Authentication
Senticore supports three authentication models, chosen by use case.
Wallet signing
Retail and application integrations authorize trading actions with the user's wallet using EIP-712 typed data.
| Property | Behavior |
|---|---|
| Credential custody | User wallet |
| Best for | Web applications, wallets, retail users |
| Authorization | Per-action signature |
| Revocation | Wallet-level control and account permissions |
See EIP-712 Signing.
Delegated trading credentials
Programmatic clients can use delegated trading credentials after an initial wallet authorization.
const session = await client.createTradingSession({
scope: ['trading.place', 'trading.cancel'],
ttl: 60 * 60 * 24,
maxNotionalPerOrder: '100000',
});
Delegated credentials support configurable expiry, scope, per-action limits, and revocation. They are intended for bots, server-side systems, and automation that should not ask a wallet to sign every order.
Institutional keys
FIX, Binary, and Market Maker surfaces use institutional credentials issued after onboarding.
| Control | Purpose |
|---|---|
| Per-account key pair | Identify the institution and session |
| Signed challenge on logon | Prove possession without transmitting the private key |
| IP allowlist | Restrict production connectivity |
| Per-key rate tier | Enforce contractual throughput |
| Optional cancel-on-disconnect | Protect unattended quoting strategies |
Permissioning summary
| Surface | Auth model | Notes |
|---|---|---|
| HTTP public market data | None | Unauthenticated |
| HTTP trading | Wallet signature or delegated credential | EIP-712 |
| HTTP funding | Wallet signature | EIP-712 |
| WebSocket public | None | Unauthenticated |
| WebSocket private | Wallet signature or delegated credential | Signed handshake |
| FIX Gateway | Institutional key | Signed challenge on logon |
| Market Maker binary mode | Institutional key | Signed challenge on logon |
| Market Maker API | Institutional key | Signed challenge plus maker tier |