Skip to main content
For complete authentication details, including signature generation, please refer to the Authorization section.

Key Points for WebSocket API:

  • Use the same API Token and Secret from your REST API credentials
  • Include apiToken, timestamp, and signature in the params object of each request
  • The signature is generated using: Timestamp + JSON Body (business parameters only)

Signature Generation for WebSocket API

Unlike the REST API, the WebSocket signature is simpler because there’s no HTTP method or path: Message to sign: Timestamp + JSON Body Where:
  • Timestamp: The same timestamp sent in the params.timestamp field (in milliseconds)
  • JSON Body: ONLY the business parameters (pair, side, type, amount, price, etc.). DO NOT include apiToken, timestamp, or signature in the body to sign.
Important: Do NOT include + signs - just concatenate the values directly.

Signature Example

Request to send: 
{
  "id": "req-001",
  "method": "order.create",
  "params": {
    "pair": "BTC_BRL",
    "side": "buy",
    "type": "limit",
    "amount": 0.001,
    "price": 100000,
    "apiToken": "your-api-token",
    "timestamp": 1634567890000,
    "signature": "calculated-signature"
  }
}
Body to sign (only business params): 
{
  "pair": "BTC_BRL",
  "side": "buy",
  "type": "limit",
  "amount": 0.001,
  "price": 100000
}
Message to sign: 
1634567890000{"pair":"BTC_BRL","side":"buy","type":"limit","amount":0.001,"price":100000}
Then generate HMAC SHA256 signature: 
const crypto = require('crypto');
const message = timestamp.toString() + JSON.stringify(bodyParams);
const signature = crypto.createHmac('sha256', secretKey).update(message).digest('base64');

Examples

You can find functional authentication examples for this WebSocket API, written in multiple programming languages, in our GitHub repository: https://github.com/ripio/api/tree/main/websocket-api.