- Getting Started
- Creating a Self Signed Certificate
- Linking the Certificate to Your Betfair Account
- Note on File Formats
- Details of a Login Request
- Certificate Login Interface Details
- Sample Code for Non-Interactive Login
The non-interactive login method for the Betfair API requires that you create and upload a self-signed certificate which will be used, alongside your username and password to authenticate your credentials and generate a session token.
For the purposes of this guide, we have used openssl to generate this client, details of which can be found at http://www.openssl.org/
2 Step Authentication With Non Interactive Login
Using 2 Step Authentication to secure your account for website logins will have no impact on your use of the non-interactive login method and vice versa.
There are a couple of steps required before we can actually log in:
- Create a self-signed certificate
- Link the certificate to your Betfair account
Creating a Self Signed Certificate
API-NG requires that a 1024-bit or 2048-bit RSA certificate be used. There are various tutorials available on the Internet but be aware that the certificate needs to be for client authentication (most tutorials only cover server authentication).
Create a public/private RSA key pair using openssl
Update or Create the openssl configuration file (openssl.cnf) for OpenSSL to override some of the default settings:
In Windows, the config file is located in the installation directory of OpenSSL
In Linux distributions, the config file is located at /usr/lib/ssl/openssl.cnf or /etc/ssl/openssl.cnf
Create a certificate signing request (CSR).
Self-sign the certificate request to create a certificate
Linking the Certificate to Your Betfair Account
The previous steps should have created the following files:
The private key. This file is needed in order to use the certificate and should be protected and shouldn’t be shared with anyone.
A certificate signing request. This file is no longer needed and can be deleted.
The certificate. This file is not sensitive in security terms and can be shared with anyone.
Before you login using the certificate, it must be attached to your Betfair account, as follows:
- Log in to your Betfair account through betfair.com. Paste the following URL into the address bar of your browser
- Navigate to https://myaccount.betfair.com/accountdetails/mysecurity?showAPI=1 - Note: Please use https://myaccount.betfair.it/accountdetails/mysecurity?showAPI=1 for the Italian Exchange or the endpoint relevant to your own jurisdiction. See the URL Definition section for more details
- Scroll to the section titled “Automated Betting Program Access” and click 'Edit'
- Click on “Browse” and then locate and select the file client-2048.crt created above.
- Click on the “Upload Certificate” button.
Scroll down to the “Automated Betting Program Access” section if required and the certificate details should be shown. You should now be able to log in to your Betfair account using the Betfair API endpoint.
Note on File Formats
Some systems require that client certificates are in a different format to the ones we’ve created. The two most common formats are (a) PEM format key and certificate in a single file and (b) PKCS#12 format file. .NET applications require a PKCS#12 format file.
To create a PEM format file that contains both the private key and the certificate you can use the following command:
Create the PKCS#12 format using crt and key
Don't circulate the key, PEM file or PCKS#12 format files as these files are security sensitive
Details of a Login Request
A login request can now be made as follows:
- Submit a HTTP “POST” request to: https://identitysso-cert.betfair.com/api/certlogin
- As part of the SSL connection, the certificate created previously must be supplied.
- Include a custom Header called “X-Application” with a value that identifies your application. The value is not validated and is only used to help with troubleshooting and diagnosing any problems.
- Ensure the POST’s Content-Type is “application/x-www-form-urlencoded” rather than MIME attachment encoded.
- As part of the POST body include two parameters “username” and “password” which should have the relevant username/password for your account.You should ensure that your username and password values are encoded before being sent to the API; if your password contains special characters and isn't encoded, the login request will fail with CERT_AUTH_REQUIRED/INVALID_PASSWORD
Certificate Login Interface Details
This endpoint is also available under the following jurisdictions
Please use the below if your country of residence is in one of the list jurisdictions.
Please note: Danish residents cannot use the Non-Interactive (bot) login method due to the NEMID requirement which is only supported by the Interactive Login - Desktop Application method
- X-Application - You must set the X-Application header to your application key.
- username (mandatory) - The username of the user logging in.
- password (mandatory) - The password of the user logging in.
Please note: The username and password values should be encoded when making the login request. All method names are case sensitive, this includes login, keepAlive and logout.
