For information on changes for our US clients, please visit our Support Center article.

En raison d’une demande accrue, la vérification de compte peut être retardée. Veuillez éviter d’envoyer plusieurs demandes, et pour obtenir de meilleurs résultats, vérifiez au préalable nos pré-requis concernant les documents.
Rechercher
Sign challenge (WebSocket API)
The subscribe and unsubscribe requests to WebSocket private feeds require a signed challenge
message with the user api_secret.
The challenge is obtained as is shown in Section WebSocket API Public (using the api_key).
Authenticated requests must include both the original challenge message (original_challenge) and the signed (signed_challenge) in JSON format.


Challenge

The challenge is a UUID string.
Example c100b894-1729-464d-ace1-52dbce11db42 

The steps to sign the challenge are the same as the steps to generate an authenticated REST request
except for step 1 which now is just the challenge string:
  1. 1
    Hash the challenge with the SHA-256 algorithm
  2. 2
    Base64-decode your api_secret
  3. 3
    Use the result of step 2 to hash the result of step 1 with the HMAC-SHA-512 algorithm
  4. 4
    Base64-encode the result of step 3
The result of the step 4 is the signed challenge which will be included in the subscribe request.
The table below shows the expected output from example inputs:
challenge
c100b894-1729-464d-ace1-52dbce11db42
api_secret
 7zxMEF5p/Z8l2p2U7Ghv6x14Af+Fx+92tPgUdVQ748FOIrEoT9bgT+bTRfXc5pz8na+hL/QdrCVG7bh9KpT0eMTm
signed output
4JEpF3ix66GA2B+ooK128Ift4XQVtc137N9yeg4Kqsn9PI0Kpzbysl9M1IeCEdjg0zl00wkVqcsnG4bm
nlMb3A==