Authentication

For private websockets, the connection request to the WebSocket uses JWT_COOKIE-based authentication.

To generate a JWT token, see Generate A JWT Token.

Each WebSocket exposes a set of topics that can be subscribed to.

Rejections / Failures

JWT Generation

Missing headers (400)

{
  "message": "Request body failed to pass validation checks: hmacLogin.signature: must not be empty",
  "errorCode": 8175,
  "errorCodeName": "REQUEST_VALIDATION_ERROR"
}

Invalid public-key (400):

{
  "message": "Invalid request",
  "errorCode": 8010,
  "errorCodeName": "INVALID_REQUEST"
}

Invalid private-key (400):

{
  "message": "Invalid signature",
  "errorCode": 8008,
  "errorCodeName": "INVALID_SIGNATURE"
}

WebSocket Handshake

Missing Token:

The TCP connection will be disconnected.

Invalid / Expired Token (401):

The following HTTP header will be sent:

set-cookie: JWT_COOKIE=SESSION_TERMINATED; Path=/; Max-Age=0; Secure; SameSite=Strict

WebSocket Subscription

Invalid Trading Account

Please note that the same response is sent whether or not this trading account exists.

{
  "jsonrpc": "2.0",
  "id": "1611082473000",
  "error": {
    "code": "-32602",
    "errorCode": "29013",
    "errorCodeName": "'1234' is not a valid tradingAccountId"
  }
}

Rejections / Failures​

JWT Generation​

Missing headers (400)​

Invalid public-key (400):​

Invalid private-key (400):​

WebSocket Handshake​

Missing Token:​

Invalid / Expired Token (401):​

WebSocket Subscription​

Invalid Trading Account​