BrokerTec Order Entry Sessions

Using the BrokerTec Requests - Order Entry Sessions function, authorized users can create and manage Order Entry sessions that are used to send and receive orders and confirmation messages between the client system and CME Group.

BrokerTec Order Entry Functions

From the CME Customer Center menu, select Request Center > BrokerTec Requests > Order Entry Sessions.

Select a Registered Entity; users with access to one entity are directed to the list of Order Entry sessions.

A valid order entry session consists of:

  • SenderCompID:
  • Session ID (characters 1-3)
  • Globex Firm ID (characters 4-6)
  • Fault Tolerance Indicator (last character)
  • Password
  • Access Key ID
  • IP address
  • Port
  • Market Segment Id (MSGW session)

See also: SenderCompID / iLink 2 - Fault Tolerance / iLink 3 - Fault Tolerance.

Submitted requests appear at Request Center - My Requests with an In-Progress status.

Upon successful setup and validation of session details request status updates to Completed.

  • Requests submitted before 12:00PM CST are processed and will be effective the same day.
  • Requests submitted after 12:00PM CST will be effective the next business day.
  • Updates to session protocols are processed at 4:00PM CST.

An email and communication center message is sent to the user at submission and completion.

After processing and validation of request details, the iLink session details are available from the BrokerTec Order Entry Sessions page.

The following procedures illustrate the process to create an Order Entry Session for BrokerTec.

  1. To create a new iLink Session:
  1. From the BrokerTec Requests menu, select Order Entry Sessions.

  1. Select a Registered Entity.

For users with access to one entity, this is automatically selected.

  1. Select Create New Order Entry Session, then specify if the session is for U.S. or EU.

  1. On the screen that appears, enter new session details.

Required fields are indicated by a red asterisk (*).

  • *Globex Firm
  • *Number of Sessions: The number of available sessions cannot be more than allocated to an entity (Globex Firm). Order Entry sessions may incur a fee.

Upon submitting the request an acknowledgment message appears, indicating charges (if applicable) for the requested session.

  • *Front End System: Select the application(s) for which the session is authorized.
  • *Requested Live Date: The effective date the session will be available.
  1. Upon completion of required data, click Proceed.
  1. If you agree with the setup details and fee, click Submit.

A notification banner appears, indicating successful request submission.

Administrator approval is not required.

After processing, sessions appear in the list, with an assigned Session ID.

From the Order Entry Session page the following functions can be performed.

The ability to perform advanced functions is determined by a users assigned entitlement.

  • View Session ID details: From the Order Entry Sessions page, select a linked Session ID.

  • Edit session details: Select the linked Session ID(above) , then select Edit.

  • Delete Sessions: Deletions are queued for weekly processing that occurs on Friday afternoons. After submitting, the Request Center status indicates In Progress, once finalized the status changes to Completed.

If a session is deleted by mistake, contact Global Account Management.

  • Export or Print the list of Sessions

Secure Key Pairs

CME Group uses a secure login process for Drop Copy, Order Entry and Market Data API services.

Using self-service functions, users can generate and manage key pairs (Access Key IDClosedSecure login requestSecret KeyClosedUsed to create HMAC signature.) to secure user login and Order Entry message activity.

  • Customer identity verification: Login is signed with CME Group issued and validated security credentials.
  • Message confidentiality and integrity: CME Globex uses customer submitted credentials to calculate the HMAC value to validate against a login request.
  • Once created, credentials are accessible and available for multiple downloads.
  • In situations when a secure key is within four weeks of expiration, a user can have two secure key pairs.

Notification of pending security credential expiration will be sent by email to registered administrators.

  • If a customer generates a third secure key pair:
  • The user must delete a secure key pairs immediately.
  • The oldest secure key pair will expire in four weeks (at market close).

Securing iLink Order Entry Sessions (HMAC)

CME Group uses a secure login process for Order Entry API services via Hash Message Authentication Codes (HMAC). Authorized users can generate private security keys or manage secure Order Entry Session activity.

  • Access Key ID : Secure login request to iLink.
  • Secret / Private Key: Used to create HMAC signature.

HMAC helps to secure user login and message activity:

  • Customer identity verification: Login is signed with CME Group issued and validated security credentials.
  • Message confidentiality and integrity: HMAC codes are generated from a combination of login FIX tag values. CME Globex uses customer submitted credentials to calculate the HMAC value to validate against the login request.

