While the WebSocket market data feeds are publicly available, the WebSocket private feeds that access a Kraken account must be protected via secure authentication.
Our REST API already provides a secure authentication mechanism using API keys and cryptographic hash algorithms, hence our WebSocket authentication takes advantage of this to provide the same high level of security.
In order to subscribe to a WebSocket private feed, the API client must first request an authentication token via the REST API and then provide the same token when subscribing to the private feeds:
Step by step instructions
The WebSocket private feeds can be accessed using the following procedure:
1. Generate an API key via your Profile Name dropdown in the upper-right -> Security -> API page of account management and make sure to enable the Access WebSockets API permission:
2. Call the REST API GetWebSocketsToken endpoint to retrieve a new WebSocket authentication token, which will look similar to the following:
WOg6IVQ5RfogMzkhH25WOg6IVQ5RqhP+U3ZprQVnh7f
Authentication tokens have an initial validity of 15 minutes (900 seconds), but once a token is used to subscribe to a private feed, the token will remain valid as long as the subscription remains active.
Our Python 3 example shows how to retrieve a WebSocket authentication token from the REST API GetWebSocketsToken endpoint in just a few lines of code.
3. Connect to the WebSocket API via the private feed URL wss://ws-auth.kraken.com/ and subscribe to either the openOrders feed, the ownTrades feed or both feeds.
The WebSocket authentication token must be provided in the subscription message as the value of the token field:
- {"event":"subscribe", "subscription":{"name":"openOrders", "token":"WOg6IVQ5RfogMzkhH25WOg6IVQ5RqhP+U3ZprQVnh7f"}}
- {"event":"subscribe", "subscription":{"name":"ownTrades", "token":"WOg6IVQ5RfogMzkhH25WOg6IVQ5RqhP+U3ZprQVnh7f"}}
Known issues
- EService:Unavailable - If you receive a service unavailableerror when subscribing to a private feed, you should attempt the subscription again. The service unavailable error is only temporary, so a subsequent subscription attempt should be successful.