Skip to main content

Overview

The Mr. Doge API uses API keys with Bearer token authentication to secure access to endpoints. Every request must include your API key in the Authorization header, and credits are automatically deducted based on the endpoint you’re calling.
No complicated OAuth flows or session management. Just include your API key in each request header and you’re good to go!

API Key Format

All Mr. Doge API keys follow this format: 
sk_live_followed_by_64_hexadecimal_characters
Example: 
sk_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e1f2
Never commit API keys to version control or share them publicly. Treat them like passwords - they provide full access to your account and credits.

Making Authenticated Requests

Include your API key in the Authorization header with the Bearer scheme: 
curl -X GET "https://api.mrdoge.co/v2/matches?locale=en" \
  -H "Authorization: Bearer sk_live_your_api_key_here"
Replace locale=en with es or pt to receive translated team and competition names.
Every API response includes headers showing your credit balance, consumption, and auto-recharge status. See Monitoring Your Credits for details on tracking usage.

Creating API Keys

1

Access Your Dashboard

Log in to mrdoge.co and navigate to API Keys
2

Click Create New Key

Select Create New API Key button
3

Name Your Key

Enter a descriptive name to identify where this key will be used:
  • Production App
  • Development Environment
  • Mobile App iOS
  • Testing Purposes
4

Save Your Key

Store it securely in:
  • Environment variables (.env file)
  • Secret management service (AWS Secrets Manager, Vault, etc.)
  • Password manager
Maximum 10 API keys per account. Delete unused keys to create new ones.

Managing API Keys

Viewing Your Keys

In the dashboard, you can see:
  • Key Name - The label you assigned
  • Key Preview - Last 12 characters (e.g., sk_live_...d0e1f2)
  • Created Date - When the key was generated
  • Last Used - Most recent API request timestamp
  • Status - Active or Inactive

Deactivating Keys

If a key is compromised or no longer needed:
  1. Go to Dashboard → API Keys
  2. Find the key you want to deactivate
  3. Click Deactivate (or Delete icon)
  4. Confirm the action
Deactivated keys stop working immediately. Any requests using that key will return a 401 Unauthorized error.

Key Rotation Best Practices

For security, rotate your API keys periodically:
  1. Create a new API key with a descriptive name (e.g., Production App v2)
  2. Update your application to use the new key
  3. Test thoroughly to ensure everything works
  4. Deactivate the old key after confirming the new one is working
  5. Monitor usage in the dashboard to verify the switch
Recommended rotation schedule: Every 90 days for production keys, or immediately if you suspect a key has been exposed.

Credit-Based Authentication

The Mr. Doge API uses a credit-based pay-as-you-go model instead of traditional rate limits.

How It Works

  1. Purchase credits in packages
  2. Make API requests - credits are automatically deducted
  3. Monitor usage via response headers and dashboard
  4. Auto-recharge (optional) when balance runs low

Endpoint Costs

Most endpoints cost 1 credit per request. Some specialized endpoints cost more:
Endpoint CategoryCost per Request
No-cost endpoints (regions, competitions, health)0 credits (free)
Standard matches endpoint (/v2/matches)1 credit
Trending matches endpoint (/v2/matches/trending)2 credits
Specific match endpoint (/v2/matches/{matchId})1 credit
Match settlement (/v2/bets/events/{eventId}/settle-bet)1 credit
Live odds (/v2/matches/{matchId}/live-odds)2 credits
AI recommendations (/v2/ai/betting-recommendations)2 credits
AI predictions (/v2/ai/mrdoge-picks)3 credits

Understand Credits

Learn how credits work, pricing, purchasing, and auto-recharge

Security Best Practices

Environment Variables

Store API keys in environment variables, never hardcode them: 
# .env
MRDOGE_API_KEY=sk_live_your_api_key_here

Don’t Expose Keys in Frontend

Never use API keys directly in client-side JavaScript - they’ll be visible in browser dev tools and can be stolen.
Instead:
  • Create a backend proxy that makes API calls on behalf of your frontend
  • Use serverless functions (Vercel, Netlify, AWS Lambda) to keep keys secure
  • Implement user authentication in your app, then make API calls server-side
Example Architecture: 
Frontend (React/Vue/etc.)
    ↓ HTTP request (no API key)
Backend API (Node.js/Python/PHP)
    ↓ HTTP request (with API key in server)
Mr. Doge API

FAQs

Yes, but we recommend creating separate keys for each application/environment:
  • Easier to track usage per application
  • Rotate keys without affecting all apps
  • Deactivate compromised keys in isolation
Immediately:
  1. Go to Dashboard → API Keys
  2. Deactivate the compromised key
  3. Create a new key
  4. Update your application
The stolen key will stop working immediately. Monitor your usage for any suspicious activity.
No, API keys never expire. They remain active until you deactivate them manually.However, we recommend rotating keys every 90 days for security best practices.

Next Steps

Understand Credits

Learn how the credit system works and optimizes your usage

View Pricing

See all credit packages and per-endpoint costs

Setup Auto-Recharge

Never run out of credits with automatic top-ups

Dashboard Guide

Master API key management in the dashboard