FIX/BSL Connectivity Bundle
Market makers should start from the connectivity bundle instead of guessing FIX CompIDs, route aliases, or Cloudflare behavior.
GET /api/v1/bsl/connectivity
GET /api/v1/fix/connectivity
Both routes return the same contract. Without authentication, the response
describes public endpoint rules and derivation formulas. With an
institutional_agent HMAC request, the response also includes the account,
agent id, API key id, scopes, and concrete recommended SenderCompID values.
Self-service flow
- Create an
institutional_agentthrough the wallet-authorized API Agent flow. - Request an HMAC credential for that agent.
- Read the connectivity bundle with the HMAC credential.
- Use the returned BSL route or FIX CompIDs in your OMS/quote engine.
No manual operations ticket is required just to choose SenderCompID(49) or
TargetCompID(56).
FIX CompIDs
| Field | FIX tag | Value |
|---|---|---|
SenderCompID | 49 | Client-stable id. Use bundle value such as SC-ABCDEF12-123456-OE. |
TargetCompID | 56 | SENTICORE unless the bundle says otherwise. |
TargetSubID | 57 | order_entry or drop_copy. |
Account | 1 | Engine account address. |
Username | 553 | institutional_agent.apiKeyId. |
Password | 554 | <apiSecret>:<apiPassphrase>. |
The FIX session key is:
SenderCompID + TargetCompID + Account
Reuse the same SenderCompID across reconnects so sequence recovery works.
Use a separate suffix for drop-copy, for example -DC, when you want order
entry and drop-copy to maintain independent sequence state.
Direct endpoints
| Surface | Endpoint rule |
|---|---|
| Public/Retail HTTP | https://api.sentico-labs.xyz through Cloudflare. |
| BSL Direct TCP | Use bslTcp.host, bslTcp.port, and bslTcp.tlsSni from the bundle. This is the native non-Cloudflare order-entry path. |
| BSL direct HTTP | Use directHttpBaseUrl when assigned. This is compatibility/admin-friendly BSL HTTP, not the native TCP path. |
| FIX | Raw TCP/TLS from the bundle host, port, and tlsSni. It is not an HTTPS route. |
Current production BSL Direct TCP examples use a DNS-only hostname with a public CA certificate:
host: bsl.sentico-labs.xyz
port: 9001
tlsSni: bsl.sentico-labs.xyz
protocol: senticore-bsl-tcp-v1
Current production FIX examples use a separate DNS-only hostname with a public CA certificate:
host: fix.sentico-labs.xyz
port: 9878
tlsSni: fix.sentico-labs.xyz
targetCompId: SENTICORE
Both fix.sentico-labs.xyz and bsl.sentico-labs.xyz must remain Cloudflare
DNS-only records. Do not orange-proxy them: Cloudflare HTTPS does not carry raw
BSL TCP or FIX/TCP.
BSL Direct TCP
The native BSL TCP protocol is:
transport: tcp_tls
protocol: senticore-bsl-tcp-v1
handshake: 48 bytes
message header: u32_le kind + u32_le payload_len
compact action frame: 192 bytes
response prefix: u32_le payload_len
Use a persistent session and set TCP_NODELAY. This is the path to use for
latency-sensitive quote engines. See BSL Direct TCP
for the full frame contract and SDK handshake examples.
BSL submit
The tested beta submit route remains:
POST /api/order-entry/binary
Content-Type: application/x-senticore-order-entry-batch
Accept: application/x-senticore-order-entry-batch-response, application/json
X-BSL-Result-Mode: ack
X-MM-Response-Mode: detailed
The canonical route is:
POST /api/v1/bsl/orders/compact
Use it after the deployed edge or direct endpoint has the BSL submit allowlist enabled for your environment.
SDK examples
BSL Direct TCP handshake:
cd sdks/typescript
SENTICORE_BSL_TCP_HOST=bsl.sentico-labs.xyz \
SENTICORE_BSL_TCP_PORT=9001 \
SENTICORE_BSL_TCP_TLS_SNI=bsl.sentico-labs.xyz \
npm run build && node dist/examples/bsl-tcp-handshake.js
cd sdks/python
python -m pip install -e .
SENTICORE_BSL_TCP_HOST=bsl.sentico-labs.xyz \
SENTICORE_BSL_TCP_PORT=9001 \
SENTICORE_BSL_TCP_TLS_SNI=bsl.sentico-labs.xyz \
python examples/bsl_tcp_handshake.py
TypeScript:
cd sdks/typescript
SENTICORE_ACCOUNT=0x... \
SENTICORE_AGENT_ID=agt_... \
SENTICORE_API_KEY_ID=spk_... \
SENTICORE_API_SECRET=... \
SENTICORE_API_PASSPHRASE=... \
npm run build && node dist/examples/fix-logon.js
Python:
cd sdks/python
python -m pip install -e .
SENTICORE_ACCOUNT=0x... \
SENTICORE_AGENT_ID=agt_... \
SENTICORE_API_KEY_ID=spk_... \
SENTICORE_API_SECRET=... \
SENTICORE_API_PASSPHRASE=... \
python examples/fix_logon.py
Certificate verification is on by default. SENTICORE_FIX_INSECURE_TLS=1 is
only for local lab endpoints and must not be used for production connectivity.
Example bundle
{
"contract": "SENTICORE_INSTITUTIONAL_CONNECTIVITY_V1",
"auth": {
"requiredAgentType": "institutional_agent",
"credentialKind": "hmac",
"fixUsernameTag553": "apiKeyId",
"fixPasswordTag554": "<apiSecret>:<apiPassphrase>"
},
"bsl": {
"directHttpBaseUrl": "https://api.sentico-labs.xyz",
"testedBetaSubmitPath": "/api/order-entry/binary",
"canonicalSubmitPath": "/api/v1/bsl/orders/compact"
},
"bslTcp": {
"enabled": true,
"transport": "tcp_tls",
"host": "bsl.sentico-labs.xyz",
"port": 9001,
"tlsSni": "bsl.sentico-labs.xyz",
"protocol": "senticore-bsl-tcp-v1",
"handshakeBytes": 48,
"messageHeaderBytes": 8,
"compactActionFrameBytes": 192,
"frameVersion": 1
},
"fix": {
"host": "fix.sentico-labs.xyz",
"port": 9878,
"tlsSni": "fix.sentico-labs.xyz",
"targetCompIdTag56": "SENTICORE",
"orderEntry": {
"targetSubIdTag57": "order_entry",
"senderCompIdTag49": "SC-ABCDEF12-123456-OE"
}
}
}
Guardrails
api_agentcredentials are for normal HTTP bots and private reads.- BSL/FIX order entry uses
institutional_agentHMAC credentials. - The bundle does not return
apiSecretorapiPassphrase; those are shown only when the credential is created. - A dedicated BSL lane key is optional and only controls a dedicated rate tier. It does not replace signed actions or institutional HMAC auth.