Authentication

There are two methods of authenticating on a Websocket connection.

  • Authenticate Per-Connection
  • Authenticate Per-Message

Authenticate Per-Connection


In order to send authenticated requests over the websocket connection, you will have to send an auth message.

{
  "op": "auth",
  "data": {
    "key": [Insert API key],
    "secret": [Insert API secret]
  }
}
// Code Example

import os
import json
import asyncio
import websockets


async def main():
    connection = await websockets.connect("wss://ws-testnet.aevo.xyz")

    auth_msg = json.dumps({
        "op": "auth",
        "data": {
            "key": os.environ["API_KEY"],
            "secret": os.environ["API_SECRET"],
        }
    })
    await connection.send(auth_msg)
    await connection.recv()  # receive the outcome of authentication here

    msg = json.dumps({"op": "status"})

    await connection.send(msg)

    print(await connection.recv())


asyncio.run(main())

Authenticate Per-Message


πŸ‘

Keep your API secret safe!

Using signature is a safer method of authenticating since your API secret is not passed along in the requests. This prevents potential API secret leakage during transport.

To authenticate with this method, the following fields should be sent with the request:

{
	...
  "auth": {
  	"timestamp": [Insert UNIX timestamp in nanoseconds],
    "signature": [Insert HMAC SHA256 signature],
    "key": [Insert API key]
  }
  ...
}
  • signature is generated by performing HMAC_SHA256(apiSecret, message).
  • message is a concatenation of apiKey,timestamp,ws,op,data with comma separation.
  • timestamp is UNIX timestamp in nanoseconds.
  • ws is a string constant with the value "ws". Must be lowercase.
  • apiKey, timestamp ,ws, op, data are all required. If the request does not have any data, use a blank space for the value of data.

Example:

  • apiKey: API_KEY
  • timestamp: 1673425955575713842
  • `op: "status"
  • ws: "ws"
  • data: ""
signature = HMAC_SHA256("API_KEY,1673425955575713842,ws,status,")

πŸ“˜

Note!

There is a trailing comma in the message, since the data of "status" op request is empty.

# Code Example

import os
import time
import json
import hmac
import hashlib
import asyncio
import websockets

API_KEY = os.environ['API_KEY']
API_SECRET = os.environ['API_SECRET']


def get_auth_payload(op, data):
    timestamp = str(time.time_ns())

    # If the body is empty, it would look like:
    # concat = 'API_KEY,1673425955575713842,ws,status,'
    concat = f"{API_KEY},{timestamp},ws,{op},{data}".encode("utf-8")
    
    signature = hmac.new(API_SECRET.encode("utf-8"), concat,
                         hashlib.sha256).hexdigest()

    auth_payload = {
        "timestamp": timestamp,
        "signature": signature,
        "key": API_KEY,
    }

    return auth_payload


async def main():
    connection = await websockets.connect("wss://ws-testnet.aevo.xyz")

    msg = json.dumps({"op": "status", "auth": get_auth_payload("status", "")})

    await connection.send(msg)

    print(await connection.recv())


asyncio.run(main())