Open WebSocket connection

curl --request GET \
  --url https://api.skinshark.gg/ws \
  --header 'api-key: <api-key>'

{
  "event": "connected",
  "data": {
    "userId": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
  },
  "ts": 123
}

WebSocket

Open WebSocket connection

Auth context: sub-user — token from POST /auth/ws-token.

Open with wss://api.skinshark.gg/ws?token=<wsToken>. The token is verified at upgrade; on failure the server closes with code 4001 Invalid token.

Protocol

Read-only. Any client → server frame closes the socket with code 4002 Read-only.
Heartbeat. The server sends WS pings; respond with pongs to keep the connection alive (handled automatically by most clients).
First frame. Immediately after upgrade, the server sends WsConnectedEvent with the resolved userId.
Subsequent frames. All push events conform to WsEvent — a discriminated union keyed by the top-level event field.

Close codes

Code	Reason	Cause
4001	Missing token	No `?token=` query string
4001	Invalid token	Bad signature, expired, or wrong purpose
4002	Read-only	Client sent any frame after upgrade

Events

Each frame has the shape { event, data, ts } where ts is Unix epoch ms. See the WsEvent schema below for the full union — the deposit events differ between gateway-hosted (gatepay/onramp) and self-hosted crypto deposits even though they share event names.

GET

Open WebSocket connection

curl --request GET \
  --url https://api.skinshark.gg/ws \
  --header 'api-key: <api-key>'

{
  "event": "connected",
  "data": {
    "userId": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
  },
  "ts": 123
}

Authorizations

api-key

string

header

required

Your raw API key. Generate, rotate, and revoke keys from the merchant dashboard. Keys can optionally be bound to one or more allowed source IPs — requests from any other IP are rejected with API_KEY_IP_DENIED.

Query Parameters

token

string

required

Minimum string length: 1

Response

Switching Protocols — WebSocket handshake completed.

Create WebSocket token WebSocket events (reference)