Authentication

Generate an API Key

API keys for our WebSocket API have special requirements:

Navigate to API Settings
Click "Create API key"
Scope: Select the account you want to trade with
Settings:
- ✅ Enable "Uses a time-based nonce"
- ✅ Enable "Trading"
Save your API key and secret securely

Only account-scoped keys with time-based nonces are accepted.

Create an Authenticated Connection

Pass the following headers when establishing the websocket connection,

Header	Value
`X-GEMINI-APIKEY`	Your Gemini API key (session key)
`X-GEMINI-NONCE`	Current epoch timestamp in seconds
`X-GEMINI-SIGNATURE`	`hex(HMAC_SHA384(base64(nonce), key=api_secret))`
`X-GEMINI-PAYLOAD`	`base64(nonce)`

Authentication is required for trading operations and order event subscriptions. Market data streams are available without authentication.

Authentication headers must be provided during the initial WebSocket handshake—you cannot authenticate after the connection is established.

Signature Generation Step-by-Step

Code
 
# Create a nonce from the current epoch time in seconds
nonce = current_timestamp_in_seconds

# Our payload will be the base64 encoded nonce for simplicity
payload = base64_encode(nonce.toString)

# Generate a signature using the hmac_sha384 algorithm
signature = hmac_sha384(payload, api_secret)

# Convert the signature to hex so it can be passed in the headers
hexSignature = hex(signature)

Last modified on April 17, 2026