Authentication
All trading endpoints on the Synthetix API require authentication using EIP-712 signatures. This section provides comprehensive guidance on implementing secure authentication for both REST and WebSocket APIs.
Quick Start
- Overview - Understanding the authentication system
- EIP-712 Signing - Cryptographic signature implementation
- Nonce Management - Preventing replay attacks
- Examples - Ready-to-use code samples
- Troubleshooting - Debug common authentication issues
Authentication Flow
1. Generate Nonce
↓
2. Create Message
↓
3. Sign with EIP-712
↓
4. Send Request
↓
5. API Validates Signature
↓
6. Execute OperationKey Concepts
EIP-712 Signatures
- Type Safety: Structured data signing prevents errors
- Human Readable: Clear display of what you're signing
- Hardware Wallet Support: Compatible with Ledger, Trezor, etc.
- Phishing Protection: Domain separation prevents attack vectors
Nonce Management
- Replay Protection: Each request uses a unique, incrementing nonce
- Timestamp Based: Nonces are typically Unix timestamps in milliseconds
- Order Enforcement: Nonces must be strictly increasing per account
Subaccount Support
- Multiple Accounts: Trade across multiple subaccounts under one wallet
- Secure Access: Signature determines authorization for subaccount operations
Authentication Requirements
| Endpoint Type | Authentication Required |
|---|---|
| Info Endpoints | No - Public market data |
| Trade Endpoints | Yes - EIP-712 signature required |
| WebSocket Info | No - Public subscriptions |
| WebSocket Trade | Yes - Initial auth + per-action signatures |
Authentication Flow Details
REST API
Each request to the Trade endpoint requires its own EIP-712 signature containing:
- Request data (orders, cancellations, modifications)
- Subaccount ID
- Nonce (timestamp for replay protection)
- Optional expiration time
WebSocket API
Two-step authentication process:
- Initial Authentication: Sign WebSocket auth message with
subAccountId,timestamp, andaction: "websocket_auth" - Per-Action Signatures: Each trading action still requires individual EIP-712 signatures
Error Handling
Common authentication errors and solutions:
| Error | Cause | Solution |
|---|---|---|
Invalid signature | Wrong signing parameters | Verify domain, types, and message structure |
Nonce already used | Replay attack protection | Use a fresh, incrementing nonce |
Request expired | Clock drift or slow request | Increase expiration buffer |
Unauthorized subaccount access | Missing delegation permissions | Verify delegation for subaccount |
Next Steps
- New to EIP-712? Start with Overview
- Ready to implement? Jump to Examples
- Having issues? Check Troubleshooting
- Need WebSocket auth? See WebSocket Authentication
Related Resources
- API General Information - API basics and conventions
- Rate Limits - Request rate limiting
- Error Handling - Comprehensive error reference
- Notation - Data format conventions