This flow only applies to users who have already registered on their broker’s CRM system and within the cTrader backend.
The user authorisation flow includes the following stages.
The user launches the cTrader application.
The platform tries (and fails) to find an existing accessToken
.
Upon its failure to find a suitable accessToken
, the platform opens the custom login/signup screen.
The user fills out the authorization form; upon success, they are authorized on their broker’s CRM system.
The CRM finds the stored userId
and generates an OT token.
The user is redirected to the chosen success URL which also includes the OT token as a query parameter (token
).
When the app detects that the user has visited the success URL, it closes the web browser/iframe and stores the token
.
The application opens a new connection with the cTrader backend and sends an authorisation request including the token
as a parameter.
The cTrader backend sends a POST-request via REST API to exchange the OT token for a long-term access token (API call 4.2.).
The broker’s CRM verifies the token and responds with userId
and accessToken
(API call 4.2.).
The cTrader backend authorizes the session under the provided userId
and returns the accessToken
to the application.
The platform stores the accessToken
for future usage.
The application starts authorised communications with the cTrader backend.