FIFA WORLD CUP 2026
Group AMexico·Czechia·South Africa·South KoreaGroup BBosnia & Herzegovina·Canada·Qatar·SwitzerlandGroup CBrazil·Haiti·Morocco·ScotlandGroup DAustralia·Paraguay·Türkiye·USAGroup ECuraçao·Ecuador·Germany·Côte d'IvoireGroup FJapan·Netherlands·Sweden·TunisiaGroup GBelgium·Egypt·Iran·New ZealandGroup HCabo Verde·Saudi Arabia·Spain·UruguayGroup IFrance·Iraq·Norway·SenegalGroup JAlgeria·Argentina·Austria·JordanGroup KColombia·DR Congo·Portugal·UzbekistanGroup LCroatia·England·Ghana·Panama Group AMexico·Czechia·South Africa·South KoreaGroup BBosnia & Herzegovina·Canada·Qatar·SwitzerlandGroup CBrazil·Haiti·Morocco·ScotlandGroup DAustralia·Paraguay·Türkiye·USAGroup ECuraçao·Ecuador·Germany·Côte d'IvoireGroup FJapan·Netherlands·Sweden·TunisiaGroup GBelgium·Egypt·Iran·New ZealandGroup HCabo Verde·Saudi Arabia·Spain·UruguayGroup IFrance·Iraq·Norway·SenegalGroup JAlgeria·Argentina·Austria·JordanGroup KColombia·DR Congo·Portugal·UzbekistanGroup LCroatia·England·Ghana·Panama
Open full hub →
Growing Discord community — direct access to the developer, live coverage & picks. Join the Discord Join now →
This is an archived ticket from the old feedback page. New support tickets are now handled on our support portal. Open a new ticket →
Bug Archived Mar 30, 2026 · AA

Api key visible in image url

https://sports.bzzoiro.com/img/team/4482/?token=××××××××××××× so any one can view the api key and might abuse it, we need to work on protecting the api key so it won't display in raw file or code

Comments (1)
Bzzoiro Admin Apr 02, 2026 20:01
Good catch, thanks for reporting this! You're right — exposing the API token in image URLs is a security concern. We've just deployed a fix: image endpoints are now public and no longer require authentication. You can use them directly without any token: This means you can safely use them in <img> tags without exposing your API key: Your API token should only be used for data endpoints (/api/events/, /api/leagues/, etc.) via the Authorization: Token header — never in URLs. The docs have been updated accordingly: https://sports.bzzoiro.com/docs/#images