Our WebSocket APIs private feeds (such as the openOrders feed addOrder feed) require an authentication token from the REST API GetWebSocketsToken endpoint.

The following is example Python 3 code for calling the REST API GetWebSocketsToken endpoint, parsing the JSON response, and outputting the new WebSocket authentication token:

#!/usr/bin/env python3

# Import required Python libraries
import time
import base64
import hashlib
import hmac
import urllib.request
import json

# Copy/paste API public key and API private key as displayed in account management
api_key = 'COPY/PASTE API PUBLIC KEY HERE'
api_secret = 'COPY/PASTE API PRIVATE KEY HERE'

# Variables (API method, nonce, and POST data)
api_path = '/0/private/GetWebSocketsToken'
api_nonce = str(int(time.time()*1000))
api_post = 'nonce=' + api_nonce

# Cryptographic hash algorithms
api_sha256 = hashlib.sha256(api_nonce.encode('utf-8') + api_post.encode('utf-8'))
api_hmac = hmac.new(base64.b64decode(api_secret), api_path.encode('utf-8') + api_sha256.digest(), hashlib.sha512)

# Encode signature into base64 format used in API-Sign value
api_signature = base64.b64encode(api_hmac.digest())

# HTTP request (POST)
api_request = urllib.request.Request('https://api.kraken.com/0/private/GetWebSocketsToken', api_post.encode('utf-8'))
api_request.add_header('API-Key', api_key)
api_request.add_header('API-Sign', api_signature)
api_response = urllib.request.urlopen(api_request).read().decode()

# Output API response
print(json.loads(api_response)['result']['token'])

The API public/private key variables (api_key and api_secret) should be replaced with a new API key from your Kraken account, after which the code can be used to retrieve a WebSocket authentication token for the same account. Note that the API key must have the Other -> Access WebSockets API permission enabled.