Chat API Reference
6 endpoints for P2P chat: messages, WebSocket credentials, image uploads, and read receipts. Two endpoints use API-key-only auth (no HMAC required).
WebSocket Credential Flow
Real-time chat events are delivered over WebSocket. Use this three-step flow to establish a connection:
1
GET retrieveChatCredential (EP-33)
Returns wssUrl, listenKey, and listenToken. Requires HMAC.
2
Connect to WebSocket at wssUrl
Open a standard WebSocket connection to the URL returned in step 1.
3
Authenticate with listenKey
Send the listenKey as an authentication frame after connecting. The connection will stream real-time order chat events.
# Python example
cred = await retrieve_chat_credential()
ws_url = cred["data"]["wssUrl"]
listen_key = cred["data"]["listenKey"]
async with websockets.connect(ws_url) as ws:
await ws.send(json.dumps({"listenKey": listen_key}))
async for message in ws:
event = json.loads(message)EP-31 and EP-32: API Key Only (No HMAC)
The two markMessagesAsRead endpoints are unusual: they only require the X-MBX-APIKEY header and clientType: web. No timestamp, no signature.
CORRECT — EP-31
POST /markOrderMessagesAsRead X-MBX-APIKEY: <key> clientType: web # No timestamp, no signature
WRONG — causes auth error
POST /markOrderMessagesAsRead X-MBX-APIKEY: <key> timestamp=...&signature=... # HMAC not needed here