Skip to main content
Deploy your Fantasy Basketball Analytics application to Heroku for a production-ready, publicly accessible instance.

Prerequisites

  • A Heroku account (free tier available)
  • Heroku CLI installed
  • Git installed and repository initialized
  • Yahoo Developer application configured

Procfile Configuration

The application includes a Procfile that tells Heroku how to run the app: 
web: gunicorn main:app
This configuration:
  • Uses Gunicorn as the production WSGI server (instead of Flask’s development server)
  • Runs the Flask app defined in main.py as the variable app
  • Automatically binds to Heroku’s dynamically assigned port
Gunicorn is included in requirements.txt and is production-ready, unlike Flask’s built-in development server.

Deployment Steps

1

Install Heroku CLI

Download and install the Heroku CLI from devcenter.heroku.com:
# macOS
brew tap heroku/brew && brew install heroku

# Windows
# Download installer from Heroku website

# Ubuntu/Debian
curl https://cli-assets.heroku.com/install.sh | sh
Verify installation:
heroku --version
2

Login to Heroku

Authenticate with your Heroku account:
heroku login
This will open a browser window for authentication.
3

Create Heroku Application

Create a new Heroku app:
heroku create your-fantasy-basketball-app
Or let Heroku generate a random name:
heroku create
Note the app URL provided (e.g., https://your-fantasy-basketball-app.herokuapp.com).
4

Configure Environment Variables

Set all required environment variables on Heroku:
heroku config:set YAHOO_CLIENT_ID=your_yahoo_client_id
heroku config:set YAHOO_CLIENT_SECRET=your_yahoo_client_secret
heroku config:set FLASK_SECRET_KEY=your_production_secret_key
heroku config:set FLASK_ENV=production
Use a strong, unique FLASK_SECRET_KEY for production. Generate one with:
python -c "import secrets; print(secrets.token_hex(32))"
Verify your configuration:
heroku config
5

Update Yahoo OAuth Callback

In your Yahoo Developer application settings, update the Redirect URI:
https://your-fantasy-basketball-app.herokuapp.com/callback
The application hardcodes HTTPS for OAuth callbacks in production (see main.py:409):
@app.route("/login")
def login():
    return yahoo.authorize_redirect(
        url_for("callback", _external=True, _scheme="https")
    )
6

Deploy to Heroku

Ensure all changes are committed to Git:
git add .
git commit -m "Prepare for Heroku deployment"
Deploy to Heroku:
git push heroku main
Or if your branch is named master:
git push heroku master
7

Scale the Application

Ensure at least one web dyno is running:
heroku ps:scale web=1
Heroku’s free tier includes enough hours for one dyno to run continuously.
8

Verify Deployment

Open your application in a browser:
heroku open
Or manually visit your app URL.

Production Configuration

Session Security

The application configures Flask sessions for production: 
# From main.py:117-122
app.secret_key = os.getenv("FLASK_SECRET_KEY", "dev-key")
app.config.update(
    SESSION_COOKIE_SAMESITE="Lax",
    SESSION_COOKIE_SECURE=False,
    PERMANENT_SESSION_LIFETIME=60 * 60,
)
SESSION_COOKIE_SAMESITE
string
default:"Lax"
Protects against CSRF attacks while allowing normal navigation
SESSION_COOKIE_SECURE
boolean
default:"False"
Set to True if you want to enforce HTTPS-only cookies (recommended for production)
PERMANENT_SESSION_LIFETIME
integer
default:"3600"
Session expires after 60 minutes (3600 seconds) of inactivity

OAuth Configuration

Yahoo OAuth is configured with production endpoints: 
# From main.py:126-138
yahoo = oauth.register(
    name="yahoo",
    client_id=os.environ["YAHOO_CLIENT_ID"],
    client_secret=os.environ["YAHOO_CLIENT_SECRET"],
    authorize_url="https://api.login.yahoo.com/oauth2/request_auth",
    access_token_url="https://api.login.yahoo.com/oauth2/get_token",
    refresh_token_url="https://api.login.yahoo.com/oauth2/get_token",
    api_base_url="https://fantasysports.yahooapis.com/",
    client_kwargs={
        "scope": "fspt-r",
        "token_endpoint_auth_method": "client_secret_basic",
    },
)

Monitoring and Logs

View Application Logs

# Stream live logs
heroku logs --tail

# View recent logs
heroku logs --num 100

# Filter by source
heroku logs --source app

Check Dyno Status

heroku ps

Restart Application

heroku restart

Troubleshooting

Check logs for errors:
heroku logs --tail
Common issues:
  • Missing environment variables
  • Dependency installation failures
  • Port binding errors (Heroku assigns the port automatically)
Verify:
  • Yahoo app Redirect URI exactly matches: https://your-app.herokuapp.com/callback
  • Environment variables are set correctly: heroku config
  • Client ID and Secret are correct
Yahoo Fantasy API has rate limits. If you hit them:
  • Implement caching for frequently accessed data
  • Add retry logic with exponential backoff
  • Monitor your API usage patterns
Increase the session lifetime in main.py:
PERMANENT_SESSION_LIFETIME=60 * 60 * 24  # 24 hours
Then redeploy the application.

Updating Your Deployment

When you make changes to the code: 
# Commit your changes
git add .
git commit -m "Description of changes"

# Push to Heroku
git push heroku main

# Monitor the deployment
heroku logs --tail
Heroku automatically detects the Python buildpack, installs dependencies from requirements.txt, and runs the app using the Procfile.

Performance Optimization

Enable Heroku Dyno Autoscaling

For high-traffic periods: 
heroku ps:autoscale web --min 1 --max 3 --p95 0.8

Add Redis Caching

Consider adding Heroku Redis for session storage and API caching: 
heroku addons:create heroku-redis:mini

Security Best Practices

Never commit .env files or secrets to Git. Always use Heroku config vars for sensitive data.
  • Use strong, randomly generated FLASK_SECRET_KEY
  • Rotate OAuth credentials regularly
  • Enable two-factor authentication on your Heroku account
  • Review Heroku security best practices at devcenter.heroku.com/categories/security
  • Consider enabling SESSION_COOKIE_SECURE=True for HTTPS-only cookies

Next Steps

Environment Variables

Complete reference for all configuration options

Local Development

Set up a development environment

Build docs developers (and LLMs) love

Get started for freeTalk to us