Skip to main content

FIX Onboarding

Set Up a Paxos Account, configure connection then certify.

Set up and test a FIX connection in both the Sandbox and Production environments. Connect to the Sandbox environment first for testing purposes. Once the connection is working in Sandbox, follow a similar procedure for the Production connection.

tip

Learn more about FIX Best Practices, including how to use multiple connections and managing sequence number resets.

1. Set Up Paxos Account

To gain access, create a Paxos Account and Support will guide you through the process.

Go to https://dashboard.sandbox.paxos.com and create an Institution Account in the Sandbox environment.

Use an active email address when signing up: Paxos will send a verification email to the address on file. Once the email is verified, complete the registration process.

info

When creating the Sandbox Account:

  • Do not submit documents.
  • Use placeholder (dummy) text for all text fields except for the email address.

2. Generate a Certificate Signing Request (CSR)

Generate the certificate signing request (CSR) following your internal key management best practices. Make sure to use the RSA key algorithm. Paxos recommends a key length of 4096 bits.

As a secondary security measure, a Paxos Support will contact you to verify its content. Please include the following technical contact information:

  • Name
  • Email
  • Phone

Send the CSR and technical contact information to support@paxos.com.

Paxos will follow up with next steps.

3. Set Up SSL

Paxos will configure the connection and reply back with the client certificate used for session connection. Bundle exchange_{comp_id}_certificate.crt (the certificate Paxos sent to you) with the key on your side:

cat private.key exchange_{comp_id}_certificate.crt > sandbox.itbitprod.pem  

Most FIX users can use stunnel to add encryption functionality to the client. stunnel is suitable for large deployments and does not require client code changes.

Sandbox stunnel.conf
client = yes
foreground = yes
pid = /home/src/itbit.stunnel.pid
socket =l:TCP_NODELAY=1
socket =r:TCP_NODELAY=1

[itbit-sandbox]
client = yes
accept = 127.0.0.1:1234
cert = /{PATH-TO-CERT}/sandbox.itbitprod.pem
connect = {comp_id}.exchange.gfix.sandbox.itbitprod.com:4198
CAfile = /{PATH-TO-CERT}/ca.crt
verifyChain = yes
checkHost = gfix-service.gfix-exchange.sandbox.itbitprod.com

Once complete, test your connection to our servers. Contact support@paxos.com with test results of for help with an alternative to stunnel.

Next Steps