Skip to main content


Token format

Self-signed token format: token := encoded-payload "." signature

encoded-payload := BASE64(UTF8(payload))
signature := BASE64(HMAC-SHA256(encoded-payload, UTF8(secret)))
payload := issuer "," subject "," not-before-time "," expiration-time "," issued-at-time "," message,


  • secret - the key used for signature validation

  • issuer - principal that issued this token

  • subject - subject of this token

  • not-before-time - time when token will be valid

  • expiration-time - expiration time of the token, after which the token will not be valid

  • issued-at-time - when this token was issued

  • message - explicit <user ID>, <filter_1>;…;<filter_n> if specified by dxFeed team. Otherwise, <user ID> can be any string.



All time variables are specified in seconds from the epoch, in UTC.

For additional information, please check:

Java implementation

Set classpath to the folder with auther-api.jar. You get access to the library:

To generate the token, please use the following code:

return SignedToken.newBuilder()


  • issuer - principal that issued this token

  • sessionType - session provided by dxFeed team

  • user - user ID or <user ID>,<filter_1>;…;<filter_n> if feeds are specified for your connection by dxFeed team (e.g., 'testuser,opra;cme')

  • secret - the key used for signature validation

Error handling

You can handle errors from the server. For this, please change EntitleLoginHandlerFactory.AutherLoginHandler#login(String) to react to errors from dxFeed by analyzing the reason parameter. To find session duplicate events, search for Duplicate session text in the error description.

C# implementation

For C#, please generate a token with this code:

using System;
using System.Security.Cryptography;
using System.Text;

namespace AutherTokenGen {
    internal class Program {
        private const string DefaultIssuer = "<name>";
        private const string DefaultSessionType = "<session>";
        private const string DefaultMessage = "<message>";
        private const string DefaultSecret = "<secret>";
        private const int DefaultDays = 1;

        private static readonly UTF8Encoding Encoding = new UTF8Encoding();

        private static byte[] GetUtf8Bytes(string s) {
            return new UTF8Encoding().GetBytes(s);


        private static string ToBase64(string s) {
            return ToBase64(Encoding.GetBytes(s));

        private static string ToBase64(byte[] bytes) {
            return Convert
                .Replace('+', '-')
                .Replace('/', '_');

        public static void Main(string[] args) {
            const string help = "AutherTokenGen <issuer> <sessionType> <user|message> <secret> <days>";

            var issuer = DefaultIssuer;
            var sessionType = DefaultSessionType;
            var message = DefaultMessage;
            var secret = DefaultSecret;
            var days = DefaultDays;

            switch (args.Length) {
                case 4:
                case 5: {
                    issuer = args[0];
                    sessionType = args[1];
                    message = args[2];
                    secret = args[3];

                    if (args.Length == 5) {
                        if (!int.TryParse(args[4], out days)) {
                            days = DefaultDays;


                case 0:
                    Console.WriteLine($"Usage: \n{help}\n");
                    Console.WriteLine($"Usage: \n{help}\n");


                $"Issuer = {issuer}, SessionType = {sessionType}, User|Message = {message}, Secret = {secret}, Days = {days}\n");

            var now = DateTime.UtcNow;
            var expiration = now.AddDays(days);
            var nowSeconds = new DateTimeOffset(now).ToUnixTimeSeconds();
            var expirationSeconds = new DateTimeOffset(expiration).ToUnixTimeSeconds();
            var payload = $"{issuer},{sessionType},,{expirationSeconds},{nowSeconds},{message}";

            Console.WriteLine($"Payload: {payload}\n");
            var encodedPayload = ToBase64(payload);
            var hmac = new HMACSHA256(GetUtf8Bytes(secret));
            var signature = ToBase64(hmac.ComputeHash(GetUtf8Bytes(encodedPayload)));
            var token = $"{encodedPayload}.{signature}";
            Console.WriteLine($"Token: {token}\n");

JavaScript implementation

For JavaScript, please generate a token with this code:

/** Dependencies */
import CryptoJS from 'crypto-js';

 * @description Generate dxFeed API Self-Signed Token
export const createAuthToken = (secret, issuer, session, message, days) => {
  try {
    const notBeforeTime = '';
    const expirationDate = new Date();
    expirationDate.setDate(expirationDate.getDate() + days);
    const expirationTime = expirationDate.getTime();
    const issuedAtTime =;

    const payload = [issuer, session, notBeforeTime, expirationTime, issuedAtTime, message].join(',');

    const encodedPayload = Buffer.from(encodeURI(payload)).toString('base64').split('=')[0];

    const hash = CryptoJS.HmacSHA256(encodedPayload, encodeURI(secret));

    const signature = CryptoJS.enc.Base64.stringify(hash)
      .replace(/\+/g, '-')
      .replace(/\//g, '_');

    return `${encodedPayload}.${signature}`;
  } catch (err) {
    return Promise.reject(err)

Python implementation

For python, please generate a token with this code:

# imports for generate_token function
from time import time
from base64 import b64encode
from urllib.parse import quote
import hmac
from hashlib import sha256

def generate_token(issuer: str,
                   session: str,
                   secret: str,
                   message: str,
                   days: int) -> str:
    Generate dxFeed API Self-Signed Token

    issuer: str
        Principal that issued this token.
    session: str
        Session provided by dxFeed team.
    secret: str
        The key used for signature validation.
    message: str
        Any string (or '<user ID>, <filter_1>;…;<filter_n>' if specified by dxFeed team).
    days: str
        Number of days the token is valid for.

    token: str
        Ready-to-use token
    # get the required timestamps
    not_before_time = ''
    expiration_time = int(time() + (int(days) * 86400))  # number of sec in day
    issued_at_time = int(time())

    # generate the payload string
    payload = quote(

    # encode and hash the various parts to create the final token.
    encoded_payload = b64encode(payload.encode()).decode().split('=')[0]

    signature_hash =
        bytes(quote(secret, safe="~@#$&()*!=:;,.?/'"), 'latin-1'),
        msg=bytes(encoded_payload, 'latin-1'),

    # format the signature hash
    signature = b64encode(signature_hash).decode().split('=')[0]\
        .replace('+', '-').replace('/', '_')

    # join the encoded payload and signature to complete the token
    token = '.'.join([encoded_payload, signature])
    return token

Token generation sample

To test a token generation, you can use auther.jar in command line mode:

java -cp auther.jar com.devexperts.mdd.auth.entitle.SignedTokenGenerator <name> <session> test uithoophaivahG3aa2uS2eu9eich6aef2JaeTh2rus7Vaec7SeeNgunaexaefini



To test a token generation with multiple feeds specified:

SessionType=terminal-pro or terminal-nonpro
Secret=secret for current session type provided


You can specify any amount of your feeds