How do you authenticate WebSocket if using OAuth

I have stuff working using API Key/Secret, but need things to work with OAuth. REST API works, but for WebSocket, your documentation does not indicate how the authentication/signing is supposed to work. What should be specified for api_key, signature? or something else?

The docs show an example of a REST request, but nothing for WebSocket

Please advise

Hi @jmedved! Thank you for posting here in the developer forum!

We understand that you want to subscribe to the Websocket using OAuth2 authentication. Unfortunately, this is not currently supported. Only API key authentication is allowed to subscribe to the websocket channel as you will need an API secret to generate a signature and an API key to subscribe to the websocket. Rest assured that we will log this as a feature request with our internal teams so we can continue improving our user experience. Most new features and improvements to our products come directly from feedback like yours, so it’s very valuable to us. While we can’t offer any specific timeline for adding features, we are constantly working to build products our customers will love.

If you want to stay up to date on the latest from Coinbase Cloud, you can also bookmark the following webpage and subscribe to email updates at the bottom of the page:

We appreciate your patience and understanding.

You want commercial products to use OAUTH. Please understand that this type of omission makes that impossible for both market data and trading, thus making the OAUTH login option completely worthless!

This should be a very high priority item, especially since your API Key generation is now very overwhelming for regular end-users with all the scopes

BTW, just as a suggestion - use the Client KEY/SECRET to generate the signature and just require the AccessToken to be included in the signature and JSON parameters if OAUTH is used.

Hello @jmedved! We highly appreciate your enthusiasm and continuous support to Advanced Trade APIs. Please note that we have taken your concern about subscribing to Websocket using OAuth2 authentication and rest assured that we logged this as a feature request with our internal teams.

Moreover, we highly appreciate the initiative and effort that you take in providing suggestion such as using the Client KEY/SECRET to generate the signature and require the AccessToken to be included in the signature and JSON parameters. And so, we will tag this as feedback in relation to the feature request we have logged. We hope to see more of you as we continue to build an informative yet friendly community in our Developer Forum.

Thank you and have a great day!

1 Like

Is this still not supported?

I am creating a trading application for customers. I need to be notified when orders are filled. I have been building the application using oauth as directed in your documentation. Two months later I realize you cannot use Oauth for websocket feeds. Should I request an api key/secret from the user or continually poll the rest endpoint?

It would be nice if you all would put “oauth is not supported for websocket feeds” under the getting started with ouath documentation. This way I would have saved a lot of time going down the wrong path.

Thank you