Private WebSocket channels (Account Streams) require authorization before subscribing. Use a two-step flow: obtain a short-lived token via the REST API, then send an authorize request on the WebSocket connection.
Authorization is required once per connection. After a successful authorize response, the connection can subscribe to any private channel without re-authorizing.
Step 1: Get a WebSocket token
Call POST /api/v4/profile/websocket_token to obtain a token. Sign the request using the standard HMAC-SHA512 authentication process — authentication is required for this endpoint.
Rate limit: 10 requests per 60 seconds.
{
"request": "/api/v4/profile/websocket_token",
"nonce": "1594297865000"
}
{
"websocket_token": "your_current_token"
}
websocket_token value is used as the credential in the next step. Tokens are short-lived — request a fresh token before each new WebSocket connection.
See Get WebSocket Token for the full endpoint reference.
Step 2: Authorize the connection
After establishing the WebSocket connection, send an authorize request before subscribing to any private channel.
Request:
{
"id": 0,
"method": "authorize",
"params": [
"your_websocket_token",
"public"
]
}
| Parameter | Type | Description |
|---|
params[0] | STRING | The WebSocket token from Step 1 |
params[1] | STRING | Constant value — always "public" |
{
"id": 0,
"result": {
"status": "success"
},
"error": null
}
"status": "success", subscribe to any Account Stream channel without further authorization.
Error handling
If authorization fails, the error field contains a non-null object:
{
"id": 0,
"result": null,
"error": {
"code": 1,
"message": "invalid argument"
}
}
| Cause | Resolution |
|---|
| Expired or invalid token | Request a new token from POST /api/v4/profile/websocket_token |
Incorrect params[1] value | Always pass the string "public" as the second parameter |
| Connection not established | Ensure the WebSocket handshake completes before sending authorize |
