Create WebSocket token

curl --request POST \
  --url https://api.skinshark.gg/auth/ws-token \
  --header 'api-key: <api-key>'

{
  "requestId": "<string>",
  "success": true,
  "data": {
    "token": "<string>",
    "expiresIn": "1h"
  },
  "error": {
    "code": 1500,
    "key": "INSUFFICIENT_BALANCE",
    "message": "Insufficient balance"
  }
}

WebSocket

Create WebSocket token

Auth context: sub-user — On-Behalf-Of required.

Returns a 1-hour JWT scoped to [deposit, trade, market]. Pass it as the ?token= query string when opening wss://api.skinshark.gg/ws (deposit + trade events) or wss://api.skinshark.gg/market/live (the market scope — live-market feed).

Tokens are bound to the sub-user resolved from On-Behalf-Of — the WebSocket only receives events for that user. To watch multiple sub-users, mint a token per sub-user and open one socket each.

POST

auth

ws-token

Create WebSocket token

curl --request POST \
  --url https://api.skinshark.gg/auth/ws-token \
  --header 'api-key: <api-key>'

{
  "requestId": "<string>",
  "success": true,
  "data": {
    "token": "<string>",
    "expiresIn": "1h"
  },
  "error": {
    "code": 1500,
    "key": "INSUFFICIENT_BALANCE",
    "message": "Insufficient balance"
  }
}

Authorizations

api-key

string

header

required

Your raw API key. Generate, rotate, and revoke keys from the merchant dashboard. Keys can optionally be bound to one or more allowed source IPs — requests from any other IP are rejected with API_KEY_IP_DENIED.

Headers

On-Behalf-Of

string

Sub-user UUID or the merchant's externalId for that sub-user. Required for sub-user-context routes; rejected (via requireMerchant) on merchant-context routes.

Required string length: 1 - 128

Response

OK.

requestId

string

required

success

boolean

required

data

object

Present when success: true. Shape varies per endpoint.

Show child attributes

error

object

Show child attributes

Cancel transaction item Open WebSocket connection