NDAX
  • Introduction
    • About NDAX
    • Purpose
  • General Information
  • FIX
    • FIX Straight Through Processing
    • Supported Message Type
    • Resources
    • Sequence Diagram
    • Header & Trailer
    • Administrative Message
      • Logon (35=A)
      • Heartbeat (35=0)
      • TestRequest (35=1)
      • ResendRequest (35=2)
      • Reject (35=3)
      • SequenceReset (35=4)
      • Logout (35=5)
    • Application Message
      • TradeCaptureReport (35=AE)
      • TradeCaptureReportAck (35=AR)
    • Message Component
      • RootParties
      • TrdCapRptSideGrp
      • Parties
  • Web API
    • Endpoints
    • Time
  • Private Endpoints
    • Authentication
    • Index
    • Trades
      • GET Trade
      • POST Trade
      • Batch Trades
    • Positions
      • GET Position
      • GET Platform Position
    • Accounts
      • GET Status
      • Delivery
      • Account
      • History
      • Movement
    • Deposits
      • GET
      • GET: Digital Asset Address
      • POST: Digital Asset Address
      • GET: Fiat Deposit
      • GET: Withdrawal
        • GET: Withdrawal by ID
        • GET: Digital Asset
        • Digital Asset by ID
        • Fiat
        • Fiat by ID
      • Gas Fees
      • POST: Withdrawal
      • Delete: Withdrawal
    • Transfers
      • POST: Transfer
      • GET: Transfer by ID
    • Participants
      • GET
      • GET by Email
      • POST New
      • Region
      • Patch
      • Relation
      • Documents
    • Liquidity
      • GET
      • POST
    • Convert
    • Withdraw
    • Payments
      • POST
      • GET
      • GET Status
    • Rewards & Loyalty
    • Awards
  • Private Socket Feed
    • Overiew
    • Authentication
    • Basic Setup
    • Balances
    • Prices
    • Subscription
  • Security
    • Don't
    • Bounty
  • Contact
Powered by GitBook
On this page
  1. Private Socket Feed

Authentication

The WebSocket must be authenticated in the same way as the Web API, by signing the messages with an HMAC (hash-based message authentication code), sign function is used to authenticate messages sent over a WebSocket. It uses the crypto.createHmac method to create an HMAC of the concatenated string using the decoded API secret as the key, and finally it base64-encodes the HMAC to create the signed payload. The same authentication mechanism used for the Web API applies to the WebSocket: all sent messages must be properly signed to ensure authenticity of the request.

const crypto = require('crypto');

const sign = (body, secret) => {
  let ts = String(Math.round(Date.now() / 1000));
  let payload = ts + 'POST' + '/' + JSON.stringify(body);
  let decodedSecret = Buffer.from(secret, 'base64');
  let hmac = crypto.createHmac('sha256', decodedSecret);
  let signedPayload = hmac.update(payload).digest('base64');
};

PreviousOveriewNextBasic Setup

Last updated 2 years ago