How to Tag Deribit REST / WebSocket Orders with SignalPlus Broker ID

Overview

Add SignalPlus partner identifiers (brokerId, brokerSecret) to your existing Deribit REST or WebSocket API calls.

Then, Deribit’s system automatically recognizes these as partner-sourced orders.

1️⃣ What Each Value Means

Field
Meaning
Example

brokerId

Partner Application ID (AppId)

zyxabc

brokerSecret

Partner Application Secret (AppSecret)

(long alphanumeric string)

2️⃣ Integration Logic (REST / WebSocket)

Deribit supports two equivalent tagging mechanisms for partner apps:

  1. Partner Header

  2. Inline appid / appsig parameters in the standard auth header

Either way, the process is identical:

  • You generate your normal user signature (sig) with the trader’s API key.

  • You generate an additional partner signature (AppSig) over the same payload, using the SignalPlus AppId/AppSecret.

Deribit records both and attributes the order to the corresponding partner (SignalPlus).

3️⃣ REST API Integration

Step 1 — Create your standard user signature

You already sign private endpoints like /private/buy using your API key:

deri-hmac-sha256 id=<USER_CLIENT_ID>,ts=<TIMESTAMP>,nonce=<NONCE>,sig=<USER_SIG>

Step 2 — Add partner identification

Option 1: Separate partner header

partner: id=<AppId>,sig=<AppSig>

Option 2: Inline parameters in the same header

deri-hmac-sha256 id=<USER_CLIENT_ID>,ts=<TS>,nonce=<N>,sig=<USER_SIG>,appid=<AppId>,appsig=<AppSig>

Both are valid and recognized by Deribit.

Example REST Request

POST <https://www.deribit.com/api/v2/private/buy>
Headers:
  Content-Type: application/json
  deri-hmac-sha256: id=<USER_CLIENT_ID>,ts=<TS>,nonce=<N>,sig=<USER_SIG>,appid=zuOZXNAm,appsig=<APP_SIG>
Body:
  {
    "jsonrpc": "2.0",
    "id": 1,
    "method": "private/buy",
    "params": {
      "instrument_name": "BTC-PERPETUAL",
      "amount": 10,
      "type": "limit",
      "price": 65000
    }
  }

4️⃣ WebSocket Integration

Option A — Token-based flow

Use /app_authorization (implicit or code grant) once, obtain an access token,

then connect and call public/auth with that token.

Orders under that token are automatically partner-tagged.

Option B — Signature-based flow

If you authenticate manually using client_signature:

  1. Compute the normal user signature.

  2. Compute the AppSig with the same string but using brokerId and brokerSecret.

  3. Include both appid and appsig fields in the authentication message.

Same logic applies to both REST and WS; partner identification ensures rebates are credited to SignalPl

Security Notes

  • brokerSecret is used only for generating AppSig.

  • Orders will continue to execute under the user’s API key;

    the partner tag is only for attribution, not execution permission.

PreviousHow to share your earningsNextSignalplus RFQ (Bullish vs Deribit)

Last updated