Authentication

One websocket connection may be logged in to at most one user. If the connection is already authenticated, further attempts to log in will result in 400 errors.

  • key: your API key
  • time: integer current UNIX timestamp (in milliseconds)
  • sign: SHA256 HMAC (hash-based message authentication code) of the following string, using your API secret as the hashing key: <time>websocket_login
  • subaccount: (optional) subaccount name
    {
      "args": {
        "key": "<api_key>",
        "sign": "<signature>",
        "time": <ts>
      },
      "op": "login"
    }
    

As an example, if:

  • time: 1557246346499
  • secret: 'Y2QTHI23f23f23jfjas23f23To0RfUwX3H42fvN-'

sign would be d10b5a67a1a941ae9463a60b285ae845cdeac1b11edc7da9977bef0228b96de9

Example of generating login with Python:

ts = int(time.time() * 1000)
send_json(ws, {
  'op': 'login', 
  'args': {
    'key': key,
    'sign': hmac.new(
        secret.encode(), f'{ts}websocket_login'.encode(), 'sha256').hexdigest(),
    'time': ts,
    'subaccount': 'trading'
    }
})