Trade on Axiom: axiom.trade/@chipadev
Build bots faster with ChipaEditor — the AI-powered IDE for DeFi developers.
Problem: Axiom Trade’s WebSocket endpoints sit behind Cloudflare’s Bot Management. Python’s standard ssl/websockets stack has a different TLS ClientHello fingerprint (JA3) from Chrome. Cloudflare was rejecting all WebSocket connection attempts with HTTP 502 regardless of cookies or headers.
Fix: The WebSocket client now uses curl_cffi — a Python binding to libcurl compiled with BoringSSL — to impersonate Chrome 136’s exact TLS handshake. This makes the connection indistinguishable from a real browser at the TLS layer.
# Internally uses curl_cffi with impersonate="chrome136"
ws_client = AxiomTradeWebSocketClient(auth_manager=auth_manager)
await ws_client.subscribe_new_tokens(callback)
await ws_client.start()
curl_cffi is now a required dependency and is installed automatically via pip.
Problem: AuthManager._set_tokens() previously hardcoded expires_at = now + 3600, ignoring the real JWT exp claim. Access tokens have a ~16-minute lifetime, so they appeared valid until an hour after loading — and refresh was never triggered.
Fix: _set_tokens() now parses the JWT payload to extract the actual exp and iat timestamps. Expired tokens are detected immediately and refreshed automatically before any API call or WebSocket connection.
The token refresh request itself also now uses curl_cffi (Chrome TLS) so Cloudflare accepts it.
The WebSocket client now mirrors the browser’s behaviour by making two HTTP requests immediately before opening the WebSocket:
GET https://api.axiom.trade/wo/server-time — establishes the Cloudflare sessionGET https://api6.axiom.trade/get-announcement — secondary warm-upBoth use the same Chrome TLS session, ensuring Cloudflare’s __cf_bm cookie is correctly associated with the subsequent WebSocket upgrade.
| Area | Fix |
|---|---|
| WebSocket URL | Removed trailing double-slash (// → /) that caused 502 on all clusters |
| User-Agent | Updated to Chrome 148 Windows to match cf_clearance fingerprint |
| Cluster fallback | Fixed broken fallback logic (old condition "cluster-usc2" in url was never true) — now tries cluster3/5/7 on primary failure |
| Logging | Fixed duplicate log lines caused by logger propagation to root handler |
subscribe_* methods |
Unified send path; all subscriptions work correctly with the new curl_cffi transport |
curl_cffi>=0.7.0
Installed automatically. If you manage dependencies manually:
pip install "curl_cffi>=0.7.0"
For long-running bots, set CF_CLEARANCE in your .env file for the most reliable connections:
CF_CLEARANCE=<value from browser DevTools → Application → Cookies → axiom.trade → cf_clearance>
AXIOM_ACCESS_TOKEN=<your access token>
AXIOM_REFRESH_TOKEN=<your refresh token>
cf_clearance lasts ~30 minutes in a browser session. The SDK will automatically refresh your access token using curl_cffi, but cf_clearance must be refreshed manually when it expires. A future release will automate this via headless browser integration.
pip install --upgrade axiomtradeapi