Authentication
All requests that start with /ws/public
do not require authentication. All /ws/private
requests do, and authentication takes place in the form of an “auth” message sent after connecting:
- “key” - entry whose value is api caller’s apiKey. e.g.
“A…-99…”
- “signTimestamp” - entry whose value is a timestamp. e.g.
“1649371360000“
- “signature” - entry whose value is the signature generated by API caller for the request. e.g.
“4F…%3D”
. - "signatureMethod” - optional entry whose value is signature method. e.g. “HmacSHA256”
- "signatureVersion” - optional entry whose value is signature version. e.g. “2“
Example:
{
"event": "subscribe",
"channel": ["auth"],
"params": {
"key": "XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX",
"signTimestamp": XXXXXXXXXXXX,
"signature": "XXXXXXXXXXXXXXXXXX"
}
}
WS Signature (sign) Generation
Steps:
- Compose a “Request String” to be used for the generation of the digital signature which would include:
- a. Method type:
GET\n
- b. Access path, followed "\n" e.g.
/ws\n
- c. List of parameters:
signTimestamp=1631018760000
- NOTE: all parameters must be URL/UTF-8 encoded i.e. space is encoded as
"%20"
- NOTE: all parameters must be URL/UTF-8 encoded i.e. space is encoded as
- d. The final string for the signature generation, based on the example values above will be:
GET\n
/ws\n
signTimestamp=1631018760000
- a. Method type:
- Generate a digital signature using the "Request String" generated in the previous step and your key (Secret Key):
- a. Call the HmacSHA256 hash function to get the hash value with the request string and API private key obtained in the previous step as two parameters.
- b. Encode this hash with base-64 and the resulting value is used as the digital signature for this interface call.
- c. For example:
5g4Rx5A2bLyMWFgR3Aqp+B4w+iJkL7n5OD3SuYtCJK8=
- Request example using the above generated signature:
wss://ws.poloniex.com/ws/private
Example:
{
"event": "subscribe",
"channel": ["auth"],
"params": {
"key": "A3xxxxxx-99xxxxxx-84xxxxxx-7xxxx",
"signTimestamp": 1631018760000,
"signatureMethod": "HmacSHA256",
"signatureVersion": "2",
"signature": "5g4Rx5A2bLyMWFgR3Aqp+B4w+iJkL7n5OD3SuYtCJK8="
}
}
auth
To access private channels, you must authenticate first, and then you can access private channel data after success, if you encounter api key failure, you need to re-authenticate.
Request:
{
"event": "subscribe",
"channel": ["auth"],
"params": {
"key": "XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX",
"signTimestamp": XXXXXXXXXXXX,
"signature": "XXXXXXXXXXXXXXXXXX"
}
}
Response:
# Successful return results
{
"data": {
"success": true,
"ts": 1645597033915
},
"channel": "auth"
}
# Failure to return results
{
"data": {
"success": false,
"message": "Authentication failed!",
"ts": 1646276295075
},
"channel": "auth"
}
Subscription Examples
Sample Requests and Stream
Request → Receipt Confirmation → Stream (continuous feed)