Webhooks

Receive HTTP POST notifications in real time as game events happen

Overview

Webhooks deliver HTTP POST requests to your server when game events occur. Instead of polling the API, you register an endpoint URL and subscribe to the event types you care about. When an event fires, we send a signed JSON payload to your URL.

Manage webhooks through the dashboard or programmatically via API key. The full API is covered by an OpenAPI spec — hand it to your AI coding agent and let it handle setup, monitoring, and receiver scaffolding.

Data Delay

Events may be delayed up to 1 minute from real time.

Plan Limits

Feature	Free	ALL-ACCESS
Endpoints	1	10
Deliveries per month	100	500,000
Available events	Free events only	All events
Retry attempts	3	5
Delivery log retention	3 days	30 days
Manual retry	No	Yes

NBA

Events are namespaced as nba.*. A single endpoint can subscribe to events from multiple sports.

Event Types

Event Type	Description	Plan
`nba.game.started`	Game begins	Free
`nba.game.ended`	Game reaches final	Free
`nba.game.period_ended`	Period/quarter ends	ALL-ACCESS
`nba.game.overtime`	Game enters overtime	ALL-ACCESS
`nba.player.scored`	Player scores	ALL-ACCESS
`nba.player.rebound`	Player gets a rebound	ALL-ACCESS
`nba.player.assist`	Player records an assist	ALL-ACCESS
`nba.player.steal`	Player records a steal	ALL-ACCESS
`nba.player.block`	Player records a block	ALL-ACCESS
`nba.player.foul`	Player commits a foul	ALL-ACCESS
`nba.player.turnover`	Player commits a turnover	ALL-ACCESS
`nba.injury.created`	Player added to injury report	ALL-ACCESS
`nba.injury.updated`	Injury details changed	ALL-ACCESS
`nba.injury.cleared`	Player removed from injury report	ALL-ACCESS

MLB

Events are namespaced as mlb.*. A single endpoint can subscribe to events from multiple sports.

Event Types

Event Type	Description	Plan
`mlb.game.started`	Game begins	ALL-ACCESS
`mlb.game.ended`	Game reaches final	ALL-ACCESS
`mlb.game.inning_half_ended`	Half-inning ends (top or bottom)	ALL-ACCESS
`mlb.game.inning_ended`	Full inning ends (after bottom half)	ALL-ACCESS
`mlb.game.extra_innings`	Game enters extra innings	ALL-ACCESS
`mlb.batter.hit`	Batter gets a hit	ALL-ACCESS
`mlb.batter.home_run`	Batter hits a home run	ALL-ACCESS
`mlb.batter.strikeout`	Batter strikes out	ALL-ACCESS
`mlb.batter.walk`	Batter walks	ALL-ACCESS
`mlb.batter.hit_by_pitch`	Batter is hit by a pitch	ALL-ACCESS
`mlb.batter.groundout`	Batter grounds out	ALL-ACCESS
`mlb.batter.flyout`	Batter flies out	ALL-ACCESS
`mlb.batter.lineout`	Batter lines out	ALL-ACCESS
`mlb.batter.popout`	Batter pops out	ALL-ACCESS
`mlb.batter.foulout`	Batter fouls out	ALL-ACCESS
`mlb.batter.sacrifice_fly`	Batter hits a sacrifice fly	ALL-ACCESS
`mlb.batter.sacrifice`	Batter executes a sacrifice bunt	ALL-ACCESS
`mlb.batter.fielders_choice`	Batter reaches on a fielder's choice	ALL-ACCESS
`mlb.batter.reached_on_error`	Batter reaches on a fielding error	ALL-ACCESS
`mlb.team.scored`	Team scores a run	ALL-ACCESS
`mlb.injury.created`	Player added to injury report	ALL-ACCESS
`mlb.injury.updated`	Injury details changed	ALL-ACCESS
`mlb.injury.cleared`	Player removed from injury report	ALL-ACCESS

NHL

Events are namespaced as nhl.*. A single endpoint can subscribe to events from multiple sports.

