Skip to main content

Logon

The Logon message authenticates a user establishing a connection to the Kraken exchange. The Logon message must be the first message sent by the Firm that needs to initiate a FIX session with exchange.

If the logon is successful, the exchange will answer with a Logon message. The authentication information (username and password) won't be sent back in case of Trading session logon (see below for more details).

If the logon is not successful, Kraken will send a Logout message with a reason will be sent back. It can also happen that the connection get closed without logout message from Kraken.

MESSAGE BODY

header required
MsgType A
98 - EncryptMethod integer required
Always set to 0 (None)
108 - HeartBtInt integer required
Value in seconds. Recommended value= 60.
109 - ClientID integer
Used to identify if this connection is associated with any other connection.
141 - ResetSeqNumFlag boolean
Possible values: [true, false]
Default value: false
Indicates both sides should reset sequence numbers.
553 - UserName string conditional
Condition: Trading Logon
The value is the API Key that needs to be created with FIX API purpose.
554 - Password string conditional
Condition: Trading Logon
Password generated with multiple information. See below.
8674 - CancelOrdersOnDisconnect integer
Possible values: [0, 1]
Default value: 0
  • 0 : Cancel all open orders from this session
  • 1: Cancel no orders even if the session is disconnected
5025 - Nonce string conditional
Condition: Trading Logon
Required for Trading Logon. Time in ms since epoch as string. (This will be used in password generation and check)

Password is determined by the following formula :

base64(HMAC-512(API secret, SHA256(Message-Input + Nonce)))   

Where API Secret and Nonce are linked to the API Key and Message-input is composed of the following fields, all followed by the FIX Separator (SOH = ASCII code 01):

  • 35=A
  • 34=MsgSeqNum
  • 49=SENDERCOMPID
  • 56=TARGETCOMPID
  • 553=API_KEY
caution

API-Secret when used in HMAC-512 needs to be base64 decoded.

The nonce is milliseconds since Epoch (always increasing value). We will check if the value of the nonce is not more than 5 seconds away from the current time of the server.

Here is a Python Example to compute the password:


def get_password(d_msg):
api_key = "YOUR API_KEY"
api_secret = "YOUR API_SECRET"
nonce = str(time.time() * 1000.).split('.')[0]
message_input = "35=" + "A" + __SOH__ + "34=" + d_msg["34"] + __SOH__ + "49=" + d_msg["49"] + __SOH__ + "56=" + "KRAKEN-TRD" + __SOH__ + "553=" + api_key + __SOH__
api_sha256 = hashlib.sha256((message_input + nonce).encode("utf-8")).digest()
api_hmac = hmac.new(base64.b64decode(api_secret), api_sha256, hashlib.sha512)
fix_password = base64.b64encode(api_hmac.digest())
return fix_password