Authentication

The WebSocket must be authenticated in the same way as the Web API, by signing the messages with an HMAC (hash-based message authentication code), sign function is used to authenticate messages sent over a WebSocket. It uses the crypto.createHmac method to create an HMAC of the concatenated string using the decoded API secret as the key, and finally it base64-encodes the HMAC to create the signed payload. The same authentication mechanism used for the Web API applies to the WebSocket: all sent messages must be properly signed to ensure authenticity of the request.

const crypto = require('crypto');

const sign = (body, secret) => {
  let ts = String(Math.round(Date.now() / 1000));
  let payload = ts + 'POST' + '/' + JSON.stringify(body);
  let decodedSecret = Buffer.from(secret, 'base64');
  let hmac = crypto.createHmac('sha256', decodedSecret);
  let signedPayload = hmac.update(payload).digest('base64');
};