The following figure summarises the SSO (OAuth) user creation flow.
The user creation flows passes through the following stages.
The user launches the cTrader application.
The platform tries (and fails) to find an existing
Upon its failure to find a suitable
accessToken, the platform opens the custom login/signup screen with the
firstLogin parameter equalling
The user interacts with the login/signup screen, fulfills their broker’s requirements, and successfully registers on the broker’s CRM.
The broker’s backend sends a user creation request to the cTrader backend via API call 3.2.
On success, the cTrader backend creates a new user and sends a response containing the
userId API call 3.2.
The broker’s client area stores the link between the ID of its internal user and the
Following successful user creation, the web browser automatically opens the custom account creation screen. After the account creation form is filled out, a corresponding request is sent to the broker’s backend.
As per API call 3.3., the broker’s CRM system submits a request for a trading account creation to the cTrader backend. On success, the cTrader backend sends a request containing the account
The broker’s client area sends a request for account linkage; upon its fulfilment, the cTrader backend produces a confirmatory response (API call 3.4.).
A record of the new trading account is stored in the broker’s CRM system. Subsequently, the CRM system generates a corresponding OT token.
The user is redirected to the chosen success URL which also includes the OT token as a query parameter (
As soon as the user visits the success URL, the application closes the web browser and stores the token.
The application opens a new connection with the cTrader backend and sends an authorisation request including
token as a parameter.
The cTrader backend sends a POST-request via REST API to exchange the OT token for a long-term access token (API call 4.2.).
The broker’s CRM verifies the
token and responds with
accessToken (API call 4.2.).
The cTrader backend authorizes the session under the provided
userId and returns the
accessToken to the application.
The platform stores the
accessToken for future usage.
The application starts authorised communications with the cTrader backend.