/basketball/nba/events";

        HttpClient client = new HttpClient();

        string url = urlBase + urlAppend + qryStrAppend + "api_key=" + apikey + "&sig=" + sig;

        HttpResponseMessage response = client.GetAsync(url).Result;
    result = response.Content.ReadAsStringAsync().Result;

    protected string CreateSHA256Hash(string input)

        // Use input string to calculate SHA-256 hash
        SHA256 mySHA256 = SHA256Managed.Create();

        byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
        byte[] hashBytes = mySHA256.ComputeHash(inputBytes);

        // Convert the byte array to hexadecimal string
        StringBuilder sb = new StringBuilder();

        for (int i = 0; i < hashBytes.Length; i++)
        return sb.ToString();