Event Types

Event Type	Description	Plan
`nhl.game.started`	Game begins	ALL-ACCESS
`nhl.game.ended`	Game reaches final	ALL-ACCESS
`nhl.game.period_ended`	Period ends	ALL-ACCESS
`nhl.game.overtime`	Game enters overtime	ALL-ACCESS
`nhl.player.goal`	Player scores a goal	ALL-ACCESS
`nhl.player.assist`	Player records an assist	ALL-ACCESS
`nhl.player.penalty`	Player receives a penalty	ALL-ACCESS
`nhl.player.shot`	Player records a shot on goal	ALL-ACCESS
`nhl.team.goal`	Team scores a goal	ALL-ACCESS
`nhl.injury.created`	Player added to injury report	ALL-ACCESS
`nhl.injury.updated`	Injury details changed	ALL-ACCESS
`nhl.injury.cleared`	Player removed from injury report	ALL-ACCESS

NCAAB

Events are namespaced as ncaab.*. A single endpoint can subscribe to events from multiple sports.

Event Types

Event Type	Description	Plan
`ncaab.game.started`	Game begins	ALL-ACCESS
`ncaab.game.ended`	Game reaches final	ALL-ACCESS
`ncaab.game.period_ended`	Half ends	ALL-ACCESS
`ncaab.game.overtime`	Game enters overtime	ALL-ACCESS
`ncaab.player.scored`	Player scores	ALL-ACCESS
`ncaab.player.rebound`	Player gets a rebound	ALL-ACCESS
`ncaab.player.assist`	Player records an assist	ALL-ACCESS
`ncaab.player.steal`	Player records a steal	ALL-ACCESS
`ncaab.player.block`	Player records a block	ALL-ACCESS
`ncaab.player.foul`	Player commits a foul	ALL-ACCESS
`ncaab.player.turnover`	Player commits a turnover	ALL-ACCESS

NCAAW

Events are namespaced as ncaaw.*. A single endpoint can subscribe to events from multiple sports.

Event Types

Event Type	Description	Plan
`ncaaw.game.started`	Game begins	ALL-ACCESS
`ncaaw.game.ended`	Game reaches final	ALL-ACCESS
`ncaaw.game.period_ended`	Quarter ends	ALL-ACCESS
`ncaaw.game.overtime`	Game enters overtime	ALL-ACCESS
`ncaaw.player.scored`	Player scores	ALL-ACCESS
`ncaaw.player.rebound`	Player gets a rebound	ALL-ACCESS
`ncaaw.player.assist`	Player records an assist	ALL-ACCESS
`ncaaw.player.steal`	Player records a steal	ALL-ACCESS
`ncaaw.player.block`	Player records a block	ALL-ACCESS
`ncaaw.player.foul`	Player commits a foul	ALL-ACCESS
`ncaaw.player.turnover`	Player commits a turnover	ALL-ACCESS

ATP Tennis

Events are namespaced as atp.*. A single endpoint can subscribe to events from multiple sports.

Event Types

Event Type	Description	Plan
`atp.match.started`	Match begins	ALL-ACCESS
`atp.match.ended`	Match concludes	ALL-ACCESS
`atp.match.set_ended`	A set completes	ALL-ACCESS
`atp.match.set_score_updated`	Game score within a set changes	ALL-ACCESS
`atp.match.game_score_updated`	Point score within a game changes	ALL-ACCESS

WTA Tennis

Events are namespaced as wta.*. A single endpoint can subscribe to events from multiple sports.

Event Types

Event Type	Description	Plan
`wta.match.started`	Match begins	ALL-ACCESS
`wta.match.ended`	Match concludes	ALL-ACCESS
`wta.match.set_ended`	A set completes	ALL-ACCESS
`wta.match.set_score_updated`	Game score within a set changes	ALL-ACCESS
`wta.match.game_score_updated`	Point score within a game changes	ALL-ACCESS

Soccer

Seven soccer leagues share the same event types. Each league uses its own namespace prefix.

