FIX Onboarding
Set up and test a FIX connection in both the Sandbox and Production environments. Connect to the Sandbox environment first for testing purposes. Once the connection is working in Sandbox, follow a similar procedure for the Production connection.
Learn more about FIX Best Practices, including how to use multiple connections and managing sequence number resets.
1. Set Up Paxos Account
To gain access, create a Paxos Account and Support will guide you through the process.
- Sandbox
- Production
Go to https://dashboard.sandbox.paxos.com and create an Institution Account in the Sandbox environment.
Use an active email address when signing up: Paxos will send a verification email to the address on file. Once the email is verified, complete the registration process.
When creating the Sandbox Account:
- Do not submit documents.
- Use placeholder (dummy) text for all text fields except for the email address.
Contact support@paxos.com before creating a Production Account.
2. Generate a Certificate Signing Request (CSR)
Generate the certificate signing request (CSR) following your internal key management best practices. Make sure to use the RSA key algorithm. Paxos recommends a key length of 4096 bits.
As a secondary security measure, a Paxos Support will contact you to verify its content. Please include the following technical contact information:
- Name
- Phone
Send the CSR and technical contact information to support@paxos.com.
Paxos will follow up with next steps.
3. Set Up SSL
Paxos will configure the connection and reply back with the client certificate used for session connection.
Bundle exchange_{comp_id}_certificate.crt
(the certificate Paxos sent to you) with the key on your side:
- Sandbox
- Production
cat private.key exchange_{comp_id}_certificate.crt > sandbox.itbitprod.pem
cat private.key exchange_{comp_id}_certificate.crt > production.itbitprod.pem
Most FIX users can use stunnel to add encryption functionality to the client. stunnel is suitable for large deployments and does not require client code changes.
- Sandbox
- Production
client = yes
foreground = yes
pid = /home/src/itbit.stunnel.pid
socket =l:TCP_NODELAY=1
socket =r:TCP_NODELAY=1
[itbit-sandbox]
client = yes
accept = 127.0.0.1:1234
cert = /{PATH-TO-CERT}/sandbox.itbitprod.pem
connect = {comp_id}.exchange.gfix.sandbox.itbitprod.com:4198
CAfile = /{PATH-TO-CERT}/ca.crt
verifyChain = yes
checkHost = gfix-service.gfix-exchange.sandbox.itbitprod.com
client = yes
foreground = yes
pid = /home/src/itbit.stunnel.pid
socket =l:TCP_NODELAY=1
socket =r:TCP_NODELAY=1
[itbit-production]
client = yes
accept = 127.0.0.1:1234
cert = /{PATH-TO-CERT}/production.itbitprod.pem
connect = {comp_id}.exchange.gfix.prod.itbitprod.com:4198
CAfile = /{PATH-TO-CERT}/ca.crt
verifyChain = yes
checkHost = gfix-service.gfix-exchange.prod.itbitprod.com
Once complete, test your connection to our servers. Contact support@paxos.com with test results of for help with an alternative to stunnel.
Next Steps
- Refer to this KB Article for troubleshooting issues with the FIX Connection configuration - Troubleshooting FIX mTLS connectivity configuration.
- Test the FIX implementation in the Sandbox environment by running through the certification process.
- Review the FIX best practices.
- Read the FIX reference documentation.