The response returned is a json string. If the response is successful then the loginStatus key will contain SUCCESS, for example:
Should a failure or exception be returned, the response will be structured as below and loginStatus will contain a failure reason:
The possible failure and exceptional return codes are:
|INVALID_USERNAME_OR_PASSWORD||the username or password are invalid|
|ACCOUNT_NOW_LOCKED||the account was just locked|
|ACCOUNT_ALREADY_LOCKED||the account is already locked|
|TELBET_TERMS_CONDITIONS_NA||Telbet terms and conditions rejected|
|SECURITY_QUESTION_WRONG_3X||the user has entered wrong the security answer 3 times|
|SUSPENDED||the account is suspended|
|CLOSED||the account is closed|
|SELF_EXCLUDED||the account has been self-excluded|
|INVALID_CONNECTIVITY_TO_REGULATOR_DK||the DK regulator cannot be accessed due to some internal problems in the system behind or in at regulator; timeout cases included.|
|NOT_AUTHORIZED_BY_REGULATOR_DK||the user identified by the given credentials is not authorized in the DK's jurisdictions due to the regulators' policies. Ex: the user for which this session should be created is not allowed to act(play, bet) in the DK's jurisdiction.|
|INVALID_CONNECTIVITY_TO_REGULATOR_IT||the IT regulator cannot be accessed due to some internal problems in the system behind or in at regulator; timeout cases included.|
|NOT_AUTHORIZED_BY_REGULATOR_IT||the user identified by the given credentials is not authorized in the IT's jurisdictions due to the regulators' policies. Ex: the user for which this session should be created is not allowed to act(play, bet) in the IT's jurisdiction.|
|SECURITY_RESTRICTED_LOCATION||the account is restricted due to security concerns|
|BETTING_RESTRICTED_LOCATION||the account is accessed from a location where betting is restricted|
|TRADING_MASTER||Trading Master Account|
|TRADING_MASTER_SUSPENDED||Suspended Trading Master Account|
|AGENT_CLIENT_MASTER||Agent Client Master|
|AGENT_CLIENT_MASTER_SUSPENDED||Suspended Agent Client Master|
|DANISH_AUTHORIZATION_REQUIRED||Danish authorization required|
|SPAIN_MIGRATION_REQUIRED||Spain migration required|
|DENMARK_MIGRATION_REQUIRED||Denmark migration required|
|SPANISH_TERMS_ACCEPTANCE_REQUIRED||The latest Spanish terms and conditions version must be accepted. You must login to the website to accept the new conditions.|
|ITALIAN_CONTRACT_ACCEPTANCE_REQUIRED||The latest Italian contract version must be accepted. You must login to the website to accept the new conditions.|
|CERT_AUTH_REQUIRED||Certificate required or certificate present but could not authenticate with it|
|CHANGE_PASSWORD_REQUIRED||Change password required|
|PERSONAL_MESSAGE_REQUIRED||Personal message required for the user|
|INTERNATIONAL_TERMS_ACCEPTANCE_REQUIRED||The latest international terms and conditions must be accepted prior to logging in.|
|EMAIL_LOGIN_NOT_ALLOWED||This account has not opted in to log in with the email|
There is more than one account with the same credential
|ACCOUNT_PENDING_PASSWORD_CHANGE||The account must undergo password recovery to reactivate via https://identitysso.betfair.com/view/recoverpassword|
|TEMPORARY_BAN_TOO_MANY_REQUESTS||The limit for successful login requests per minute has been exceeded. New login attempts will be banned for 20 minutes|
|ITALIAN_PROFILING_ACCEPTANCE_REQUIRED||You must login to the website to accept the new conditions|
|AUTHORIZED_ONLY_FOR_DOMAIN_RO||You are attempting to login to the Betfair Romania domain with a non .ro account.|
|AUTHORIZED_ONLY_FOR_DOMAIN_SE||You are attempting to login to the Betfair Swedish domain with a non .se account.|
|SWEDEN_NATIONAL_IDENTIFIER_REQUIRED||You must provided your Swedish National identifier via Betfair.se before proceeding.|
|SWEDEN_BANK_ID_VERIFICATION_REQUIRED||You must provided your Swedish bank id via Betfair.se before proceeding.|
|ACTIONS_REQUIRED||You must login to https://www.betfair.com to provide the missing information.|
|INPUT_VALIDATION_ERROR||There is a problem with the data validity contained within the request. Please check that the request (including headers) is in the correct format,|
Sample curl command to check the non-interactive login
Using the below curl command, you should insert your own Betfair username and password. Please note: You must also specify the full file path that contains your client certificate and key.
Postman request to test the certificate-based login
To test the non-interactive login using Postman, you must first download Postman via https://www.postman.com/
The following instructions show you add to add the certificate and key file before making the login request:
1.Add certificate: Settings -> Certificates tab -> insert Host, upload .crt and .key file and click the Add button
2. Insert the endpoint URL (e.g. https://identitysso-cert.betfair.com/api/certlogin) and the request headers
3. Insert the request body as shown below:
4. Perform the call by clicking Send button.
Sample Code for Non-Interactive Login
Sample C# code using PKCS#12 key store
Please see code sample via https://github.com/betfair/API-NG-sample-code/tree/master/loginCode/Non-interactive-cSharp