Accessing the RMI API
RMI access is only available to clearing firms using a certified application.
1. Clearing Firms wishing to access the RMI API in production, leveraging their certified application, must create a CME Group Login and submit it, along with the Schedule 6 Exhibit D, to their Global Account Manager.
We recommend use of PROD in the CME Group Login name to distinguish it from any New Release API IDs. For example, API_RMI_CLEARINGFIRM_PROD.
2. After the API has been entitled, the application will log into: https://rmi.cmegroup.com/rmi/
Customers requesting access to the New Release environment for certification will need to contact Global Account Management.
Clearing Member Firm (CMF) automated risk systems connect to the API using HTTPS user authentication via Web Services. HTTPS version 1.1 supports both session-less and session-based connections. RMI Risk Administrators will be provided an Application level ID and password from their Global Account Manager. CMF risk systems will use this information to populate the appropriate fields of the Logon message for the RMI API.
The Request ID must be incremental across all messages. Any message with a non-incremented Request ID will be rejected with a Business-level Reject with text: “The ReqId must be greater than the previous ReqId”.
Ping Request to the API
To ensure a RMI connection is still active, CMF risk systems can utilize the Ping Request capability. For session-based connections, this feature confirms that the API is available and the risk system is currently logged in. For session-less connections, this feature confirms that the API is available.
CME Group recommends that customers send pings to confirm session or API availability on an as-needed basis, no more frequently than every 20 seconds.
For a session-based connection, the ping request must use the cookie obtained from the Login message, otherwise, the Response message will be an error with the text: “Ping response without active session.” If the cookie for a session is lost, the session becomes unusable, and the user must re-login to receive a new cookie.
Ping Request Message Example
Ping Response Message Example
Risk systems must specify a Request ID on each request, which is used to uniquely identify the response to its specific request. Below is an example of a Ping response message:
RMI Session Based Connection
For a session-based connection, the risk system logs in to begin the session. To end a session-based connection, the risk system must send a logoff request to terminate the session.
The following diagram shows the message flow for logging in and logging out of the API initiated by the client’s automated risk system on a session-based connection.
Session Based Login Request Message Example
Risk systems logging onto the API use the FIXML User Request message with User Request Type=1. Risk systems must include a Request ID for each request, which is used to uniquely identify the response to its specific request.
User Request Logon message example:
Session Based Login Response Message Example
Login Response message example:
Session Based Logout Request Message Example
Risk systems requesting to logoff use the FIXML User Request message with User Request Type=2.
Logout request message example:
Session-Based Logout Response Message Example
Logout response message example:
Session-Less Connection
For a session-less connection, the risk system must send its credentials in the header of each message for every message sent to the API. The username and password must be typed with a colon separating the two (i.e. username:password) and then convert from string to base64.
The following is an example entry in the header:
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
Session-Less Request Message Example
The following message example details a client request to access the API on a session-less connection.
Session-Less Server Response Message Example
The following message example details the API’s response to the client automated risk system’s session-less request.
How was your Client Systems Wiki Experience? Submit Feedback
Copyright © 2024 CME Group Inc. All rights reserved.