League	Prefix
English Premier League	`epl.*`
La Liga	`laliga.*`
Serie A	`seriea.*`
Champions League	`ucl.*`
Bundesliga	`bundesliga.*`
Ligue 1	`ligue1.*`
MLS	`mls.*`

Shared Soccer Event Types

Replace {league} with epl, laliga, seriea, ucl, bundesliga, ligue1, or mls. There are no league-specific soccer webhook events beyond the namespace prefix.

Preview payloads as

Event Type	Description	Plan
`{league}.game.started`	Game begins	ALL-ACCESS
`{league}.game.halftime`	Halftime begins	ALL-ACCESS
`{league}.game.second_half_started`	Second half begins	ALL-ACCESS
`{league}.game.extra_time`	Extra time begins	ALL-ACCESS
`{league}.game.penalty_shootout`	Game enters a penalty shootout	ALL-ACCESS
`{league}.game.ended`	Game reaches final	ALL-ACCESS
`{league}.player.goal`	Player scores a goal	ALL-ACCESS
`{league}.team.goal`	Team is credited with a goal	ALL-ACCESS
`{league}.player.own_goal`	Player scores an own goal	ALL-ACCESS
`{league}.player.penalty_goal`	Player scores a penalty goal	ALL-ACCESS
`{league}.player.free_kick_goal`	Player scores from a free kick	ALL-ACCESS
`{league}.player.header_goal`	Player scores a header	ALL-ACCESS
`{league}.player.shot`	Player attempts a shot	ALL-ACCESS
`{league}.player.shot_saved`	Player has a shot saved	ALL-ACCESS
`{league}.player.shot_missed`	Player misses a shot	ALL-ACCESS
`{league}.player.shot_blocked`	Player has a shot blocked	ALL-ACCESS
`{league}.player.hit_woodwork`	Player hits the woodwork	ALL-ACCESS
`{league}.goalkeeper.save`	Goalkeeper makes a save	ALL-ACCESS
`{league}.player.yellow_card`	Player receives a yellow card	ALL-ACCESS
`{league}.player.red_card`	Player receives a red card	ALL-ACCESS
`{league}.player.substitution`	Player is substituted	ALL-ACCESS
`{league}.injury.created`	Player added to injury report	ALL-ACCESS
`{league}.injury.updated`	Injury details changed	ALL-ACCESS
`{league}.injury.cleared`	Player removed from injury report	ALL-ACCESS

PGA Golf

Events are namespaced as pga.*. A single endpoint can subscribe to events from multiple sports.

Event Types

Event Type	Description	Plan
`pga.tournament.started`	Tournament begins	ALL-ACCESS
`pga.tournament.ended`	Tournament completes	ALL-ACCESS
`pga.tournament.round_started`	New round begins	ALL-ACCESS
`pga.player.hole_completed`	Player completes a hole	ALL-ACCESS
`pga.player.round_completed`	Player completes a round	ALL-ACCESS

Webhook Headers

Every delivery includes the following headers:

Header	Example	Description
`Content-Type`	`application/json`	Always JSON
`User-Agent`	`BDL-Webhook/1.0`	BallDontLie webhook user agent
`X-BDL-Webhook-Id`	`evt_550e8400...`	Unique event ID (for deduplication)
`X-BDL-Webhook-Timestamp`	`1706108400`	Unix timestamp of this delivery attempt
`X-BDL-Webhook-Signature`	`v1=abc123...`	HMAC-SHA256 signature

Signature Verification

Verify that webhook deliveries are authentic by computing an HMAC-SHA256 signature and comparing it to the X-BDL-Webhook-Signature header.

