FIXEdge Admin REST API

Owned by AntonA (Unlicensed)
Last updated: May 17, 2022
3 min read

Overview

FIXEdge Admin REST API is intended to be a pragmatic tool for on-the-fly tuning of the most common FIXEdge properties.

It offers REST interface to handle the following properties of FIXEdge:

  1. Referring to FIX message log:
    1. Retrieve FIX message log of specific / all sessions
    2. Output the acquired contents to text
  2. Get FIX session list:
    1. Retrieve the list of session definitions and their states
    2. Output the acquired contents to text

  3. Session Control:

    1. Start and stop sessions
    2. Get session status (since FIXEdge 6.9.0)
    3. Get session statistics (since FIXEdge 6.9.0)
    4. Restart session (since FIXEdge 6.9.0)

  4. Reset sequence No:

    1. Reset FIX sequence No. (incoming and outgoing)

  5. Set sequence No:

    1. Set an arbitrary value for the sequence number of a specific session

  6. Reload BL_Config.xml

  7. Send messages to session output queue

  8. Authenticate the client via authentication token:
    1. Authorized clients are able to perform all operations via Admin REST API.
    2. Non-authorized clients are able to perform health checks only.

Admin REST API authentication is supported since FIXEdge C++ 6.14.0 version.

Installation

FIXEdge Admin REST API is a part of FIXEdge Server and is introduced in version 6.4.0 of FIXEdge. It's needed to enable AdminRESTAPI.Enabled parameter and set the values for all required AdminRESTAPI fields in FIXEdge.properties (See the "Properties" section).

Admin REST API is available via HTTPS protocol only so it's needed to configure a certificate and a private key which it uses for encryption. FIXEdge packages contain self-signed certificate and private key that can be used by Admin REST API. You can set up your own a self-signed certificate for the servers you're connecting to as described in the "Configuration of Admin REST API with self-signed SSL certificate" section below. 

Note: when you're connecting to a server that uses a self-signed certificate, you will be displayed a warning (see figure below). Click on the "Add Exception..." button to add the certificate to a set of trusted certificates.

If you use cURL to query Admin REST API you need to add parameter --insecure, e.g.

curl --insecure https://fixedge.host:8903/sessions

Admin REST API configuration parameters

The properties can be configured in FIXEdge.properties:

FieldTypeDescriptionRequired

AdminRESTAPI.Enabled

bool

is admin REST API enabled or not

No, default = false

AdminRESTAPI.ServerMode

enum

admin REST API server modes:

  • HTTPS
  • HTTP
No, default = HTTPS

AdminRESTAPI.BindAddress

string

define specific network interface for listening


The parameter was introduced in FIXEdge 6.9.0

No, default = "0.0.0.0" (all interfaces)

AdminRESTAPI.Port

intTCP port to listenYes (if AdminRESTAPI.Enabled = true)

AdminRESTAPI.HTTPSServer.Port

int

TCP port to listen

Property is deprecated, use AdminRESTAPI.Port instead

No

AdminRESTAPI.HTTPSServer.PrivateKey

stringpath to SSL private key file Yes (if AdminRESTAPI.ServerMode = HTTPS)

AdminRESTAPI.HTTPSServer.Certificate

stringpath to SSL certificate fileYes (if AdminRESTAPI.ServerMode = HTTPS)

AdminRESTAPI.HTTPSServer.CertificateAuthority

stringpath to the file or directory containing the CA/root certificates.
Can be empty if the OpenSSL builtin CA certificates are used		No

Configuration Example:

AdminRESTAPI.Enabled = true
AdminRESTAPI.Port = 8903
AdminRESTAPI.HTTPSServer.PrivateKey = ../FIXEdge1/conf/AdminRESTAPI.key
AdminRESTAPI.HTTPSServer.Certificate = ../FIXEdge1/conf/AdminRESTAPI.crt

Admin REST API authentication configuration

Admin REST API authentication is supported since FIXEdge C++ 6.14.0 version.

Property

Type

Description

Required

AdminRESTAPI.Tokens

string

The property defines API token for client's authentication.

To activate Authenticated Admin REST mode the property should be defined with comma separated list of cryptographic hash of the possible tokens values. The hash value is represented as a hexadecimal string (a sequence of hexadecimal digits, pair of such digits represents a single byte of a hash).

To generate a hash of the token a user can use commands like echo tocken | sha256sum or echo tocken | openssl dgst -sha256.

Admin REST API authentication is disabled (unsecure mode) if this property is not set in FIXEdge.properties file or is set to empty string value. Non-authorized clients are able to perform health checks only via /service/started.

No

AdminRESTAPI.TokenHashAlgorithm

string

The property defines hash algorithm to be used. The list of supported hash functions depends on OpenSSL and must include at least SHA256 algorithm.

By default SHA256 algorithm is used.

No, default = SHA256

To enable Admin REST API authentication mode all requests must contain Authorization header must have a Bearer <token-value> form with specified:

  • Bearer authentication shema
  • Authentication token

Configuration of Admin REST API with self-signed SSL certificate

You need OpenSSL or LibreSSL installed on your system to follow this instruction.  For Windows systems you can get OpenSSL from Cygwin (www.cygwin.com). 

  1. Create CA root key
    openssl genrsa -out rootCA.key 2048
  2. Create root certificate
    openssl req -x509 -new -key rootCA.key -days 10000 -out rootCA.crt
    Answer the questions that openssl asks.  The duration of certificate will be 10000 days.
  3. Generate certificate signed with the created CA
    openssl genrsa -out AdminRESTAPI.key 2048
  4. Create certificate signing request
    openssl req -new -key AdminRESTAPI.key -out AdminRESTAPI.csr
  5. Sign the certificate with the root certificate
    openssl x509 -req -in AdminRESTAPI.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out AdminRESTAPI.crt -days 5000

Documentation

FIXEdge Administrative REST API and SDK Documentation