How to find the parameters for sending an authenticated subscribe request?


Effective July 1, 2023, the following WebSocket feeds on Coinbase Exchange will require authentication:

Full Channel
Level2 Channel
Level3 Channel

Currently, we use the following subscribe request to consume the market data feed without sending any order or making any trade.

    "type": "subscribe",
    "channels": ["level2"],
    "product_ids": [

Based on your website, I need to send an authenticated subscribe request, similar as following:

// authenticated  Request
    "type": "subscribe",
    "product_ids": [
    "channels": [
    "signature": "...",
    "key": "...",
    "passphrase": "...",
    "timestamp": "..."

I have problems to follow your online instruction to find the following parameters:

    "signature": "...",
    "key": "...",
    "passphrase": "...",
    "timestamp": "..."

Question> May you please list the detailed instructions for how I can obtain those parameters?

Thank you

The instructions for those parameters are the same as in the REST API authentication docs.

From the bottom of the websocket auth doc

To authenticate, send a subscribe message as usual, and pass in fields to GET /users/self/verify , just as if you were signing a request. To get the necessary parameters, go through the same process as you would to make authenticated calls to the API.

Hello sharbel,

I have read those online documentation before I submitted this question.
First of all, I do not use a REST API authentication and this procedure is completely new to me.

For me, I just need to subscribe the level2 market data feed to receive the published messages from coinbase without sending any orders or trades. I have been doing this for very long time but now your website requests to send an authenticated websocket request. This is the reason why I am here.

API Keys

To sign a request, you must create an API key via the Coinbase Exchange website.

Question 1> Do I need to apply for a coinbase account in order to generate those keys and parameters?

Question 2> For company account, do I have to go through the validation procedure and pay a fee in order to consume the real-time level2 messsages?

Question 3> For a personal account, do I have to upload my driver license and pay a fee in order to consume the real-time level2 messsages?

Thank you

You can subscribe to for traditional feed without authentication. I just did it on my machine and I received level2 feed.

If you use the other endpoint which requires access to Exchange servers, you will need an Exchange account which is for institutional clients.

If you do have an Exchange account then you should be able to generate an API key from there.

I do use

Thank you for your helps!

@q0987 just wanted to share a few more things that might be helpful!

Docs have been updated on Jul 12th stating that the authentication enforcement will occur August 1st (instead of July 1st). Here is the upcoming change with that update:

As of August 1st, you will be required to have generated an API key in order to properly sign the request to submit a authorized subscription request for the following channels (Full Channel, Level2 Channel, Level3 Channel).

In order to generate an API key, you need to have a fully KYC’d Coinbase Exchange account. As @sharbel pointed out, you can find the details here, noting the section near the bottom for explicit examples / instruction.

If you do not need any of the full / level2 / or level3 channels, and can instead consume the Level2 Batch which has the same data but is batched every 50ms, or can consume the Matches instead of the full channel for trade by trade data, both of which do not require authenticate (now or after August 1st).

Another thing to note: if you were to use, that will require you to authenticate regardless of what channels you plan to subscribe. This connection offers a lower latency experience for customers who need that.

1 Like

tbh this still doesnt make sense

I’ve been using the rest api for a while with no problems, but I have literally no idea what some of the documentation for the websocket even means

you say to pass “GET /users/self/verify”
how? where does this go?

why do the examples in websocket authentication not encrypt your key or passphrase?
why do the examples in REST api authentication declare a variable for the passphrase, and then do nothing with it? The documentation here for REST is very different from when I first used it to build stuff that still works.
whats the address im using in the sig?

like a true coder I have banged my head against my own confusion until success

they said
“and pass in fields to GET /users/self/verify
I have still no idea what they think they mean by that, but what worked was signing the message with

  message = timestamp + "GET" + '/users/self/verify'

literally as an address

On that note, is there any way to reduce the rate of recieving messages from the websocket, preferably as an update to an existing connection?

Id also like to know if there’s an official coinbase opinion on whether the ‘matches’ channel or the layer 2 batch channel would be better at reducing traffic on average across all product ids.