FIXEdge Admin REST API
- AntonA (Unlicensed)
- author
- Iouri_Jaryi (Unlicensed)
Overview
FIXEdge Admin REST APIÂ is intended to be a pragmatic tool for on-the-fly tuning of the most common FIXEdge properties.
It offers REST interface to handle the following properties of FIXEdge:
- Referring to FIX message log:
- Retrieve FIX message log of specific / all sessions
- Output the acquired contents to text
- Get FIX session list:
- Retrieve the list of session definitions and their states
- Output the acquired contents to text
Session Control:
- Start and stop sessions
- Get session status (since FIXEdge 6.9.0)
- Get session statistics (since FIXEdge 6.9.0)
- Restart session (since FIXEdge 6.9.0)
Reset sequence No:
- Reset FIX sequence No. (incoming and outgoing)
Set sequence No:
- Set an arbitrary value for the sequence number of a specific session
Reload BL_Config.xml
Send messages to session output queue
- Authenticate the client via authentication token:
- Authorized clients are able to perform all operations via Admin REST API.
- Non-authorized clients are able to perform health checks only.
Admin REST API authentication is supported since FIXEdge C++ 6.14.0 version.
Installation
FIXEdge Admin REST API is a part of FIXEdge Server and is introduced in version 6.4.0 of FIXEdge. It's needed to enable AdminRESTAPI.Enabled parameter and set the values for all required AdminRESTAPI fields in FIXEdge.properties (See the "Properties" section).
Admin REST API is available via HTTPS protocol only so it's needed to configure a certificate and a private key which it uses for encryption. FIXEdge packages contain self-signed certificate and private key that can be used by Admin REST API. You can set up your own a self-signed certificate for the servers you're connecting to as described in the "Configuration of Admin REST API with self-signed SSL certificate" section below.Â
Note: when you're connecting to a server that uses a self-signed certificate, you will be displayed a warning (see figure below). Click on the "Add Exception..." button to add the certificate to a set of trusted certificates.
If you use cURL to query Admin REST API you need to add parameter --insecure, e.g.
curl --insecure https://fixedge.host:8903/sessions
Admin REST API configuration parameters
The properties can be configured in FIXEdge.properties:
| Field | Type | Description | Required |
|---|---|---|---|
AdminRESTAPI.Enabled | bool | is admin REST API enabled or not | No, default = false |
AdminRESTAPI.ServerMode | enum | admin REST API server modes:
| No, default = HTTPS |
AdminRESTAPI.BindAddress | string | define specific network interface for listening The parameter was introduced in FIXEdge 6.9.0 | No, default = "0.0.0.0" (all interfaces) |
AdminRESTAPI.Port | int | TCP port to listen | Yes (if AdminRESTAPI.Enabled = true) |
AdminRESTAPI.HTTPSServer.Port | int | TCP port to listen Property is deprecated, use AdminRESTAPI.Port instead | No |
AdminRESTAPI.HTTPSServer.PrivateKey | string | path to SSL private key file | Yes (if AdminRESTAPI.ServerMode = HTTPS) |
AdminRESTAPI.HTTPSServer.Certificate | string | path to SSL certificate file | Yes (if AdminRESTAPI.ServerMode = HTTPS) |
AdminRESTAPI.HTTPSServer.CertificateAuthority | string | path to the file or directory containing the CA/root certificates. Can be empty if the OpenSSL builtin CA certificates are used | No |
Configuration Example:
AdminRESTAPI.Enabled = true AdminRESTAPI.Port = 8903 AdminRESTAPI.HTTPSServer.PrivateKey = ../FIXEdge1/conf/AdminRESTAPI.key AdminRESTAPI.HTTPSServer.Certificate = ../FIXEdge1/conf/AdminRESTAPI.crt
Admin REST API authentication configuration
Admin REST API authentication is supported since FIXEdge C++ 6.14.0 version.
Property | Type | Description | Required |
|---|---|---|---|
AdminRESTAPI.Tokens | string | The property defines API token for client's authentication. To activate Authenticated Admin REST mode the property should be defined with comma separated list of cryptographic hash of the possible tokens values. The hash value is represented as a hexadecimal string (a sequence of hexadecimal digits, pair of such digits represents a single byte of a hash). To generate a hash of the token a user can use commands like echo -n tocken | sha256sum or echo -n tocken | openssl dgst -sha256. Admin REST API authentication is disabled (unsecure mode) if this property is not set in FIXEdge.properties file or is set to empty string value. Non-authorized clients are able to perform health checks only via /service/started. | No |
AdminRESTAPI.TokenHashAlgorithm | string | The property defines hash algorithm to be used. The list of supported hash functions depends on OpenSSL and must include at least SHA256 algorithm. By default SHA256 algorithm is used. | No, default = SHA256 |
To enable Admin REST API authentication mode all requests must contain Authorization header must have a Bearer <token-value> form with specified:
- Bearer authentication shema
- Authentication token
Configuration of Admin REST API with self-signed SSL certificate
You need OpenSSL or LibreSSL installed on your system to follow this instruction. For Windows systems you can get OpenSSL from Cygwin (www.cygwin.com).Â
- Create CA root key
openssl genrsa -out rootCA.key 2048 - Create root certificate
openssl req -x509 -new -key rootCA.key -days 10000 -out rootCA.crt
Answer the questions that openssl asks. The duration of certificate will be 10000 days. - Generate certificate signed with the created CA
openssl genrsa -out AdminRESTAPI.key 2048 - Create certificate signing request
openssl req -new -key AdminRESTAPI.key -out AdminRESTAPI.csr - Sign the certificate with the root certificate
openssl x509 -req -in AdminRESTAPI.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out AdminRESTAPI.crt -days 5000