Endpoint
Authentication
Browsers can’t set custom headers on the WebSocket handshake, so the signed-request flow moves to query params. The signature coversWS\nPATH\nSORTED_QUERY (excluding key_id/ts/sig)\nTIMESTAMP. See
Authentication for the full recipe.
Signed handshake
?access_token=<jwt>. Invalid or missing auth closes the connection with code 4401.
Backfill
The WebSocket stream is live-only — it does not emit historical trades on subscribe. To populate a recent trades view on page load, call:river_ids (repeat the parameter), queries each source exchange sequentially, and returns the most recent trades for every market in descending time order. The response is { "results": [...] } with one block per requested river_id in input order. Per-market failures show up as not_found rows with a message. Fire it in parallel with the WebSocket subscribe action and deduplicate overlap by exchange_trade_id.
Protocol
All frames are JSON. Client frames are text; server frames are bytes (orjson-serialized UTF-8).Client → server
subscribe/unsubscribeaccept one or manyriver_ids. Duplicate subscribes on the same connection are no-ops.
Server → client
tradeis sent once per print. Append-only — frames are never coalesced.reconnectis sent during graceful pod shutdown. Reconnect with a small jitter.
Keepalive
Liveness is handled at the WebSocket protocol layer (RFC 6455 PING/PONG control frames). Standard clients (Pythonwebsockets, browser WebSocket) reply to server PINGs automatically — no application-level heartbeat is needed.
Tradeprint payload
Rate limits and pacing
Trades are append-only events — they are not rate-capped or coalesced. Every print on the upstream exchange is forwarded. If a slow client cannot drain fast enough, the server closes the connection with code1011; reconnect and re-backfill.

