Accessing the RMI API

RMI access is only available to clearing firms using a certified application.

1.  Clearing Firms wishing to access the RMI API in production, leveraging their certified application, must create a CME Group Login and submit it, along with the Schedule 6 Exhibit D, to their Global Account Manager. 

• We recommend use of PROD in the CME Group Login name to distinguish it from any New Release API IDs. For example, API_RMI_CLEARINGFIRM_PROD.

2.  After the API has been entitled, the application will log into: https://rmi.cmegroup.com/rmi/

Customers requesting access to the New Release environment for certification will need to contact Global Account Management.

Clearing Member Firm (CMF) automated risk systems connect to the API using HTTPS user authentication via Web Services. HTTPS version 1.1 supports both session-less and session-based connections. RMI Risk Administrators will be provided an Application level ID and password from their Global Account Manager. CMF risk systems will use this information to populate the appropriate fields of the Logon message for the RMI API.

Ping Request to the API

To ensure a RMI connection is still active, CMF risk systems can utilize the Ping Request capability. For session-based connections, this feature confirms that the API is available and the risk system is currently logged in. For session-less connections, this feature confirms that the API is available.

Ping Request Message Example

Ping Response Message Example

Risk systems must specify a Request ID on each request, which is used to uniquely identify the response to its specific request. Below is an example of a Ping response message:

RMI Session Based Connection

For a session-based connection, the risk system logs in to begin the session. To end a session-based connection, the risk system must send a logoff request to terminate the session.

The following diagram shows the message flow for logging in and logging out of the API initiated by the client’s automated risk system on a session-based connection.

Open

Session Based Login Request Message Example

Risk systems logging onto the API use the FIXML User Request message with User Request Type=1. Risk systems must include a Request ID for each request, which is used to uniquely identify the response to its specific request.

User Request Logon message example:

Session Based Login Response Message Example

Login Response message example:

Session Based Logout Request Message Example

Risk systems requesting to logoff use the FIXML User Request message with User Request Type=2.

Logout request message example:

Session-Based Logout Response Message Example

Logout response message example:

Session-Less Connection

For a session-less connection, the risk system must send its credentials in the header of each message for every message sent to the API. The username and password must be typed with a colon separating the two (i.e. username:password) and then convert from string to base64.

The following is an example entry in the header:

Session-Less Request Message Example

The following message example details a client request to access the API on a session-less connection.

Session-Less Server Response Message Example

The following message example details the API’s response to the client automated risk system’s session-less request.