¶ 5.6. Embedded cTrader Web
This SSO (OAuth) flow only applies to users who, upon being authorized in their broker’s CRM system, want to launch cTrader Web inside this client area or in a separate tab from the broker’s backend. By allowing users to avoid inputting an additional set of credentials before starting trading, this flow eliminates disruptions to UX.
The embedded cTrader web flow incorporates the following stages.
-
The user is successfully authorized inside the broker’s CRM system.
-
The user clicks to launch the cTrader Web platform while within the confines of the broker’s client area.
-
The broker’s backend generates an OT token.
-
cTrader Web is opened inside a separate iframe with
token(the OT token) as a parameter. As an example, cTrader Web can be opened via the following URL: https://app.ctrader.com/info?source=web&token=f44bade2-2138-47c2-89e6-ce978bcca028&lang=en&acc=8003098. To see the full list of valid cTrader Web deeplinks, click here. -
cTrader Web takes the
tokenand sends a request to the cTrader backend to authorise the corresponding user. -
The application opens a new connection with the cTrader backend and sends an authorisation request including
tokenas a parameter. -
The cTrader backend sends a POST-request via REST API to exchange the OT token for a long-term access token (API call 4.2.).
-
The broker’s CRM verifies the token and responds with
userIdandaccessToken(API call 4.2.). -
The cTrader backend authorizes the session under the provided
userIdand returns theaccessTokento the application. -
The platform stores the
accessTokenfor future usage. -
The application starts authorised communications with the cTrader backend.