Authentication
The WebSocket must be authenticated in the same way as the Web API, by signing the messages with an HMAC (hash-based message authentication code), sign
function is used to authenticate messages sent over a WebSocket. It uses the crypto.createHmac
method to create an HMAC of the concatenated string using the decoded API secret as the key, and finally it base64-encodes the HMAC to create the signed payload. The same authentication mechanism used for the Web API applies to the WebSocket: all sent messages must be properly signed to ensure authenticity of the request.
const crypto = require('crypto');
const sign = (body, secret) => {
let ts = String(Math.round(Date.now() / 1000));
let payload = ts + 'POST' + '/' + JSON.stringify(body);
let decodedSecret = Buffer.from(secret, 'base64');
let hmac = crypto.createHmac('sha256', decodedSecret);
let signedPayload = hmac.update(payload).digest('base64');
};
Last updated