Client Management Systems API
Open API Learn Tutorial Reference Docs Explorer Apps Updates Get 24 Hour Token Sign in
Other Products FIX Trading API Client Management Systems API End-of-Day File Transfers Trade Event Notification System OpenAPI for Excel

Authentication Process (Login/Logout Requests)

Preparations

Before the White Label can use the CMS API, a service user must be created. In order to start the process, the White Label must;

  1. Decide where, in the Account Structure, the service user should be placed
  2. Fill in CMS API REQUEST form and have it signed by Authorized signatures.
  3. Send the completed form to ServiceCenter@saxobank.com.

Saxo Bank will then configure the service user on the appropriate level and return with;

  1. Username of the Service User
  2. Username of the Test Service User
  3. X509 Client Certificate
  4. Password for the above certificate.

The White Label is now ready to install certificate and login to the CMS API.

Authentication

When authenticating against the CMS API, the CMS Enterprise Service must be called on a server, where a valid X509 Client Certificate is installed.

Install Certificate

When Saxo Bank has processed the Authorised CMS User form, the White Label will receive two e-mails: One with the X509 client certificate (pfx file) attached and the second with the certificate password. The certificate is installed as follows:

  1. Transfer the certificate to your web server.
  2. Double click on certificate
  3. Click "Next" in Welcome screen
  4. Click "Next" in File Import screen
  5. Type, in the screen, the password that was received in the second email.
  6. Choose certificate store and click "Next" in certificate store screen
  7. Click "Finish"

The certificate is now ready to use. 

Hash password

Saxo provides the Windows Console application, HashPassword.exe for hashing passwords with the SHA265 algorithm. The application can be retrieved as follows:

  1. Click https://enterprise.saxobank.com/enterprise/setup/HashPassword.zip
  2. Confirm certificate in confirm certificate pop-up box
  3. Download and save HashPassword.zip file
  4. Extract HashPassword.zip file

To hash the password, please do the following:

  1. Open a Command Prompt
  2. Browse to folder where HashPassword.exe is located
  3. Hash the password using the following syntax: HashPassword password1 password2 etc

C:\HashPassword>HashPassword sAxOwhiteLabelpaSs

Now hashing 1 command line arguments:

Hashing sAxOwhiteLabelpaSs : 'n/eHSOq/5XSgUyDivdHVwAxgxhBso2Vc0E6xCAFakiY='   

C# Code example 1: How to hash a password The hashed password can now be used for the login request.

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Security.Cryptography; 

namespace Hashpassword
{

	public partial class Form1 : Form
	{
		public Form1()
		{
			InitializeComponent();
		} 
		private void button1_Click(object sender, EventArgs e)
		{ 
			rtfDisplay.Text = "";
			rtfDisplay.Text = HashPassword(txtPassword.Text); 
		} 

		public string HashPassword(string password)
		{
			byte[] bytes = Encoding.UTF8.GetBytes(password);
			HashAlgorithm algorithm = new SHA256Managed();
			return Convert.ToBase64String(algorithm.ComputeHash(bytes));
		} 
	}
}

CMS Live login requests

The following sections describe in detail all the operations which the CMS Live Login Service exposes. Each section has a table with parameters and an example request. The example request only contains the crucial part of the request and not the headers. When the example lists a parameter as optional, it means that it can be omitted and the message still be technical valid. It does not necessarily mean that the request is valid if that parameter is omitted. One of the reasons for this is, that a parameter might be optional on create, but mandatory on update or vice versa.