Authentication

How to authenticate with the WebSocket server

v0.2.5

Authentication was added to the WebSocket server in Streamer.bot v0.2.5.

Authentication is optional and can be enabled or disabled in the WebSocket settings.

SendMessage is the only request where authentication is required.

Authenticating with Client

Streamer.bot client will automatically handle authentication for you, if you have a password set in the WebSocket settings.

Simply add the password property to the StreamerbotClient constructor.

const client = new StreamerbotClient({
  password: 'MySuperSecretPassword'
});

That's it! The client will automatically handle the authentication steps for you. Yes, it's that easy.

Authentication Steps

Streamer.bot Client will automatically handle these steps for you.
You only need to do this if you are building your own client, or using another language.

Hello Request

When connecting to Streamer.bot's WebSocket Server, you will receive a Hello message, detailed below.

This message always contains an info object with information about the instance you are connected to.

When authentication is enabled, there will also be an authentication object that contains a salt and a challenge string.

hello.json

{
  "timestamp": "<ISO8601_string>",
  "session": "<string>",
  "request": "Hello",
  "info": {
    "instanceId": "<string>",
    "name": "<string>",
    "version": "<string>",
    "os": "<string>",
    "osVersion": "<string>",
    "mode": "ui",
    "darkMode": true,
    "source": "websocketServer"
  },
  "authentication": {
    "salt": "<base64_string>",
    "challenge": "<base64_string>"
  }
}

Authenticate Request

Using the salt and challenge provided in the Hello request, you will need to generate an authentication string and send an Authenticate request back to Streamer.bot.

Authenticate.json

{
  "request": "Authenticate",
  "id": "<request_id>", // Any unique ID you want to use
  "authentication": "<authentication_string>" // Your generated authentication string
}

You will need to send the above request back to Streamer.bot in order to authenticate. To build the authentication string, you will need to do the following:

Concatenate the WebSocket password with the salt provided by the server (password + salt)
Generate an SHA256 binary hash of the result and base64 encode it.
Concatenate the base64 secret with the challenge sent by the server (base64_secret + challenge)
Generate a binary SHA256 hash of that result and base64 encode it.
The resulting string is what you will use for authentication.

Example in JavaScript

example.js

import crypto from 'crypto';

const { salt, challenge } = data.authentication;
const password = 'your_websocket_password';
const secret = crypto.createHash('sha256').update(password + salt, 'utf8').digest('base64');
const authentication = crypto.createHash('sha256').update(secret + challenge, 'utf8').digest('base64');

const authRequest = {
  id: '1',
  request: 'Authenticate',
  authentication
};
ws.send(JSON.stringify(authRequest));

Receiving Events

Learn how to subscribe to and handle events from the WebSocket server

Custom Overlays

Create your own custom overlays using the WebSocket API