About · how it's built

How League Loom is built

League Loom is a Model Context Protocol (MCP) server that connects Claude, ChatGPT, and other AI tools to your ESPN, Sleeper, and Fantrax fantasy leagues. It is read-only, private, and built on the platforms' own data APIs rather than scraped pages or a third-party data reseller. Below is exactly how it's put together: the protocol it speaks, how it authorizes you without a shared password, and where every byte of league data actually comes from.

Architecture

How it works under the hood

A small, read-only server that turns three fantasy platforms into one set of AI tools.

Model Context Protocol server

Built on the open MCP standard for connecting AI clients to external tools and data. League Loom runs over stdio for local use and as a stateless Streamable HTTP service when hosted at leagueloom.com/mcp, so it plugs into Claude, ChatGPT, and any other MCP-compatible client without custom glue code.

OAuth 2.1, no shared keys

Connecting uses Dynamic Client Registration and PKCE, the same standards-based flow browsers use for secure sign-in. Each person authorizes their own ESPN, Sleeper, or Fantrax accounts directly, so there's no shared API key issued to every user and nothing to copy or leak.

Stateless, encrypted tokens

Your credentials are sealed into your own access token using AES-256-GCM encryption at connect time, not written into a shared database. Because the server holds no per-user state between requests, every call carries its own authorization, and there's no session store to compromise.

Provider-adapter pattern

Each platform's data (standings, rosters, matchups, players, transactions) maps into one set of normalized shapes, so a single set of read-only tools works across Fantrax, ESPN, and Sleeper without the AI needing to know which platform it's talking to.

Read-only by design

Every endpoint is a read. There's no write path in the codebase at all, so League Loom can never set a lineup, make a trade, submit a waiver claim, or otherwise write anything back to your leagues, structurally, not just by policy.

Data connections

Where the data comes from

League Loom talks directly to each platform's own read-only API, with no scraping and no third-party data resellers.

Sleeper docs ↗

API: Sleeper's official public read API (api.sleeper.app), fully documented and free to use. League Loom calls it directly for rosters, matchups, transactions, and the player pool.

Auth: No auth needed; Sleeper league data is public, and your username alone identifies your team.

Sports: NFL, NBA

ESPN

API: ESPN's fantasy read endpoints (lm-api-reads.fantasy.espn.com plus the fan API), unofficial and undocumented but stable enough to build on.

Auth: Public leagues need nothing at all; private leagues use your own espn_s2 and SWID cookies, the same values your browser already uses to stay signed in to ESPN.

Sports: NFL, NBA, MLB, NHL, WNBA

Fantrax docs ↗

API: Fantrax's official “fxea” External API (fantrax.com/fxea), a read-only Beta API most AI fantasy tools skip entirely.

Auth: A read-only Secret ID for league discovery, with your team matched by team id or name, no password required.

Sports: Many (NFL, NBA, MLB, NHL & more)

Why it's built this way

Read-only isn't a limitation, it's the point

Most fantasy tools that touch your league ask for broad account access "just in case," then sit on write permissions they rarely use. League Loom flips that: it was designed with no write path at all, so there's nothing to accidentally misuse and nothing that requires trusting a third party with control over your lineup. That constraint also keeps the integration simple to reason about. Every tool call is a fetch against a provider's read API, normalized into a shared shape, and handed to whichever AI client asked for it. There's no queue of pending writes, no risk of a bad instruction silently changing your roster, and no server-side database tracking who did what. If you disconnect League Loom, there's nothing left behind to clean up beyond revoking the OAuth grant on your end.

It also means the AI client is doing the reasoning, not League Loom. The server's job stops at handing back accurate, current data, in a normalized shape a model can work with, whether that's your standings, this week's matchups, or the ranked waiver wire. What Claude or ChatGPT does with that data, like recommending a start/sit call or ranking a trade, happens in the AI client itself. League Loom doesn't run its own scoring models or maintain player rankings; it's a data layer, not an opinion layer, which keeps its surface area small enough to audit and its behavior predictable across every provider it supports.

Get started

Bring your leagues into your AI

Connecting takes about two minutes: add the League Loom URL as a custom connector in Claude or ChatGPT, authorize your ESPN, Sleeper, or Fantrax account through the OAuth flow described above, and a short wizard finds your leagues so you can pick your team. From there you can ask about rosters, standings, matchups, and waivers in plain language, with everything grounded in the live data your platform actually returns. See what ships next in the release notes, a running, plain-English log of every capability as it goes live.

Get started