Engineered for the worst day, not the average one
A deterministic core, active-active replication, and defence-in-depth security — the same architecture used by regulated venues clearing billions in daily volume.
The request path, end to end
Every order travels a hardened path from gateway to settlement. Each layer is independently scalable and observable.
Gateway
FIX / REST / WS · auth & rate-limit
Risk Gate
Pre-trade checks · limits
Matching Core
In-memory · deterministic
Event Log
Replayable · append-only
Settlement
Ledger · custody · payout
gateway → risk → match → log → settle · fully observable, <15µs core
Four engineering principles
Replayable by design
The matching core is a deterministic state machine driven by an append-only event log. Any point in history can be replayed bit-for-bit — for audit, dispute resolution, disaster recovery and regression testing. No hidden state, no surprises.
# Append-only · deterministic replay {"seq":88142,"t":"NEW","mkt":"BTC-USD","px":64280.0} {"seq":88143,"t":"FILL","qty":0.500,"lat":"11.4µs"} {"seq":88144,"t":"CANCEL","id":"o_4f9a"}
Active-active
Synchronous replication across three regions with automatic, sub-second failover. Lose a data centre mid-session and trading continues uninterrupted.
Defence in depth
MPC custody, hardware key isolation, network segmentation and quarterly third-party penetration testing.
Full telemetry
Per-order tracing, latency histograms and real-time dashboards streamed to your own monitoring stack.
Horizontal sharding
Markets shard independently. Add capacity by adding shards — no rewrites, no downtime.
APIs your engineers will actually enjoy
Clean REST and WebSocket APIs, FIX 4.4 for institutional flow, typed SDKs in five languages, a full sandbox, and documentation that reads like it was written by engineers — because it was.
- REST, WebSocket and FIX 4.4 gateways
- SDKs for Python, TypeScript, Go, Java and Rust
- Full sandbox with seeded test liquidity
- Webhooks, idempotency keys and replay endpoints
import { ZECClient } from "@ZEC/sdk"; const ZEC = new ZECClient({ key: process.env.ZEC_KEY }); // Subscribe to the live order book ZEC.ws.subscribe("book:BTC-USD", (msg) => { const spread = msg.asks[0].px - msg.bids[0].px; console.log(`mid=${msg.mid} spread=${spread}`); }); ZEC.ws.on("fill", (f) => ledger.record(f));
Audited, certified, insured
We hold ourselves to the standards our institutional clients are regulated against.
Independently audited security, availability and confidentiality controls.
Certified information-security management across the organisation.
Threshold key sharding with no single point of compromise.
Quarterly third-party penetration testing and bug-bounty program.
Get a sandbox key and start integrating
Our solutions engineers will walk your team through the architecture and hand over sandbox credentials the same week.