Following is a overview and detailed instructions for authenticating and managing secure iLink Sessions.

Overview

  • API ID: To secure API ID sessions, use the CME Group Login > Profile function.
  • Multiple secure keys:
  • iLink sessions can have up to two secure key pairs; until the older key pair is expired four weeks after notice.

Expiration occurs after market close.

  • If a third key pair is generated, the user must select a key pair to delete immediately.
  • Expiration: Secure key pairs are valid for 12 months. Prior to expiration, an email is sent to registered administrative users.
  • Key Management User: A user entitlement to create and manage iLink session secure login pairs. Existing Administrative Manager users are assigned this role as part of their administrative responsibilities.

To request this role, contact Global Account Management.

Process

Following is an overview of the secure key management process, including available functions:

  1. Go to Request Center >:

  • Futures and Options Requests > iLink Sessions: Secure Futures and Options iLink Order Entry sessions.
  • BrokerTec Requests > Order Entry Sessions: Secure BrokerTec Order Entry sessions.
  1. Select a Registered Entity.
  2. Select an Order Entry Session to manage.

  1. From Actions for Selected Sessions, select from available functions:
  • Generate Keys: Generate a keyed-Hash Message Authentication Code (HMAC), that is initially assigned active status, which is valid for logon.

Existing Key IDs appear in a list:

  • Existing Key ID to be expired in 4 weeks: This key is set to expire in four weeks, during which both are active.

Prior to expiration, ensure Order Entry Sessions are updated.

  • Existing Key ID to be deleted Immediately: If prompted, select a key(s) to be deleted immediately and select Delete Selected Key(s) and Proceed.

This key id will be deleted immediately upon creation of a new id.

A notification appears at the top of the screen, indicating successful key generation and an email notification is sent to the registered user.

  1. On the window that appears, select Download All Keys.

CME Group requires customers to update their security credentials every 12 months.

  1. To download the key, complete two-factor identification by entering the security code sent to your registered device.

The file is downloaded to the default web-browser destination.

  1. Open the file to view secure key pair details that is used to authenticate the Order Entry Sessions.

Note: Once created, credentials are accessible and available for multiple downloads.
In situations when a secure key is near expiration, a customer can have up to two secure key pairs for a Session ID for up to four weeks.
A secure key pair will have a status of active, i.e. valid for logon.
The first (older) secure key pair will expire in four weeks after the market close.
If a customer generates a third secure key pair:
One of the existing secure key pairs will be deleted immediately, based on the customer selection.
The remaining secure key pair will expire in four weeks after the market close.

Notification of pending security credential expiration will be sent by email to registered administrators.

In addition to deleting Order Entry Sessions, authorized users can delete an associated HMAC authentication key.

  • To delete a HMAC security key:
  1. From the CME Customer Center, navigate to: Request Center > Futures & Options Requests > iLink Sessions.

  1. Select a Registered Entity to manage.

If you have access to only one entity, a list of iLink Sessions will appear.

  1. Select an iLink session, which activates the Actions for Selected Sessions menu.

  1. From the menu, select Delete Keys.

  1. On the dialog that appears, select Delete Keys.

  1. Select a response to the confirmation dialog.

The screen refreshes to update the status of the Key ID, a confirmation banner appears, email confirmation is sent to the registered address and the request is added to My Requests.

Once generated, secure key information is available for download.

  • To download an existing HMAC authentication key: 
  1. From the CME Customer Center, navigate to: Request Center > Globex Requests > iLink Sessions, then select a Registered Entity.

If you have access to only one entity, a list of iLink Sessions will appear.

  1. Select the iLink session, which activates the Actions for Selected Sessions menu.

  1. From the menu, select Download Keys.

  1. On the Generate New Keys dialog, select Download All Keys.

The user's multi-factor authenticated credentials are evaluated, to verify the requestor's identity. A cryptographically random key pair is generated; consisting of an Access Key ID and a Secret Keysecure ID.

The screen refreshes to include the Key ID, confirmation banner appears, email confirmation is sent to the registered address and the request is added to My Requests.

  1. If not downloaded (to the default browser directory), select Download All Keys, to access a text file, that contains the secure (private) key.

The file is named with the following pattern: iLink_Session_Access_Secure Key_Download_yyyy-dd-mm.

  1. From the saved file, view the corresponding Secure Key, which is used for securing Order Entry access and transactions.