inNovaAPI
REST API

API Overview

Common conventions, response format, and error codes

Base URL

https://api.winnova.pro/api/ext/v1

Response Format

All responses follow this structure:

{
  "success": true,
  "data": { ... }
}

Error responses:

{
  "success": false,
  "error": "error message"
}

HTTP Status Codes

CodeDescription
200Success
400Bad Request — invalid parameters
401Unauthorized — missing or invalid API Key
403Forbidden — insufficient scope or IP not whitelisted
404Not Found
429Rate Limit Exceeded
500Internal Server Error

Pagination

List endpoints support cursor-based pagination:

ParameterTypeDescription
limitintegerItems per page (default: 20, max: 100)
offsetintegerNumber of items to skip

Content Type

  • Request body: application/json
  • Response body: application/json

Quickstart Example

A complete signed request to list active NBA events:

API_KEY="po_live_your_api_key"
API_SECRET="your_api_secret"
TIMESTAMP=$(date +%s%3N)          # milliseconds
NONCE=$(openssl rand -hex 16)     # unique per request
PATH="/api/ext/v1/events?league=nba&status=active"

# SHA-256 of empty body for GET requests
BODY_HASH=$(echo -n "" | openssl dgst -sha256 -hex | awk '{print $NF}')

# Signing string: METHOD\nPATH\nTIMESTAMP\nNONCE\nSHA256(BODY)
SIGNING_STRING="GET\n${PATH}\n${TIMESTAMP}\n${NONCE}\n${BODY_HASH}"

# HMAC-SHA256 of the full signing string
SIGNATURE=$(echo -ne "$SIGNING_STRING" | openssl dgst -sha256 -hmac "$API_SECRET" -hex | awk '{print $NF}')

curl -s "https://api.winnova.pro${PATH}" \
  -H "X-API-KEY: $API_KEY" \
  -H "X-API-TIMESTAMP: $TIMESTAMP" \
  -H "X-API-SIGNATURE: $SIGNATURE" \
  -H "X-API-NONCE: $NONCE"