BSL API
BSL is the Business Line interface for latency-sensitive order entry. It is the client contract for professional quoting, cancel/replace, execution replay, and session controls. The older market-maker and binary names remain as compatibility routes, but new integrations should use BSL names and headers.
BSL is not a separate matching engine. Orders still pass through the same auth, risk, sequencing, WAL, matching, event ring, and recovery model as the rest of the venue. The difference is that the interface exposes that hotpath truth directly instead of hiding it behind read-plane polling.
Access and Keys
BSL does not rely on one freely shared global key. Base order submit is open to
any funded account that sends a valid wallet-signed action; in the current beta
the X-Senticore-Order-Entry-Key header is optional for signed submit routes.
This keeps market makers from being blocked by a per-request gateway credential
when the order itself already carries the account signature.
Provisioned BSL credentials still matter. Higher limits, persistent sessions, private reads, execution gap-fill, receipts, cancel-on-disconnect controls, FIX Logon, and drop-copy use account-scoped API Agent credentials. Create them through the wallet-authorized API Agents flow or via institutional onboarding. Do not embed owner wallet keys or admin credentials in trading systems.
Practical rule:
| Flow | Credential requirement |
|---|---|
| Signed BSL order submit | Valid signed action; optional X-Senticore-Order-Entry-Key when operations assigns a dedicated lane key. |
| BSL private execution stream and gap-fill | Account/agent credential or private session token. |
| Receipts, session controls, limits, quote obligations | Provisioned BSL/API Agent credential with the required scope. |
| FIX order entry and drop-copy | HMAC API Agent credential in FIX Logon. |
Who should use BSL
Use BSL when late information is more dangerous than a fast reject:
| Client profile | Recommended BSL posture |
|---|---|
| Market maker / liquidity provider | Persistent session, market-shard aware routing, ack for quote refresh, private execution stream as truth. |
| HFT / latency-sensitive taker | full for IOC/FOK and cancel/replace, strict clientOrderId, reject-code driven retry policy. |
| Institutional OMS | FIX where required, BSL for lower-overhead batch or compact submission, private stream/gap-fill for reconciliation. |
| Retail or web app backend | Prefer Trading HTTP and normal private WebSocket unless you need BSL result modes. |
For HFT and market makers, the rule is simple: do not poll private reads to discover whether the engine already acted. Submit with the right BSL result mode, consume the execution stream, and gap-fill only after reconnect.
Core Endpoints
| Endpoint | Purpose |
|---|---|
POST /api/v1/bsl/orders/batch | JSON signed action batch with explicit result mode |
POST /api/v1/bsl/orders/compact | Compact byte batch for latency-sensitive clients |
POST /api/v1/bsl/orders/replace | Atomic cancel/new replace facade |
POST /api/v1/bsl/orders/cancel-replace | Alias for replace-style order flow |
GET /api/v1/bsl/receipts | Receipt and acknowledgement replay |
GET /api/v1/bsl/limits | Current BSL rate, batch, backlog, and lane limits |
GET /api/v1/bsl/sessions | Authenticated BSL session state |
POST /api/v1/bsl/sessions/cancel-on-disconnect | Stale-order cleanup trigger |
GET /api/v1/bsl/markets/{marketId}/quote-obligations | Two-sided quote obligation state |
GET /api/v1/bsl/executions | Execution stream contract metadata |
GET /api/v1/bsl/accounts/{account}/executions?fromSeq=... | Private execution gap-fill |
GET /api/v1/ws/bsl/{account} | Private execution stream over WebSocket |
Result Modes
BSL result mode is selected with x-bsl-result-mode or the JSON
resultMode field.
| Mode | Meaning | Use |
|---|---|---|
ack | Sequencer accepted the request boundary. | Quote refreshes where stream reconciliation is primary. |
durable | WAL/durable LSN boundary reached. | Slower control flows where persistence acknowledgement matters. |
full | Engine-applied result returned from the hotpath. | IOC/FOK, cancel, replace, and any flow where the client needs the terminal result immediately. |
full responses include actionResults when the request reaches the engine.
Each result includes the client order id, order id, status, filled quantity,
leaves quantity, average price, fee, reject code, market, shard, seq, and engine
timestamps when available.
Response Contract
Every BSL JSON response carries a bsl object:
{
"bsl": {
"contract": "BSL_ORDER_ENTRY_V1",
"contractVersion": 1,
"surface": "orderEntry",
"transport": "json",
"requestedResultMode": "full",
"resultMode": "full",
"streamTruth": "engine_execution_ring",
"privateWsPath": "/api/v1/ws/bsl/{account}",
"executionReplayPath": "/api/v1/bsl/accounts/{account}/executions?fromSeq={seq}",
"rejectCode": null,
"timing": {
"gatewayReceivedTs": 1781715570085,
"authDoneTs": 1781715570085,
"riskDoneTs": 1781715570085,
"sequencedTs": 1781715570085,
"engineAppliedTs": 1781715570086,
"durableTs": null,
"responseSentTs": 1781715570086,
"durationsUs": {
"total": 1072,
"auth": 3,
"routing": 12,
"risk": 0,
"enqueue": 0,
"ackResolution": 0,
"responseEmit": 58
}
}
}
}
Compact byte responses expose the same contract through x-bsl-* headers.
Fast Rejects
BSL clients should treat fast rejection as healthy backpressure. A quick reject is better than letting a quote age silently in an overloaded queue.
Stable BSL reject codes include:
| Code | Meaning |
|---|---|
SHARD_BUSY | The target market shard is overloaded. |
QUEUE_LIMIT | The BSL lane or ingress queue is full. |
RISK_CREDIT_LIMIT | Risk or credit policy blocked the action. |
KILL_SWITCH | Account, market, or venue kill-switch is active. |
MARKET_HALTED | Market state does not allow the requested action. |
AUTH_REQUIRED | Missing or invalid credentials on a protected BSL route; signed submit can run without a lane key when beta policy allows it. |
PERMISSION_DENIED | Credential lacks the requested scope. |
DUPLICATE_OR_STALE | Nonce, idempotency, or duplicate replay state rejected the request. |
INVALID_REQUEST | Frame, schema, or request payload is invalid. |