Skip to main content
Connections to trade.qfex.com require authentication. You must authenticate within 1 minute of connecting or the server will close the connection. Authentication uses an HMAC-SHA256 signature or a valid JWT token.

How it works

  1. Connect to wss://trade.qfex.com?api_key=YOUR_PUBLIC_KEY.
  2. Generate a cryptographically secure random nonce (hex encoded, max 100 characters) and capture the current Unix timestamp.
  3. Build the string ${nonce}:${unix_ts} and compute an HMAC-SHA256 using your secret key. Hex-encode the result to get the signature.
  4. Send the auth payload with the hmac block shown below. The nonce must be unique within a 15 minute window.
  5. If you want the authenticated Trade WebSocket session to use a subaccount, include an optional account_id field alongside either hmac or jwt. When omitted, the connection uses the primary account.
Alternatively, authenticate with a JWT:

Sample Code

Example Response

After the client successfully authenticates, the server keeps the connection alive by periodically sending heartbeat messages in the form of WebSocket ping frames.