This flow only applies to users who have already registered on their broker’s CRM system and within the cTrader backend.
The user authorisation flow includes the following stages.
The user launches the cTrader application.
The platform tries (and fails) to find an existing
Upon its failure to find a suitable
accessToken, the platform opens the custom login/signup screen.
The user fills out the authorization form; upon success, they are authorized on their broker’s CRM system.
The CRM finds the stored
userId and generates an OT token.
The user is redirected to the chosen success URL which also includes the OT token as a query parameter (
When the app detects that the user has visited the success URL, it closes the web browser/iframe and stores the
The application opens a new connection with the cTrader backend and sends an authorisation request including the
token as a parameter.
The cTrader backend sends a POST-request via REST API to exchange the OT token for a long-term access token (API call 4.2.).
The broker’s CRM verifies the token and responds with
accessToken (API call 4.2.).
The cTrader backend authorizes the session under the provided
userId and returns the
accessToken to the application.
The platform stores the
accessToken for future usage.
The application starts authorised communications with the cTrader backend.