Skip to main content

Documentation Index

Fetch the complete documentation index at: https://kraken-sandbox.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

FIXsession: admin35=A
The Logon message (35=A) must be the first message sent after establishing the TCP connection. It authenticates the session and sets session-level parameters. If logon succeeds, Kraken responds with a Logon message. If it fails, Kraken sends a Logout with a reason, or silently closes the connection.
All FIX connections require TLS. The server rejects plain TCP connections with a TLS alert. Use TLSv1.2 or higher. Certificate verification can be skipped for UAT; use full verification in production.

Session Types

Kraken FIX offers two session types that use different TargetCompIDs and have different authentication requirements:
Market DataTrading
TargetCompID (56)KRAKEN-MDKRAKEN-TRD
Authentication requiredNoYes (API Key + Password)
Fields 553, 554, 5025Not requiredRequired
PurposeSubscribe to order book, trades, OHLCPlace/cancel orders, account data
Spot and Derivatives use separate SenderCompIDs. Your Derivatives SenderCompID will have a DRV suffix. Both are provided by Kraken during onboarding.

Fields

header
required
35=A
98 - EncryptMethod
integer
required
Always set to 0 (None).
108 - HeartBtInt
integer
required
Heartbeat interval in seconds. Recommended value: 60.
553 - UserName
string
Your FIX API Key. Create it in Kraken Pro settings with FIX as the key type.Condition: Trading session only
554 - Password
string
HMAC-SHA512 signature. See Password Generation below.Condition: Trading session only
5025 - Nonce
string
Current timestamp in milliseconds since Unix epoch, as a string.
The nonce must be within ±5 seconds of Kraken’s server time. Clock drift is the most common cause of logon failures. Use NTP to keep your system clock in sync.
Condition: Trading session only
109 - ClientID
integer
Associates this connection with another connection (e.g. linking a trading session to a market data session).
141 - ResetSeqNumFlag
boolean
If Y, both sides reset their sequence numbers to 1. Use on initial connect or after a session reset. Default: N.
8674 - CancelOrdersOnDisconnect
integer
Controls what happens to open orders if the session disconnects.Possible values:
  • 0 — Cancel all open orders placed during this session (default)
  • 1 — Leave open orders in place after disconnect
5030 - ForceResetClOrdID
boolean
Resets your ClOrdID sequence on re-logon. Use in emergencies only. Default: N.
5051 - Rebased
boolean
Applies to xStocks trading only.
  • N — Orders and execution reports use SPV token quantities (default)
  • Y — Orders and execution reports use underlying equity quantities (Kraken applies the multiplier automatically)
trailer
required

Password Generation

The password is computed as: 
base64( HMAC-SHA512( base64decode(API_Secret), SHA256(MessageInput + Nonce) ) )
MessageInput is the concatenation of these fields using the FIX separator (SOH = \x01): 
35=A  +SOH+  34=<MsgSeqNum>  +SOH+  49=<SenderCompID>  +SOH+  56=KRAKEN-TRD  +SOH+  553=<API_Key>  +SOH
The API Secret must be base64-decoded before use as the HMAC key.
Both the Nonce (tag 5025) and the value used in MessageInput must be identical. Generate nonce once and use it in both places. 
import base64
import hashlib
import hmac
import time

SOH = "\x01"

def get_password(msg_seq_num: str, sender_comp_id: str, api_key: str, api_secret: str):
    nonce = str(int(time.time() * 1000))

    message_input = (
        f"35=A{SOH}"
        f"34={msg_seq_num}{SOH}"
        f"49={sender_comp_id}{SOH}"
        f"56=KRAKEN-TRD{SOH}"
        f"553={api_key}{SOH}"
    )

    sha256_hash = hashlib.sha256((message_input + nonce).encode("utf-8")).digest()
    hmac_hash = hmac.new(base64.b64decode(api_secret), sha256_hash, hashlib.sha512)
    password = base64.b64encode(hmac_hash.digest()).decode("utf-8")

    return password, nonce

Message Examples

8=FIX.4.4|9=76|35=A|34=1|49=CLIENT|56=KRAKEN-MD|52=20260407-14:32:01.000|98=0|108=30|141=Y|10=089|