Authentication
Every connection requires an API key in the X-API-Key header.
Key format
dsk_<64 hex characters>
- Prefix:
dsk_ - Body: 64 hex characters (32 random bytes)
Passing the key
Set X-API-Key on the WebSocket upgrade request:
X-API-Key: dsk_your_key_here
Query-parameter authentication (?api_key=…) is not supported and the handshake returns 401. This keeps keys out of URLs, browser history, and proxy logs.
Key properties
Set by the administrator at creation:
| Property | Description |
|---|---|
| Tier | free, basic, premium, or enterprise — see Tier behavior |
| Allowed CEX | Exchanges this key may subscribe to (* = all) |
| Max distinct IPs | Concurrent IPs allowed for this key |
| Expiration | Optional — key is rejected after this date |
Per-IP and absolute connection caps are fixed (5 / 20). See Rate Limits.
Lifecycle
| State | Trigger | Effect |
|---|---|---|
| Active | Created | Connections accepted |
| Expired | Expiration date reached | Handshake refused; active sessions closed with 1000 key_expired |
| Revoked | Administrator revokes | Handshake refused; active sessions closed with 1000 key_invalidated |
Security
- All connections use TLS (WSS).
- Treat the key like a password. Lost or leaked? Contact the administrator to rotate it.