Skip to main content

Logon (35=A)

Authenticates and opens a FIX session. Must be the first message sent by the application requesting to initiate a FIX session.

Structure

Requires:

Message body

TagNameTypeRequiredDescription
98EncryptMethodIntYMust be: 0 None / Other.
108HeartBtIntIntYHeartbeat interval in seconds. Recommended value: 30.
141ResetSeqNumFlagBooleanNIndicates that both sides of the FIX session should reset sequence numbers.
Can be:
  • N: No
  • Y: Yes
553UsernameStringYYour API key.
554PasswordStringYHMAC-SHA256 hex-encoded signature created from your API secret.
5001EnableCODBooleanNCustom Bitvavo tag
Indicates whether to enable Cancel on Disconnect feature for this session.
Can be:
  • N: Disabled
  • Y: Enabled

Cancel on disconnect

You can use Cancel on disconnect to automatically cancel your open orders if there is no heartbeat received within the specified interval.

This prevents orders remaining open and being filled at unfavorable prices while you are disconnected. To enable this, set the EnableCOD (5001) tag to Y.

Create a signature

Before testing, request your UAT credentials from your Bitvavo contact. For the live environment, use your your production API credentials.

  1. Prepare the input values:

  • api_key: YOUR_API_KEY

  • SenderCompID: YOUR_UNIQUE_ACCOUNT_IDENTIFIER

  • seqNum: 1

  • sendingTime: the Unix timestamp in milliseconds, converted from the value of the FIX header tag 52 generated by your FIX engine, for example: 1700000000123

    important

    FIX engines automatically populate this field when you create the Logon message. Your app must read the value from the message header for every Logon message and convert it to milliseconds since Unix epoch to generate the signature.

    SendingTime to Unix timestamp in milliseconds
    SendingTime (tag 52) = 2023-11-14T12:13:20.123Z
    sendingTime (ms) = 1700000000123
  1. Concatenate the values without a delimiter:
    Concatenated string
    YOUR_API_KEYYOUR_UNIQUE_ACCOUNT_IDENTIFIER11700000000123
  2. Prepare the API secret for associated with your API key. For example:
    API secret
    bitvavo
  3. To get the Password, encode the concatenated string to HMAC-SHA256 using the API secret for your API key.
    Generation logic
    password = hmac.new(secret, message_input_str, hashlib.sha256).hexdigest()
  4. You get the following signature to use as the Password:
    Signature
    50b24049b5764748e7d1096449959fb01254fb326d86aaf04dff6c2993fe41a6

See also

On this page