Fantasy Premier League API authentication guide
The Fantasy Premier League game has tons of data available to help you make player picks for your team. Luckily for those of us with programming knowledge, the developers blessed us with a RESTful API that can be used to get data about player performances, team scores, etc. Some basic API calls can always be used, the more interesting ones however, require the user to be authenticated. These include requesting mini-league scores and players team formation. So if you wanted to write a program to recommend transfers for your team based on your players performances, you would need to be authenticated. This article provides a quick introduction to the authentication system the FPL API uses. If you are not familiar with the API, you can first check out this guide.
Programming examples below will be written in Python using the requests package. Do not be alarmed if you plan on using a different language or HTTP library, the general principles will be explained which will allow you to apply them in any environment you please.
Authentication in the FPL API is done by posting your login information to the users service. When authentication is successful you will receive some cookies that will be used to authorize you to acces restricted API calls. The first step is to set up a session. This is important because this way the cookies received from successful authentication will be retained and sent along in our next requests to the server.
import requestssession = requests.session()
The next step is sending our login information to the FPL server. This is done via the HTTP POST method, your email adress and password need to be in the body, as well as a redirect uri and app field. This is done as follows:
url = 'https://users.premierleague.com/accounts/login/'payload = {
'password': '<YOUR PASSWORD>',
'login': '<YOUR EMAIL>',
'redirect_uri': 'https://fantasy.premierleague.com/a/login',
'app': 'plfpl-web'
}session.post(url, data=payload)
If this is successful the server will return a success message along with a number of cookies. These cookies will identify you to the server and need to be sent along in your next API calls. The session we created earlier does this for us, but if you are using a different framework you might have to include the cookies manually. If this is the case, these are the cookies that are essential to acces restricted information:
╔═════════════╦═══════════════════════════╗
║ Cookie name ║ Domain ║
╠═════════════╬═══════════════════════════╣
║ pl_profile ║ .premierleague.com ║
║ sessionid ║ fantasy.premierleague.com ║
║ sessionid ║ users.premierleague.com ║
╚═════════════╩═══════════════════════════╝Our session now contains all the required cookies and can be used to request information that was previously not accesible like this:
response = session.get('https://fantasy.premierleague.com/drf/my-team/<YOUR TEAM ID>')To recap:
- POST your login data to the URL mentioned above and receive the cookies
- Acces restricted info by including the received cookies in your GET request
Thank you for reading and good luck dominating your mini-league using your data analysis skills!
