GamePlan NIL Logo
API Application Programming Interface Concept. A programmer types on a laptop, interacting with digital icons representing API development, security, and cloud computing. Application Software Tool,
Technical Documentation

Compliance API Technical Specifications

RESTful API for real-time NIL deal reporting to university compliance offices. OAuth 2.0 authentication, JSON payloads, webhook support.

Overview
Authentication
Endpoints
Implementation

API Overview

The GamePlan NIL Compliance API enables universities to receive real-time notifications when their athletes enter into NIL deals. This ensures compliance with NCAA rules, state laws, and institutional policies.

Real-Time Updates

Webhooks deliver instant notifications when athletes sign new deals

Secure & Compliant

OAuth 2.0, AES-256 encryption, SOC 2 Type II certified

RESTful Design

Standard HTTP methods, JSON payloads, predictable resource URLs

Specification Details
Base URL https://api.gameplan-nil.com/v1
Protocol HTTPS only (TLS 1.2+)
Authentication OAuth 2.0 with JWT tokens
Data Format JSON (application/json)
Rate Limiting 1000 requests/hour per institution
Webhooks Supported (recommended for real-time updates)
API Version v1 (current), backward compatible

Authentication

OAuth 2.0 Flow

GamePlan NIL uses OAuth 2.0 Client Credentials flow for server-to-server authentication.

POST Request to Token Endpoint: 
POST https://api.gameplan-nil.com/v1/oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
&scope=compliance:read compliance:write
Response (JWT Token):
{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "compliance:read compliance:write"
}

Security Best Practices

  • • Never expose client_secret in client-side code or public repositories
  • • Rotate credentials every 90 days
  • • Store tokens securely (encrypted at rest)
  • • Use environment variables, not hardcoded values

API Endpoints

GET /compliance/deals
Retrieve NIL deals

Retrieve all NIL deals for athletes at your institution. Supports filtering by date, athlete, status, and sport.

Query Parameters:

start_date (optional): YYYY-MM-DD format
end_date (optional): YYYY-MM-DD format
athlete_id (optional): Filter by specific athlete
status (optional): pending | active | completed
limit (optional): Max 100, default 50

Example Request: 

GET /v1/compliance/deals?start_date=2025-01-01&status=active
Authorization: Bearer YOUR_ACCESS_TOKEN

Response (200 OK): 

{
  "data": [
    {
      "deal_id": "deal_abc123",
      "athlete_id": "ath_456",
      "athlete_name": "John Smith",
      "sport": "Football",
      "brand_name": "Local Pizza Co",
      "deal_value": 2500.00,
      "deal_date": "2025-01-15",
      "status": "active",
      "deliverables": ["2 Instagram posts", "1 appearance"],
      "compliance_status": "approved"
    }
  ],
  "pagination": {
    "total": 45,
    "page": 1,
    "per_page": 50
  }
}
GET /compliance/athletes/:athlete_id
Get athlete details

Retrieve profile information and NIL activity summary for a specific athlete.

Response Includes:

  • Athlete name, sport, year, roster status
  • Total NIL earnings (lifetime & current year)
  • Active and completed deal count
  • Compliance training completion status
POST /compliance/webhooks
Configure webhooks

Register a webhook endpoint to receive real-time notifications when athletes at your institution sign new NIL deals.

Webhook Events:

deal.created

Fired when athlete signs new deal

deal.updated

Fired when deal terms change

deal.completed

Fired when deal is fulfilled

compliance.alert

Fired for potential rule violations

Webhook Security

All webhook payloads include an HMAC-SHA256 signature header for verification. Webhook endpoints must return a 200 OK within 5 seconds.

Implementation Guide

4-Week Implementation Timeline

1

Week 1: Planning & Credentials

  • Kickoff call with GamePlan NIL integration team
  • Define data requirements & compliance workflows
  • Receive sandbox API credentials for testing
  • Review technical documentation & code samples
2

Week 2: Development & Testing

  • Build integration in your compliance system
  • Configure webhook endpoints for real-time notifications
  • Test authentication & data retrieval in sandbox
  • Validate data mapping & field formatting
3

Week 3: UAT & Training

  • User acceptance testing with compliance staff
  • Train compliance office on new workflows
  • Create internal documentation & SOPs
  • Pilot with small group of athletes
4

Week 4: Go-Live & Rollout

  • Receive production API credentials
  • Deploy to production environment
  • Announce to athletes & athletic department
  • Monitor first 48 hours with dedicated support

Data Models

NIL Deal Object

{
  "deal_id": "string",                    // Unique deal identifier
  "athlete_id": "string",                 // Athlete unique identifier
  "athlete_name": "string",               // Full name
  "sport": "string",                      // Sport (Football, Basketball, etc.)
  "year": "string",                       // Freshman, Sophomore, Junior, Senior
  "brand_name": "string",                 // Brand/company name
  "brand_category": "string",             // Apparel, Restaurant, Local Business, etc.
  "deal_type": "string",                  // Social Media, Appearance, Endorsement, etc.
  "deal_value": number,                   // USD amount (decimal)
  "deal_date": "YYYY-MM-DD",             // Date deal was signed
  "start_date": "YYYY-MM-DD",            // When deliverables begin
  "end_date": "YYYY-MM-DD",              // When deliverables end
  "status": "string",                     // pending | active | completed | cancelled
  "deliverables": ["string"],             // Array of deliverable descriptions
  "compliance_status": "string",          // approved | under_review | flagged
  "state_compliant": boolean,             // Meets state NIL laws
  "ncaa_compliant": boolean,              // Meets NCAA rules
  "institutional_notes": "string",        // Internal compliance notes
  "created_at": "ISO 8601 timestamp",
  "updated_at": "ISO 8601 timestamp"
}

Ready to Integrate?

Our technical team will guide you through every step of the implementation process.

Email Support
[email protected]
Developer Portal
developers.gameplan-nil.com
Live Chat
Available Mon-Fri 9am-5pm ET

Request API Access

Submit Request
Technical FAQ

API Integration Questions

Technical questions answered for development teams and IT directors implementing the Compliance API.

What authentication methods does the API support?

What are the API rate limits and how do we handle throttling?

How do webhooks work and what events can we subscribe to?

Is there a sandbox environment for testing?

What data formats and versioning are supported?

What support is available during and after integration?

Ready to start your API integration?

Request API Credentials
{
}
</>
API Access Request

Request API Credentials

Get sandbox access, technical documentation, and start building your integration in minutes. Our team will provision your credentials within 24 hours.

What You'll Receive

Sandbox Environment - Full API access with test data
Complete Documentation - OpenAPI specs, SDKs, code samples
Postman Collection - Pre-configured API requests for testing
Integration Engineer - Dedicated support during setup
Webhook Testing Tools - Simulate events and test integrations

Typical Integration Timeline

Week 1-2: Sandbox setup and initial testing
Week 3-4: Development and webhook configuration
Week 5-6: UAT and production deployment

Most university IT teams complete integration in 4-6 weeks.

API Access Form

Complete this form to receive your sandbox credentials and documentation.

By requesting access, you agree to our API Terms of Service. Sandbox credentials typically provisioned within 24 hours.