Betfair Exchange API (Betting, Accounts, Heartbeat, Race Status, Navigation, Vendor Services HTTP APIs)
X-Application: <credential> + Betfair session token X-Authentication: <credential> discovered Create your keys via the Accounts API Demo Tool. Betfair's getting-started guide says each account gets a Delayed key and a Live key, and that app keys are needed for API requests. To create them, log in to Betfair, open the demo tool, run createDeveloperAppKeys, and later you can view them with getDeveloperAppKeys as described in How do I retrieve and view my existing Application Keys?.
Obtain a session token by logging in to the Betfair API. Betfair's getting-started guide says a session token is required for API requests and links to How do I login to the API?. For bot/non-interactive login, Betfair documents using your Betfair username and password together with a self-signed client certificate uploaded to your account in Non-Interactive (bot) login.
For Vendor Services integrations, register as a Betfair vendor/application and use the Vendor Services OAuth 2 flow described in Vendor Services API. That flow issues access and refresh tokens for making API calls on a user's behalf. The public page available here confirms the flow exists, but the anonymous scrape did not expose enough detail to pin the exact client-registration page or HTTP binding.