Introduction
The Arbitreads FIX Toolkit is a recently launched and not fully comprehensive implementation of the (F)inancial (I)nformation E(x)change protocol. While the API is open for all users, it is only useful for very specific requests that Arbitreads chose to implement (at time of writing, April 2026). For example, if you attempt to subscribe to Market Data you will get error messages like 'Requested operation is not allowed in DropCopy sessions.' or 'Requested operation is not allowed in order entry sessions.'
It is possible to send new order messages / cancel order messages and to query the status of limit orders awaiting execution.
Integration Guide
Complete the verification below to access the full documentation.
Verify to continue
The full integration guide — including endpoints, authentication, session configuration, and code examples — is gated behind a quick human verification.
Choose Your Environment
Arbitreads exposes two FIX environments. Start with Playground to validate your connectivity and session logic before touching live capital.
| Environment | Host | Port | Notes |
|---|---|---|---|
| Playground | fix-playground.arbitreads.com | 9878 | Paper orders only. Recommended first step. |
| Production | fix.arbitreads.com | 9878 | Live execution. Requires KYC-approved account. |
API keys are environment-specific. A Playground key will be rejected by the Production endpoint and vice-versa. Generate keys from Account → API Keys in the dashboard, selecting the correct environment tab.
TLS Configuration
All FIX connections must be wrapped in TLS 1.2 or higher. Plain-text connections are rejected at the TCP layer. Download the Arbitreads CA bundle and configure your FIX library to verify the server certificate against it.
curl -O https://fix.arbitreads.com/ca/arbitreads-ca.pem
Point your FIX engine's SSLCertificate (or equivalent) setting at this file. If your library relies on the system trust store, import the PEM there instead. Client-side certificates are not required — server-only TLS is sufficient.
FIX Session Settings
The Arbitreads gateway speaks FIX 4.4. Below is a minimal QuickFIX/n-style settings block — adapt field names for your library.
[DEFAULT] ConnectionType=initiator ReconnectInterval=10 FileStorePath=./fix-store FileLogPath=./fix-logs StartTime=00:00:00 EndTime=00:00:00 UseDataDictionary=Y DataDictionary=FIX44.xml [SESSION] BeginString=FIX.4.4 SenderCompID=YOUR_API_KEY TargetCompID=ARBITREADS SocketConnectHost=fix-playground.arbitreads.com SocketConnectPort=9878 HeartBtInt=30 SSLEnable=Y SSLCertificate=./arbitreads-ca.pem
Replace YOUR_API_KEY with the key generated in Step 1. The TargetCompID must be exactly ARBITREADS (uppercase). The server will reject the Logon if either CompID doesn't match.
Authentication — Logon Message (A)
Arbitreads uses HMAC-SHA256 to authenticate the Logon message. The signature covers a canonical string and is placed in tag 96 (RawData), with tag 95 (RawDataLength) holding its byte length.
| Tag | Field | Required | Description |
|---|---|---|---|
| 35 | MsgType | Required | A |
| 49 | SenderCompID | Required | Your API key |
| 56 | TargetCompID | Required | ARBITREADS |
| 98 | EncryptMethod | Required | 0 (None — TLS handles transport encryption) |
| 108 | HeartBtInt | Required | Heartbeat interval in seconds (e.g. 30) |
| 95 | RawDataLength | Required | Byte length of the HMAC signature in tag 96 |
| 96 | RawData | Required | Hex-encoded HMAC-SHA256 signature (see below) |
| 553 | Username | Optional | Account sub-identifier (leave blank unless instructed) |
Signature construction
Concatenate the following fields with | as the delimiter, then HMAC-SHA256 using your API secret:
canonical = SendingTime + "|" + MsgType + "|" + MsgSeqNum + "|" + SenderCompID + "|" + TargetCompID signature = hmac_sha256(api_secret, canonical).hex()
Python example:
import hmac, hashlib, time
def sign_logon(api_secret, sending_time, seq_num, sender, target):
canonical = f"{sending_time}|A|{seq_num}|{sender}|{target}"
return hmac.new(
api_secret.encode(),
canonical.encode(),
hashlib.sha256
).hexdigest()
Placing & Managing Orders
After a successful Logon, you can submit a New Order Single (MsgType=D). Only limit orders (OrdType=2) are supported. Market orders will be rejected.
| Tag | Field | Required | Description |
|---|---|---|---|
| 35 | MsgType | Required | D |
| 11 | ClOrdID | Required | Unique client-assigned order ID (string, max 64 chars) |
| 55 | Symbol | Required | Trading pair, e.g. BTC-USD |
| 54 | Side | Required | 1 = Buy, 2 = Sell |
| 38 | OrderQty | Required | Quantity in base asset (e.g. 0.5 BTC) |
| 40 | OrdType | Required | 2 (Limit only) |
| 44 | Price | Required | Limit price |
| 59 | TimeInForce | Optional | 1 = GTC (default), 3 = IOC, 4 = FOK |
| 60 | TransactTime | Required | UTC timestamp in FIX format: YYYYMMDD-HH:MM:SS.mmm |
Cancelling an order — send an Order Cancel Request (MsgType=F) with OrigClOrdID (tag 41) referencing the original ClOrdID.
Querying status — send an Order Status Request (MsgType=H) with ClOrdID and Side. The server responds with an Execution Report (MsgType=8).
⚠️ Market Data subscription messages (MsgType=V) will return a Business Message Reject with text "Requested operation is not allowed in order entry sessions."