Authentication

Authentication overview

Not everything requires authentication. SX Bet has three tiers:

Operation	Auth required
Fetch markets, odds, trades, orders	None
Subscribe to WebSocket channels / register a heartbeat	API key
Post, fill, or cancel orders	Private key signature

No Auth — Reading data
API Key — WebSocket & Heartbeat
Private Key — Orders

All REST API endpoints are public. You can fetch markets, orderbooks, trades, fixtures, and more without any credentials. A base rate limit applies to all requests.

# No API key required
curl https://api.sx.bet/markets/active

To subscribe to real-time WebSocket channels (live odds updates, order book changes, trade events) or to register and cancel a heartbeat, you need an API key.You can generate an API key from your account settings on sx.bet.SX Bet uses Centrifugo for WebSocket connections. Pass your API key to the /user/realtime-token/api-key endpoint to get a connection token, then supply it via the getToken callback:

import { Centrifuge } from "centrifuge";

const RELAYER_URL = "https://api.sx.bet"; // Mainnet — use https://api.toronto.sx.bet for testnet
const WS_URL = "wss://realtime.sx.bet/connection/websocket"; // Mainnet — use wss://realtime.toronto.sx.bet/connection/websocket for testnet

async function fetchToken() {
  const res = await fetch(`${RELAYER_URL}/user/realtime-token/api-key`, {
    headers: { "x-api-key": process.env.SX_API_KEY },
  });
  if (!res.ok) throw new Error(`Token endpoint returned ${res.status}`);
  const { token } = await res.json();
  return token;
}

const client = new Centrifuge(WS_URL, {
  getToken: fetchToken,
});

client.connect();

The getToken function is called automatically on initial connect and whenever the token needs to be refreshed — no manual token management is needed.See the WebSocket Channels overview and Real-time Data for full channel documentation.

Any action that moves funds or modifies your orders requires a cryptographic signature from your wallet’s private key — proof that you — and only you — authorized that specific action. This includes:

Filling orders — taking a position on a market
Posting orders — placing a maker order on the book
Cancelling orders — removing your open orders

Never expose your private key. Store it in a .env file, never commit it to version control, and never share it. Anyone with your private key has full control of your wallet.

For implementation details, see Filling Orders and Posting Orders.

Filling Orders

Sign and submit taker fills against open maker orders.

Real-time Data

Subscribe to live order book and trade updates via WebSocket.

Getting Started

Core Concepts

Market Data

Trading

Partners

Guides

Resources

Authentication overview

Filling Orders

Real-time Data

Getting Started

Core Concepts

Market Data

Trading

Partners

Guides

Resources

​Authentication overview

Filling Orders

Real-time Data

Authentication overview