Authentication for WebSocket
After connecting to the WebSocket, the requester needs to send an authentication message.
Without a successful authentication the subsequent messages will be denied.
Payload of the message should be:
| Field Name | Type | Req'd | Comments |
|---|---|---|---|
| SendingTime | Number | ✓ | Time of sending this message |
| Password | String | ✓ | SHA384 HMAC of the following string, using your API secret: AUTH- |
| ResetSeqNumFlag | String | Only: Y | |
| DefaultApplVerID | String | FIX50SP2 | |
| Username | String | ✓ | API key given. |
Example:Using the following secret:
1{
2 "Header": {
3 "MsgType": "A",
4 "MsgSeqNum": 1,
5 "SenderCompID": "Tester tool",
6 "TargetCompID": "XCDE",
7 "SendingTime": "2022-10-19T12:39:40.676Z"
8 },
9 "EncryptMethod": 0,
10 "HeartBtInt": 30,
11 "ResetSeqNumFlag": "Y".,
12 "Username": "Cs2aZKqTRWfy8B4b2e51ORWJBbeMHd//Zh9J2/UKI3o=",
13 "Password": "bc014742ecec5bdb3172ccfe5a99f2f45d9c1d2cf0ef81ebe28c8cd64eb3c0744f1da5f6c87a1d3fd02928406397d7fa",
14 "DefaultApplVerID": "FIX50SP2"
15}“fb4eed9de82fe551fc283639584f807ac10317304b696b617ca73e4c22a7cb799112bda6049d0b0c5be300b48bd74bb07acbbeb4f64e8b8995e28ab450e6f65d“
Response:
| Field Name | Type | Req'd | Comments |
|---|---|---|---|
| MsgType | String | ✓ | Always “A” |
| HeartBtInt | Number | ✓ | Equals with the Heartbeat sent in request |
Example:
1{
2 "Header": {
3 "MsgType": "A",
4 "MsgSeqNum": "1",
5 "SendingTime": "20221019-12:39:41.036",
6 "SenderCompID": "XCDE",
7 "TargetCompID": "Tester-tool"
8 },
9 "HeartBtInt": 30,
10 "EncryptMethod": 0
11}JavaScript example of the authentication:
1// Standard JavaScript cryptography library
2 const crypto = require('crypto-js');
3
4 // Websocket library for Node
5 const WebSocket = require('ws')
6
7 // Users API credentials are defined here
8 const apiKey = '';
9 const apiSecret = '';
10
11 const timestamp = Date.now();
12
13 // Compile the authentication payload, this is simply the string 'AUTH' prepended to the timestamp value
14 const authPayload = 'AUTH-' + timestamp;
15
16 // The authentication payload is hashed using the private key, the resulting hash is output as a hexadecimal string
17 const signature = crypto.HmacSHA384(authPayload, apiSecret).toString(crypto.enc.Hex);
18
19 const authenticationMessage = {
20 "Header": {
21 "MsgType": "A",
22 "MsgSeqNum": 1,
23 "SenderCompID": "Tester tool",
24 "TargetCompID": "XCDE",
25 "SendingTime": timestamp
26 },
27 "EncryptMethod": 0,
28 "HeartBtInt": 30,
29 "Username": apiKey,
30 "Password": signature,
31 "DefaultApplVerID": "FIX50SP2"
32 };
33
34
35 // Create new Websocket
36 const wss = new WebSocket('wss://<URL given>');
37
38 wss.on('open', () => wss.send(JSON.stringify(authenticationMessage)));
39
40 // The 'message' event is called whenever the ws recieves ANY message
41 wss.on('message', (msg) => {
42 const response = JSON.parse(msg)
43 });