Skip to main content

Authentication

All requests that start with /ws/public do not require authentication. All /ws/private requests do, and authentication takes place in the form of an “auth” message sent after connecting:

  • “key” - entry whose value is api caller’s apiKey. e.g. “A…-99…”
  • “signTimestamp” - entry whose value is a timestamp. e.g. “1649371360000“
  • “signature” - entry whose value is the signature generated by API caller for the request. e.g. “4F…%3D”.
  • "signatureMethod” - optional entry whose value is signature method. e.g. “HmacSHA256”
  • "signatureVersion” - optional entry whose value is signature version. e.g. “2“
Example:
{
"event": "subscribe",
"channel": ["auth"],
"params": {
"key": "XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX",
"signTimestamp": XXXXXXXXXXXX,
"signature": "XXXXXXXXXXXXXXXXXX"
}
}

WS Signature (sign) Generation

Steps:

  1. Compose a “Request String” to be used for the generation of the digital signature which would include:
    • a. Method type: GET\n
    • b. Access path, followed "\n" e.g. /ws\n
    • c. List of parameters: signTimestamp=1631018760000
      • NOTE: all parameters must be URL/UTF-8 encoded i.e. space is encoded as "%20"
    • d. The final string for the signature generation, based on the example values above will be:
      GET\n
      /ws\n
      signTimestamp=1631018760000
  2. Generate a digital signature using the "Request String" generated in the previous step and your key (Secret Key):
    • a. Call the HmacSHA256 hash function to get the hash value with the request string and API private key obtained in the previous step as two parameters.
    • b. Encode this hash with base-64 and the resulting value is used as the digital signature for this interface call.
    • c. For example: 5g4Rx5A2bLyMWFgR3Aqp+B4w+iJkL7n5OD3SuYtCJK8=
  3. Request example using the above generated signature:
wss://ws.poloniex.com/ws/private
Example:

{
"event": "subscribe",
"channel": ["auth"],
"params": {
"key": "A3xxxxxx-99xxxxxx-84xxxxxx-7xxxx",
"signTimestamp": 1631018760000,
"signatureMethod": "HmacSHA256",
"signatureVersion": "2",
"signature": "5g4Rx5A2bLyMWFgR3Aqp+B4w+iJkL7n5OD3SuYtCJK8="
}
}

auth

To access private channels, you must authenticate first, and then you can access private channel data after success, if you encounter api key failure, you need to re-authenticate.

Request:

{
"event": "subscribe",
"channel": ["auth"],
"params": {
"key": "XXXXXXXX-XXXXXXXX-XXXXXXXX-XXXXXXXX",
"signTimestamp": XXXXXXXXXXXX,
"signature": "XXXXXXXXXXXXXXXXXX"
}
}

Response:

# Successful return results

{
"data": {
"success": true,
"ts": 1645597033915
},
"channel": "auth"
}

# Failure to return results

{
"data": {
"success": false,
"message": "Authentication failed!",
"ts": 1646276295075
},
"channel": "auth"
}


Subscription Examples

Sample Requests and Stream

Request → Receipt Confirmation → Stream (continuous feed)