For information on changes for our US clients, please visit our Support Center article.

Debido al aumento de la demanda, la verificación de la cuenta puede retrasarse. Evite enviar varias solicitudes y, para obtener mejores resultados, revise previamente nuestros requisitos de documentación.
Sign challenge (WebSocket API)
The subscribe and unsubscribe requests to WebSocket private feeds require a signed challengemessage with the user api_secret.
The challenge is obtained as is shown in Section WebSocket API Public (using the api_key).
Authenticated requests must include both the original challenge message (original_challenge) and the signed (signed_challenge) in JSON format.


The challenge is a UUID string.
Example      c100b894-1729-464d-ace1-52dbce11db42 
The steps to sign the challenge are the same as the steps to generate an authenticated REST requestexcept for step 1 which now is just the challenge string:
  1. 1
    Hash the challenge with the SHA-256 algorithm
  2. 2
    Base64-decode your api_secret
  3. 3
    Use the result of step 2 to hash the result of step 1 with the HMAC-SHA-512 algorithm
  4. 4
    Base64-encode the result of step 3
The result of the step 4 is the signed challenge which will be included in the subscribe request.
The table below shows the expected output from example inputs:
api_secret   7zxMEF5p/Z8l2p2U7Ghv6x14Af+Fx+92tPgUdVQ748FOIrEoT9bgT+bTRfXc5pz8na+hL/QdrCVG7bh9KpT0eMTm
signed output4JEpF3ix66GA2B+ooK128Ift4XQVtc137N9yeg4Kqsn9PI0Kpzbysl9M1IeCEdjg0zl00wkVqcsnG4bmnlMb3A==