MetaTrader 5 API Authentication
Every FxSocket API request is authenticated with a per-user API key — passed as an X-API-Key header, or as an api_key query parameter for clients (like WebSocket) that can't set headers. There is no OAuth dance or Bearer scheme to manage, and your key only works against your own MetaTrader 5 accounts.
X-API-Key: fxs_live_...Every request needs your fxsocket API key — copy it from the dashboard's API Key page. Keys are per-user and only work on your own accounts: authentication is enforced by your own dedicated terminal, and a valid key used against someone else's account_id still gets a 401.
{
"error": "MRPC_UNAUTHORIZED",
"message": "missing or invalid API key (X-API-Key header or api_key query parameter)"
}?api_key=fxs_live_...Alternative to the header, and the only method WebSocket clients can use. The key is the same in both cases — there is no Bearer / Authorization scheme.
Rotating your key from the dashboard propagates to your terminals within about 5 minutes. The terminal restarts briefly when the new key lands, so a short window of 5xx responses right after a rotation is normal.