Extract the timestamp from X-BDL-Webhook-Timestamp
Construct the signed message: {timestamp}.{raw_body}
Compute HMAC-SHA256 using your endpoint secret
Compare against the signature (after the v1= prefix) using a constant-time comparison

JavaScript

const crypto = require('crypto');

function verifyWebhook(payload, headers, secret) {
  const timestamp = headers['x-bdl-webhook-timestamp'];
  const signature = headers['x-bdl-webhook-signature'];

  const message = `${timestamp}.${payload}`;
  const expected = 'v1=' + crypto
    .createHmac('sha256', secret)
    .update(message)
    .digest('hex');

  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
}

Python

import hmac
import hashlib

def verify_webhook(payload: bytes, headers: dict, secret: str) -> bool:
    timestamp = headers['x-bdl-webhook-timestamp']
    signature = headers['x-bdl-webhook-signature']

    message = f"{timestamp}.{payload.decode()}"
    expected = 'v1=' + hmac.new(
        secret.encode(),
        message.encode(),
        hashlib.sha256
    ).hexdigest()

    return hmac.compare_digest(signature, expected)

Retries & Auto-disable

If your endpoint returns a non-2xx status code or the request times out (30s), the delivery is retried with exponential backoff:

Attempt	Delay
1st retry	30 seconds
2nd retry	2 minutes
3rd retry	10 minutes
4th retry	30 minutes

Free accounts get 3 total attempts (initial + 2 retries). ALL-ACCESS accounts get 5 total attempts (initial + 4 retries).

Auto-disable

Endpoints are automatically disabled after 2 consecutive deliveries where all retry attempts are exhausted. Re-enable them from the dashboard.

Delivery Statuses

Status	Description
`pending`	Queued, waiting for first attempt or next retry
`delivering`	Currently being sent
`delivered`	Successfully delivered (2xx response)
`failed`	Last attempt failed, retries remaining
`exhausted`	All retry attempts used, delivery abandoned

Getting Started

Sign up at app.balldontlie.io
Navigate to the Webhooks tab in your dashboard
Create an endpoint with your URL and desired event types
Send a test event to verify your endpoint is receiving payloads
Store your signing secret securely and implement signature verification

AI & Agents

The Webhooks API is fully programmable via API key, which means AI coding agents can manage your entire webhook lifecycle — creating endpoints, subscribing to events, building receivers, and monitoring delivery health — without you touching the dashboard.

OpenAPI Specification

Give your agent the Webhooks OpenAPI spec and it has everything it needs to work with the API: endpoint schemas, authentication, request/response formats, and event type definitions.

Download webhooks-openapi.yml

What an Agent Can Do

Set up endpoints — create webhook endpoints pointed at your server URL and subscribe to the event types you need
Scaffold a receiver — generate a server (Express, Flask, FastAPI, etc.) that accepts webhook POSTs, verifies signatures, and routes events by type
Monitor health — check GET /webhooks/v1/usage for delivery counts and GET /webhooks/v1/endpoints/:id/deliveries?status=failed for failures
Self-heal — retry failed deliveries, rotate secrets, re-enable disabled endpoints, and adjust event subscriptions

Example Prompt

Paste this into your AI coding tool (Claude Code, Cursor, Windsurf, Copilot, etc.) to get started:

I want to receive real-time NBA scoring alerts via BALLDONTLIE webhooks.

Here is the API spec: https://www.balldontlie.io/webhooks-openapi.yml
My API key is: $BALLDONTLIE_API_KEY

Please:
1. Create a webhook endpoint at https://my-server.com/webhooks/bdl
   subscribed to nba.player.scored and nba.game.ended
2. Write an Express.js server that:
   - Accepts POST /webhooks/bdl
   - Verifies the HMAC-SHA256 signature using the endpoint secret
   - Logs a message for each scoring play with the player name and score
   - Returns 200 on success
3. Send a test event to verify it works

Tips for Agent Workflows

The OpenAPI spec includes all 254 event types. Point your agent at GET /webhooks/v1/event-types to discover which events are available for your subscription tier.
Store the secret from the create endpoint response immediately — it is only returned on creation and on POST /rotate-secret.
Use POST /endpoints/:id/test to send a test event and verify your receiver before live games start.
Agents can build event-driven automations on top of webhooks: Discord bots, Slack alerts, SMS notifications, database pipelines, betting triggers, and more.

Start Receiving Live Events

Set up your first webhook in minutes. Free tier includes 100 deliveries per month.