Authentication

In this section, you will find comprehensive information about the authentication process for the FinFeedAPI Prediction Markets. It covers the fundamental aspects and procedures involved in obtaining authentication for accessing prediction market functionality.

Authentication

In this section, you will find comprehensive information about the authentication process for the FinFeedAPI Prediction Markets. It covers the fundamental aspects and procedures involved in obtaining authentication for accessing prediction market functionality. Whether you are new to FinFeedAPI or seeking to enhance your understanding of the authentication process, this section will provide you with a valuable overview of the topic.

For prediction markets, we provide enhanced authentication methods to ensure secure access to trading functionality:

  • API Key + JWT token - Our primary authentication method that combines an API key with a JWT token for maximum security. This is mandatory for all prediction market operations to ensure secure trading and market creation.

Authentication methods supported by the API

Here's an overview of the authentication methods supported by the Prediction Markets API. To access any prediction market resources, you must use both an API key and JWT token authentication.

API ProductQuery paramURL pathAuthorization headerBasic authJWT
REST✅ (Required)

When using the Authorization header to pass the API key, it cannot be used together with a JWT token in the same header. We recommend using alternative methods to pass the API key such as: a Custom authentication header, Query string parameter, or API Key in the URL.

Query string parameter (apikey)

You can provide your API key by adding an apikey parameter to your HTTP request's query string.

Example: To create a new prediction market with API key 73034021-THIS-IS-SAMPLE-KEY: POST /v1/markets/create?apikey=73034021-THIS-IS-SAMPLE-KEY

While the Query string method may be convenient for development, we recommend using more secure methods in production.

URL path

When passing the API key in the URL, format it with the APIKEY- prefix: If your API key is 73034021-THIS-IS-SAMPLE-KEY, structure the URL as /APIKEY-73034021-THIS-IS-SAMPLE-KEY.

The API key can be placed at the end of the URL path. Examples:

  • /v1/markets/APIKEY-73034021-THIS-IS-SAMPLE-KEY
  • /APIKEY-73034021-THIS-IS-SAMPLE-KEY

Remember to include the APIKEY- prefix before your actual API key.

Authorization header

Include your API key directly in the Authorization header:

Authorization: 73034021-THIS-IS-SAMPLE-KEY

Basic auth

Use Basic Authentication with a base64 encoded string combining your API key with the username "finfeedapi":

Authorization: Basic ZmluZmVlZGFwaTo3MzAzNDAyMS1USElTLUlTLVNBTVBMRS1LRVk=

This example uses base64 encoding of "finfeedapi:73034021-THIS-IS-SAMPLE-KEY".

JWT token (Required)

JWT authentication is mandatory for all prediction market operations. This ensures secure access to trading functionality and market creation. JWTs must be passed via the Authorization header in the Bearer JWT_TOKEN format.

Supported JWT Algorithms

We support the following algorithms for JWT token verification:

  • RSASSA-PSS (e.g. PS256)
  • RSASSA-PKCS1-v1_5 (e.g. RS256)
  • ECDSA (e.g. ES256)
  • HMAC (e.g. HS256)

Setting Up JWT Authentication

To set up JWT authentication:

  1. Access the customer portal and import your public JWT key (RSA or ECDSA)
  2. Generate a JWT token using your private key
  3. Include the JWT token in the Authorization header using Bearer JWT_TOKEN format
  4. Our server will verify the token using your imported public key

Example JWT Request

Add your JWT token to the Authorization header:

Authorization: Bearer JWT_TOKEN

Example with RS256 algorithm:

Authorization: Bearer eyJraWQiOiI5ODViMmQ0ZC1kMjE1LTQwN2MtODcxNi01NTIzNjA0YmM0ZTIiLCJhbGciOiJSUzI1NiJ9.ew0KICAic3ViIjogIjEyMzQ1Njc4OTAiLA0KICAibmFtZSI6ICJFWEFNUExFIFRPS0VOIiwNCiAgImlhdCI6IDE1MTYyMzkwMjIsDQogICJuYmYiOiAxNjg2MTM3MDI0LA0KICAiZXhwIjogMTcxNzY3MzAyNA0KfQ.CX6MWRSXQPKuQ_jrFCME91IwZhK8lq_2XrbDOyZ4-tPo0Ro52HA289sIfLo2LNafWQlq2lClfCN55TxyfC8n0xiifUwdec7g3kcGjCri6vTxaa8p6S3Fyyt2DxXccpi3Se4d_3mEQBZwMchKbQsw-W7Wj7njUk31ycgPQovvF4WrTuEYmhYw1sO9jCTORHmsSO7Shml7kv7AxlIUmzB2oq2KSmBhJV38Nz9oYj3KlPoMjgaIl4xYldNqnGyshh6fQyUQ1gQMQV6e4M5ro8YthjPOCvAT8yk77dTyOoE6Im58cAp6KtM-Gko-tWppUQTu-0M82LOvD_duP77n-hcoTw

Decoded JWT header:

{ "kid": "985b2d4d-d215-407c-8716-5523604bc4e2", "alg": "RS256" }

Decoded JWT payload:

{
  "sub": "1234567890",
  "name": "EXAMPLE TOKEN",
  "iat": 1516239022,
  "nbf": 1686137024,
  "exp": 1717673024
}

JWT Token Requirements

All JWT tokens must include:

  • NBF (Not Before)

    • Specifies the earliest valid time for the token
    • Tokens with future "nbf" claims are rejected

  • EXP (Expiration Time)

    • Defines when the token expires
    • Expired tokens are rejected

Authentication Process

Our authentication process follows these steps:

  1. Extract the JWT from the Authorization header
  2. Verify the JWT signature and check NBF/EXP claims
  3. If valid, authorize the request and process it
  4. If invalid, return an error response

For prediction market operations, we also verify trading permissions and account status before processing requests.

Service StatusGitHub SDK

Prediction Markets API

This document contains all the information required to properly implement applications using our Prediction Markets API.

🔗 REST API

Complete reference for Prediction Markets API REST endpoints.

On this page

AuthenticationAuthentication methods supported by the APIQuery string parameter (apikey)URL pathAuthorization headerBasic authJWT token (Required)Supported JWT AlgorithmsSetting Up JWT AuthenticationExample JWT RequestJWT Token RequirementsAuthentication Process