Skip to main content
This page is for production launch and operations. It covers the rules your integration has to obey once the quickstart works: bearer auth, product scope, request limits, headers, and the failure cases teams most often need to debug.

Transport

  • production base URL: https://sports-mcp-server.etonecarg.com/
  • health check: GET /
  • MCP transport: POST /
  • CORS preflight: OPTIONS /

Authentication

Sports MCP Server uses bearer authentication. Send: 
Authorization: Bearer YOUR_SPORTS_MCP_SERVER_API_KEY
API keys are product-scoped. A valid key from another product will still be rejected here.

Product Scope Enforcement

If a key was created for sports-mcp-server, it must only be used against Sports MCP Server. That protects customers from accidental cross-product reuse and keeps commercial attribution aligned to the product that was actually provisioned.

Request Limits

  • request body size cap: 1 MiB
  • oversize request response: 413

Rate Limits

Current server-enforced limits:
  • per API key: 60 requests per 60 seconds
  • per organization: 600 requests per 60 seconds
If you hit a rate limit, the server responds with 429 and a retry hint.

Quota Enforcement

When the account has usage controls configured, the server can enforce quota behavior as well. Common outcomes:
  • response message: Usage quota exceeded
  • response message: Usage quota not provisioned
  • response header: X-Usage-Quota-State: unprovisioned

Common Response Headers

HeaderMeaning
X-Usage-Remainingremaining quota
X-Usage-Limitcurrent quota limit
X-Usage-Resetquota reset time
X-Usage-Billing-Modelbilling model for the request
X-Usage-Overage-Spendoverage spend when overage is active
X-Usage-Quota-Statewhether quota is provisioned
Retry-Afterretry hint for throttled traffic

CORS Behavior

CORS preflight is supported on OPTIONS /, but browser access still depends on portal-managed origin allowlisting for the product. Current high-level behavior:
  • allowed origins must be configured in the customer portal
  • production origins must use https://
  • local development origins like http://localhost can be allowed
If your product can proxy through the backend instead of exposing the key to the browser, do that.

Locale Hints

Many tools accept language as a BCP-47 locale such as:
  • en-US
  • es-MX
  • de-DE
Pass it when the UI or assistant should prefer localized names and labels.

Error Reference

StatusTypical messageWhat it usually means
400validation-style errorrequired arguments are missing or mutually incompatible
401Invalid API keythe key is unknown, revoked, or expired
403API key is not authorized for this productvalid key, wrong product
413request too largerequest body exceeded the cap
429rate-limit errorrequest volume exceeded key or org rate limits
429Usage quota exceededusage cap reached
429Usage quota not provisionedentitlement exists but quota has not been provisioned
5xxupstream or internal failureretryable server-side issue or upstream dependency problem

Support Tip

When you escalate an issue internally or to Gracenote, include:
  • approximate timestamp
  • product slug
  • tool name
  • affected API key name if possible
  • HTTP status and any usage headers returned