This topic describes the secure CME Globex logon process and scenarios for iLink and Drop Copy including:
...
Certification via AutoCert+ is required for the CME Globex API secure logon. An iLink and Drop Copy certification suite is currently available in AutoCert+.
...
Panel | ||||
---|---|---|---|---|
| ||||
When a customer creates a secure key pair, the credentials can be viewed and downloaded in the CME Customer Center.
For security reasons, CME Group requires customers to change their security credentials every 12 months. Notification regarding pending security credential expiration will be sent to registered administrators.
|
...
This diagram illustrates the data processing required for the client system to submit a secure Logon message to CME Globex.
Gliffy | ||||||
---|---|---|---|---|---|---|
|
When CME Globex receives the logon request, it performs the same steps as the client system did to calculate the HMAC signature as follows:
...
iLink and Drop Copy logon requests must reach CME Globex within 5 seconds to prevent a stale logon. Timestamps (tag 52-SendingTime) submitted by the client system in the Logon (tag 35-MsgTpe=A) message older than 5 seconds will be rejected. CME Globex will send a Logout (tag 35-MsgType=5) message to the client system.
Info |
---|
To ensure the timestamp value submitted in tag 52 is current, CME Group strongly recommends the following Network Time Protocol guidelines. |
Logon Scenarios
Client systems use the Logon (tag 35-MsgType=A) message for authentication with CME Globex. There are three Logon scenarios:
...
Note |
---|
The client system must submit the Logon message within 60 seconds after establishing a TCP/IP connection. If the client system does not submit the Logon message within 60 seconds, the TCP/IP socket connection is assumed to be stale and the socket is closed. |
See also: Session Layer - Fault Tolerance for a discussion of setting the Fault Tolerance Indicator (FTI) at logon and failover scenarios.
...