> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kraken.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate WebSocket connections to the Kraken Prime API using HMAC-SHA256 signed headers.

<Note>Authenticated connection. Connect to: `wss://wss.prime.kraken.com/ws/v1`</Note>

WebSocket connections must be authenticated by signing the request and sending the signature in HTTP headers.

## Connection Headers

<Tabs>
  <Tab title="Header Schema">
    | Header           | Type   | Description                                                      |
    | ---------------- | ------ | ---------------------------------------------------------------- |
    | **ApiKey**       | string | Your Kraken API key                                              |
    | **ApiSign**      | string | base64-encoded signature                                         |
    | **ApiTimestamp** | string | An ISO-8601 UTC string of the form `2019-02-13T05:17:32.000000Z` |
  </Tab>

  <Tab title="Signature Generation">
    The signature is a base64 encoded sha256 HMAC using the API secret of the following:

    ```
    GET\n<ApiTimestamp>\n<host>\n<path>
    ```

    For example:

    ```
    GET\n2019-02-13T05:17:32.000000Z\nwss.sandbox.prime.kraken.com\n/ws/v1
    ```
  </Tab>

  <Tab title="Python Example">
    ```python theme={null}
    # to install websocket lib:
    # $ pip install websocket-client
    from websocket import create_connection
    import datetime
    import hmac
    import hashlib
    import base64

    api_key = "<apikey>"
    api_secret = "<apisecret>"

    utc_now = datetime.datetime.utcnow()
    utc_datetime = utc_now.strftime("%Y-%m-%dT%H:%M:%S.000000Z")

    host = "<websocket host>"  # wss.sandbox.prime.kraken.com, for example
    path = "/ws/v1"

    params = "\n".join([
        "GET",
        utc_datetime,
        host,
        path,
    ])

    hash = hmac.new(
        api_secret.encode('ascii'), params.encode('ascii'), hashlib.sha256)
    hash.hexdigest()

    signature = base64.urlsafe_b64encode(hash.digest()).decode()

    header = {
        "ApiKey": api_key,
        "ApiSign": signature,
        "ApiTimestamp": utc_datetime,
    }

    ws = create_connection("wss://" + host + path, header=header)

    while True:
        print(ws.recv())
    ```
  </Tab>
</Tabs>

## Environments

| Environment    | WebSocket Endpoint                         |
| -------------- | ------------------------------------------ |
| **Sandbox**    | `wss://wss.sandbox.prime.kraken.com/ws/v1` |
| **Production** | `wss://wss.prime.kraken.com/ws/v1`         |

## API Keys

If you do not have an API key and a signature assigned, you will need to obtain them first. You can do so by contacting Kraken support staff at: [prime\_trading@kraken.com](mailto:prime_trading@kraken.com).

You will need separate API Keys for connecting to the sandbox and production environments.

## Rate Limits

There is no limit to how many concurrent websocket connections you're allowed, though this may change in the future. If you expect to have more than \~10 active connections, please contact [prime\_trading@kraken.com](mailto:prime_trading@kraken.com).
