Kraken API Integration in Mobile Crypto App

NOVASOLUTIONS.TECHNOLOGY is engaged in the development, support and maintenance of iOS, Android, PWA mobile applications. We have extensive experience and expertise in publishing mobile applications in popular markets like Google Play, App Store, Amazon, AppGallery and others.
8+Years of work900+Completed projects100+In house employees19+Partners
Development and support of all types of mobile applications:
Information and entertainment mobile applications
News apps, games, reference guides, online catalogs, weather apps, fitness and health apps, travel apps, educational apps, social networks and messengers, quizzes, blogs and podcasts, forums, aggregators
E-commerce mobile applications
Online stores, B2B apps, marketplaces, online exchanges, cashback services, exchanges, dropshipping platforms, loyalty programs, food and goods delivery, payment systems.
Business process management mobile applications
CRM systems, ERP systems, project management, sales team tools, financial management, production management, logistics and delivery management, HR management, data monitoring systems
Electronic services mobile applications
Classified ads platforms, online schools, online cinemas, electronic service platforms, cashback platforms, video hosting, thematic portals, online booking and scheduling platforms, online trading platforms

These are just some of the types of mobile applications we work with, and each of them may have its own specific features and functionality, tailored to the specific needs and goals of the client.

Offered services
Showing 1 of 1 servicesAll 1735 services
Kraken API Integration in Mobile Crypto App
Medium
~3-5 business days
FAQ
Our competencies:
Development stages
Latest works
  • image_mobile-applications_feedme_467_0.webp
    Development of a mobile application for FEEDME
    756
  • image_mobile-applications_xoomer_471_0.webp
    Development of a mobile application for XOOMER
    624
  • image_mobile-applications_rhl_428_0.webp
    Development of a mobile application for RHL
    1054
  • image_mobile-applications_zippy_411_0.webp
    Development of a mobile application for ZIPPY
    947
  • image_mobile-applications_affhome_429_0.webp
    Development of a mobile application for Affhome
    862
  • image_mobile-applications_flavors_409_0.webp
    Development of a mobile application for the FLAVORS company
    445
Show more works

Kraken API Integration in Mobile Crypto Applications

Kraken stands out among exchanges for one of the strictest signature systems in public crypto APIs. The HMAC-SHA512 algorithm with double hashing intimidates developers used to simple SHA256. In practice, implementation takes half a day, but nuances are plentiful.

Signature Mechanism: SHA256 + SHA512 in Sequence

Kraken Private API (https://api.kraken.com/0/private/) requires:

  1. nonce — monotonically increasing integer. Kraken recommends Unix timestamp in milliseconds, but doesn't strictly enforce format, only that each next is greater.
  2. API-Sign: Base64(HMAC-SHA512(urlPath + SHA256(nonce + postData), Base64Decode(privateKey)))

The private key at Kraken is Base64-encoded binary secret, not ASCII string. Decode to bytes before using as HMAC key. Typical iOS error: passing Data(privateKey.utf8) instead of Data(base64Encoded: privateKey)!—signature forms but is always invalid.

postData is urlencoded parameter string including nonce. Order: nonce first isn't mandatory, but without it—EAPI:Invalid nonce.

WebSocket API v2

Kraken moved to WebSocket API v2 in 2023. Old v1 (wss://ws.kraken.com) still works, but new features are v2 only (wss://ws.kraken.com/v2). Message format changed—v2 uses {"method": "subscribe", "params": {...}} instead of v1's {"event": "subscribe", ...}.

Private channel authorization: get a temporary token via REST POST /0/private/GetWebSocketsToken, pass in params.token when subscribing to executions (orders) or balances. Token lives 15 minutes—need renewal mechanism. Without renewal on long sessions, users lose order updates silently without explicit error (channel just stops sending).

Asset Name Quirk

Kraken uses non-standard names: XBT instead of BTC, XDG instead of DOGE. Pairs are named XXBTZUSD, XETHZUSD (double prefix for ISO currencies). In WebSocket v2, names are normalized (BTC/USD), in REST—not. When mapping between UI and API, maintain an alias table, or AssetPairs query returns pairs users won't recognize.

Rate Limiting

Kraken counts "counter" load—each request adds points (1–2 depending on endpoint), every few seconds points decrease. When limit exceeded (EAPI:Rate limit exceeded), IP gets blocked. No headers showing remaining quota like Binance. Track counter yourself or use adaptive request intervals.

For mobile: recommend polling balance no more than every 10 seconds, order history every 30 seconds, all market data via WebSocket.

Stack and Timeline

For native iOS: CryptoKit for HMAC-SHA512 (available iOS 13+), URLSession for REST, URLSessionWebSocketTask for WebSocket. Combine Publisher for order event stream.

For Android: javax.crypto.Mac with HmacSHA512, OkHttp WebSocket client. Kotlin Coroutines + Flow for reactive UI updates.

Kraken integration is slightly more complex than competitors due to signature specifics and asset names. Basic integration (spot, no margin)—3–4 weeks. Futures API (futures.kraken.com)—separate domain with different authentication, assess separately.