FIXICC H2 REST API Authentication Configuration

The FIXICC H2 REST API that is used to receive configuration now supports optional Bearer token authentication. When enabled, only requests containing a valid Bearer token are authorized. If authentication is not configured, the API remains accessible without a token.

1 1. Enabling Authentication in FIXICC H2
2 2. Configuring FIXEdge C++/Java Servers
3 3. Example: Generating a Token and Its SHA-256 Hash
- 3.1 Example Token
- 3.2 Generate SHA-256 Hash
- 3.3 Configuration Example
4 4. Summary of Behavior

1. Enabling Authentication in FIXICC H2

To enable authenticated REST mode, define the following property in your local.app.properties file:

# List of API tokens for client authentication.
# To activate authenticated REST mode, specify a "|" separated list of SHA-256 hashes of valid token values.
# If this property is not set, authentication is disabled and the API is accessible without a token.
fixicch2.rest.authTokens=<SHA-256 hash of token 1>|<SHA-256 hash of token 2>|...

Note: Only the SHA-256 hashes of the tokens are stored. Clients must use the original token value in the Authorization header:

Authorization: Bearer <original_token_value>

2. Configuring FIXEdge C++/Java Servers

a) To allow FIXEdge Java to authenticate against FIXICC H2, configure the following property in the fixedge.properties file:

# FIXICC H2 REST API authentication token
fixicch2.auth.token=<original_token_value>

b) To allow FIXEdge C++ to authenticate against FIXICC H2, configure the following property in the FIXEdge.properties file:

# FIXICC H2 REST API authentication token
Components.Service.FIXICCH2.OAuth20Token=<original_token_value>

This token must match one of the original values whose SHA-256 hash is listed in fixicch2.rest.authTokens.

3. Example: Generating a Token and Its SHA-256 Hash

Below is a step-by-step example of generating a token and its corresponding SHA-256 hash.

Example Token

Token value:
MySecretToken123

Generate SHA-256 Hash

You can generate the SHA-256 hash using various tools. Here is an example using the sha256sum command on Linux/macOS:

echo -n "MySecretToken123" | sha256sum

Resulting SHA-256 hash:

a7b1e8b8e2e6c7e3b7e2e7c8e8b1e8b8e2e6c7e3b7e2e7c8e8b1e8b8e2e6c7e3

(Note: Replace this with the actual hash output from your tool.)

Configuration Example

fixicch2.rest.authTokens=a7b1e8b8e2e6c7e3b7e2e7c8e8b1e8b8e2e6c7e3b7e2e7c8e8b1e8b8e2e6c7e3

4. Summary of Behavior

If fixicch2.rest.authTokens is defined, Bearer token authentication is enforced.
If fixicch2.rest.authTokens is not defined, the REST API is accessible without authentication.