All API calls in this section are made by the cTrader backend to your client area/CRM. All endpoints are relative to the URL of your client area. You need to provide this URL to Spotware at the initial stages of deployment.
The
inappTokenparameter provides an additional validation mechanism for generating OT tokens for performing InApp actions, You can optionally return this parameter as part of API call 4.2 and API call 4.3. If you choose to return it, you would later need to verify it as part of API call 4.4. If this verification is failed, your backend must not issue an OT token for performing an InApp action. If you choose to not return it, no additional verifications would need to be made as part of API call 4.4.
| Method | URL |
|---|---|
POST |
/oauth2/crmApiToken |
Authenticates all subsequent requests made by the cTrader backend by exchanging a pre-generated valid password with an access token. This token should be valid for at least a week; its expiration period can be increased at your discretion.
Parameters
No parameters.
Request Body
| Key | Required? | Data Type | Description |
|---|---|---|---|
password |
Yes | string | The password generated by the cTrader backend. |
Output
| Key | Data Type | Description |
|---|---|---|
crmApiToken |
string | A non-repeatable token authenticating the cTrader backend. After it is issued, it is placed in the memory storage of the cTrader backend. |
Request Example
curl -X POST ‘https://brokerCrmUrl.com/oauth2/crmApiToken’ -H ‘Content-Type: application/json’ -H ‘Accept: application/json’ -d ‘{"password": "af34mn0pphg2893nmaf26hmy"}’
Expected Response Status Code
200
Click here to see the additional error codes that may arise when making this call.
Output
{
"crmApiToken": "cr56mng23454laf5545sdfdf234fs541200sdf"
}
| Method | URL |
|---|---|
POST |
/oauth2/onetime/authorize |
Verifies an OT token and exchanges it for a long-term access token.
Parameters
No parameters.
Request Body
| Key | Required? | Data Type | Description |
|---|---|---|---|
code |
Yes | string | An OT token generated by the broker’s backend. |
Output
| Key | Data Type | Description |
|---|---|---|
accessToken |
string | A non-repeatable token allowing for long-term access to the trading environment. It is only returned if a user has previously clicked on the ‘Keep Me Logged In’ tick box or a similarly named alternative. |
userId |
integer | The unique ID of a specific user. |
inappToken |
string | An optional token that you can use for additional validation when generating an OT token for an InApp action as part of API call 4.4. |
Request Example
curl -X POST ‘https://brokerCrmUrl.com/oauth2/onetime/authorize?crmApiToken=cr56mng23454laf5545sdfdf234fs541200sdf’ -H ‘Content-Type: application/json’ -H ‘Accept: application/json’ -d ‘{"code": "16chD7xeIxc3p387Cjdcnpax2er"}’
Expected Response Status Code
200
Click here to see the additional error codes that may arise when making this call.
Response Example
{
"accessToken": "0eZXAw8GJQ55RlDcALSVi6xPDHTRCivfE9STSyBfeMxRWZAGEIe0VujpibDP",
"userId": 10345533,
"inappToken": "12MBoxLAP_2313PxolklqPX_weq1kjksaPASDHJ_sx"
}
| Method | URL |
|---|---|
POST |
/oauth2/authorize |
Verifies a long-term access token during the automatic re-login flow.
Parameters
No parameters.
Request Body
| Key | Required? | Data Type | Description |
|---|---|---|---|
accessToken |
Yes | string | A non-repeatable token allowing for long-term access to the trading environment. |
Output
| Key | Data Type | Description |
|---|---|---|
userId |
integer | The unique ID of a specific user. |
inappToken |
string | An optional token that you can use for additional validation when generating an OT token for an InApp action as part of API call 4.4. |
Request Example
curl -X POST ‘https://brokerCrmUrl.com/oauth2/authorize?crmApiToken=cr56mng23454laf5545sdfdf234fs541200sdf’ -H ‘Content-Type: application/json’ -H ‘Accept: application/json’ -d ‘{"accessToken": "0eZXAw8GJQ55RlDcALSVi6xPDHTRCivfE9STSyBfeMxRWZAGEIe0VujpibDP"}’
Expected Response Status Code
200
Click here to see the additional error codes that may arise when making this call.
Response Example
{
"userId": 10345533,
"inappToken": "12MBoxLAP_2313PxolklqPX_weq1kjksaPASDHJ_sx"
}
| Method | URL |
|---|---|
POST |
/oauth2/onetime/generate |
Requests the creation of an OT token required for perfoming an InApp action.
Parameters
| Parameter | Parameter Type | Required? | Data Type | Description |
|---|---|---|---|---|
inappToken |
query | No | string | An optional token that you can use for additional validation when generating an OT token for an InApp action. |
Request Body
| Key | Required? | Data Type | Description |
|---|---|---|---|
userId |
Yes | integer | The unique ID of a specific user. |
Output
| Key | Data Type | Description |
|---|---|---|
token |
string | An OT token generated by the broker’s backend. |
Request Example
curl -X POST ‘https://brokerCrmUrl.com/oauth2/onetime/generate?inappToken=12MBoxLAP_2313PxolklqPX_weq1kjksaPASDHJ_sx&crmApiToken=cr56mng23454laf5545sdfdf234fs541200sdf’ -H ‘Content-Type: application/json’ -H ‘Accept: application/json’ -d ‘{"userId": 10345533}’
Expected Response Status Code
200
Response Example
{
"token": "16chD7xeIxc3p387Cjdcnpax2er"
}
Click here to see the additional error codes that may arise when making this call.
| Method | URL |
|---|---|
PUT |
/oauth2/logout |
Log out the user with the specified userId from the CRM.
The primary purpose of this API call is to log out a user from your client area whenever they log out of any cTrader app.
Parameters
| Parameter | Parameter Type | Required? | Data Type | Description |
|---|---|---|---|---|
userId |
query | Yes | string | The unique ID of a specific user. |
accessToken |
query | Yes | string | A non-repeatable token allowing for long-term access to the trading environment. It is only returned if a user has previously clicked on the ‘Keep Me Logged In’ tick box or a similarly named alternative. |
Output
This API call should not produce an output.
Request Example
curl -X POST ‘https://brokerCrmUrl.com/oauth2/logout?crmApiToken=cr56mng23454laf5545sdfdf234fs541200sdf&userId=10345533&accessToken=0eZXAw8GJQ55RlDcALSVi6xPDHTRCivfE9STSyBfeMxRWZAGEIe0VujpibDP’ -H ‘Content-Type: application/json’ -H ‘Accept: application/json’
Expected Response Status Code
200