> ## Documentation Index
> Fetch the complete documentation index at: https://docs.parlayx.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate the streaming client with a stream key

The streaming client authenticates with a **stream key** — a credential separate
from the REST [API key](/sdk/authentication). A stream key grants access to the
orderbook WebSocket only; it is issued and revoked independently and is not
interchangeable with the `x-api-key` used for REST calls.

Stream keys are currently issued by ParlayX during a closed release — if you
don't have one, [reach out](https://parlayx.com/contact). Once issued, you can
view and reveal it in the [console](https://console.parlayx.com/).

Pass it as `streamKey` and `createStreamClient` wires up the handshake for you:

```ts theme={null}
import { createStreamClient } from "@parlayx/sdk/stream";

const stream = createStreamClient({ streamKey: process.env.PARLAYX_STREAM_KEY! });
```

The key is presented **during the WebSocket handshake**, not as a header —
browsers can't set headers on a WebSocket upgrade, so it rides as a subprotocol.
The client never lets the server reflect it back in the handshake response, but
the raw key does travel in the handshake request, so treat it like any secret:
load it from an environment variable or secret manager, and never commit it. For
the wire-level handshake, see the WebSocket API's
[Authentication](/streaming/authentication).
