Skip to main content
The streaming client authenticates with a stream key — a credential separate from the REST API key. A stream key grants access to the orderbook WebSocket only; it is issued and revoked independently and is not interchangeable with the x-api-key used for REST calls. Stream keys are currently issued by ParlayX during a closed release — if you don’t have one, reach out. Once issued, you can view and reveal it in the console. Pass it as streamKey and createStreamClient wires up the handshake for you:
The key is presented during the WebSocket handshake, not as a header — browsers can’t set headers on a WebSocket upgrade, so it rides as a subprotocol. The client never lets the server reflect it back in the handshake response, but the raw key does travel in the handshake request, so treat it like any secret: load it from an environment variable or secret manager, and never commit it. For the wire-level handshake, see the WebSocket API’s Authentication.