FIX Onboarding

Set Up a Paxos Account, configure connection then certify.

Set up and test a FIX connection in both the Sandbox and Production environments. Connect to the Sandbox environment first for testing purposes. Once the connection is working in Sandbox, follow a similar procedure for the Production connection.

tip

Learn more about FIX Best Practices, including how to use multiple connections and managing sequence number resets.

1. Set Up Paxos Account

To gain access, create a Paxos Account and Support will guide you through the process.

Sandbox

Go to https://dashboard.sandbox.paxos.com and create an Institution Account in the Sandbox environment.

Use an active email address when signing up: Paxos will send a verification email to the address on file. Once the email is verified, complete the registration process.

info

When creating the Sandbox Account:

• Do not submit documents.
• Use placeholder (dummy) text for all text fields except for the email address.

Production

Contact connectivity@paxos.com before creating a Production Account.

2. Generate a Certificate Signing Request (CSR)

Generate the certificate signing request (CSR) following your internal key management best practices. Make sure to use the RSA key algorithm. Paxos recommends a key length of 4096 bits.

As a secondary security measure, a Paxos Support will contact you to verify its content. Please include the following technical contact information:

• Name
• Email
• Phone

Send the CSR and technical contact information to connectivity@paxos.com.

Paxos will follow up with next steps.

3. Set Up SSL

Paxos will configure the connection and reply back with the client certificate used for session connection. Bundle exchange_{comp_id}_certificate.crt (the certificate Paxos sent to you) with the key on your side:

Sandbox

cat private.key exchange_{comp_id}_certificate.crt > sandbox.itbitprod.pem  

Production

cat private.key exchange_{comp_id}_certificate.crt > production.itbitprod.pem 

Most FIX users can use stunnel to add encryption functionality to the client. stunnel is suitable for large deployments and does not require client code changes.

Sandbox

Sandbox stunnel.conf

client = yes
foreground = yes
pid = /home/src/itbit.stunnel.pid
socket =l:TCP_NODELAY=1
socket =r:TCP_NODELAY=1

[itbit-sandbox]
client = yes
accept = 127.0.0.1:1234
cert = /{PATH-TO-CERT}/sandbox.itbitprod.pem
connect = {comp_id}.exchange.gfix.sandbox.itbitprod.com:4198
CAfile = /{PATH-TO-CERT}/ca.crt
verifyChain = yes
checkHost = gfix-service.gfix-exchange.sandbox.itbitprod.com

Production

Production stunnel.conf

client = yes
foreground = yes
pid = /home/src/itbit.stunnel.pid
socket =l:TCP_NODELAY=1
socket =r:TCP_NODELAY=1

[itbit-production]
client = yes
accept = 127.0.0.1:1234
cert = /{PATH-TO-CERT}/production.itbitprod.pem
connect = {comp_id}.exchange.gfix.prod.itbitprod.com:4198
CAfile = /{PATH-TO-CERT}/ca.crt
verifyChain = yes
checkHost = gfix-service.gfix-exchange.prod.itbitprod.com

Once complete, test your connection to our servers. Contact connectivity@paxos.com with test results of for help with an alternative to stunnel.

Next Steps

• Refer to this KB Article for troubleshooting issues with the FIX Connection configuration - Troubleshooting FIX mTLS connectivity configuration.
• Test the FIX implementation in the Sandbox environment by running through the certification process.
• Review the FIX best practices.
• Read the FIX reference documentation.