Skip to main content

E.3 Conformance Testing

Conformance testing is a mandatory process conducted entirely by Spotware to ensure compliance with SSO (OAuth) integration standards and requirements. This section outlines the testing procedures, validation criteria, and compliance requirements for successful deployment.

Overview

Conformance testing ensures:

  • Compliance: Adherence to all technical and business requirements
  • Quality: High-quality integration with reliable performance
  • Security: Secure implementation of all components
  • User Experience: Consistent and user-friendly experience
  • Operational Readiness: System readiness for production deployment

Testing Process

Testing Schedule

  • Initial Testing: Required before initial deployment
  • Regular Testing: Conducted periodically for continued operations
  • Update Testing: Required after significant updates or changes
  • Emergency Testing: May be required for critical issues

Testing Responsibility

  • Spotware Conducted: All conformance testing is conducted by Spotware
  • Broker Cooperation: Brokers must provide access and cooperation
  • Issue Resolution: Brokers must resolve identified issues
  • Re-testing: Re-testing required after issue resolution

Test Categories

API Calls Testing

6.1.1 The cTrader backend is authenticated

  • API Call: 4.1 - Authenticate the cTrader Backend
  • Validation: Successful authentication with valid credentials
  • Security: Proper handling of invalid credentials
  • Performance: Authentication response time within limits

6.1.2 The broker's backend is authenticated

  • API Call: 3.1 - Generate a Manager's Token
  • Validation: Successful token generation with valid credentials
  • Security: Proper handling of invalid credentials
  • Token Validation: Token format and structure validation

6.1.3 A user is created

  • API Call: 3.2 - Create a User
  • Validation: Successful user creation with valid data
  • Data Validation: Proper validation of user data
  • Error Handling: Appropriate error responses for invalid data

6.1.4 A trader is created

  • API Call: 3.3 - Create a Trader
  • Validation: Successful trader creation with valid data
  • Account Setup: Proper account configuration
  • User Association: Correct user-trader association

6.1.5 A trading account is linked to a user

  • API Call: 3.4 - Link a Trading Account to a User
  • Validation: Successful account linking
  • Data Integrity: Maintained data integrity
  • Error Handling: Proper error handling for invalid associations

6.1.6 A trader's balance is changed

  • API Call: 3.5 - Change a Trader's Balance
  • Validation: Successful balance modification
  • Financial Accuracy: Accurate financial calculations
  • Audit Trail: Proper audit trail maintenance

6.1.7 A new partner identifier is set

  • API Call: 3.6 - Set a New Partner Identifier
  • Validation: Successful partner identifier assignment
  • Data Consistency: Consistent partner data across systems
  • Attribution Accuracy: Accurate partner attribution

6.1.8 A partner identifier is read

  • API Call: 3.7 - Read a Partner Identifier
  • Validation: Successful partner identifier retrieval
  • Data Accuracy: Accurate partner data retrieval
  • Performance: Response time within acceptable limits

6.1.9 An existing partner identifier is deleted

  • API Call: 3.8 - Delete an Existing Partner Identifier
  • Validation: Successful partner identifier deletion
  • Data Cleanup: Proper data cleanup after deletion
  • Error Handling: Appropriate error handling for invalid requests

6.1.10 A user's email is changed

  • API Call: 3.10 - Change a User's Email
  • Validation: Successful email change with valid data
  • Data Validation: Proper email format validation
  • Uniqueness: Email uniqueness validation

6.1.11 A user's identifier is read by email

  • API Call: 3.11 - Read a User's Identifier by Email
  • Validation: Successful user identifier retrieval
  • Data Accuracy: Accurate user data retrieval
  • Performance: Response time within acceptable limits

6.1.12 A user is logged out from cTrader

  • API Call: 3.12 - Log Out a User From cTrader
  • Validation: Successful user logout
  • Session Management: Proper session termination
  • Security: Complete session cleanup

6.1.13 User agreement is confirmed

  • API Call: 3.13 - Confirm User Agreement
  • Validation: Successful agreement confirmation
  • Legal Compliance: Proper legal compliance tracking
  • Audit Trail: Complete audit trail maintenance

6.1.14 An OT token is verified and exchanged

  • API Call: 4.2 - Verify and Exchange an OT Token
  • Validation: Successful token verification and exchange
  • Security: Proper token validation and security
  • Performance: Response time within acceptable limits

6.1.15 A long-term access token is verified

  • API Call: 4.3 - Verify a Long-Term Access Token
  • Validation: Successful token verification
  • Security: Proper token security measures
  • Session Management: Proper session validation

6.1.16 An OT token is generated for an InApp action

  • API Call: 4.4 - Generate an OT Token for an InApp Action
  • Validation: Successful token generation
  • Security: Secure token generation
  • Context: Proper action context association

6.1.17 A user is logged out from the CRM

  • API Call: 4.5 - Log Out a User From the CRM
  • Validation: Successful user logout
  • Session Management: Proper session termination
  • Security: Complete session cleanup

6.1.18 A new InApp control is created

  • API Call: 3.9 - Create a New InApp Control
  • Validation: Successful control creation
  • Display: Proper control display and functionality
  • Targeting: Correct targeting and personalization

Screen Testing

Screen Validation Requirements

For cases 6.2.1 - 6.2.4 and 6.2.6, the following screens must be checked:

  1. The login/signup screen
  2. The deposit/withdrawal screen
  3. The 'Open New Account' screen
  4. The 'Change Password' screen
  5. The 'Change Email' screen

Content Display Requirements

For cases 6.2.1 and 6.2.2, screens must conform to these requirements:

Responsive Design
  • Mobile Layout: Responsive design for mobile devices
  • Desktop Layout: Responsive design for desktop layouts
  • Tablet Support: Optimized for tablet devices
  • Cross-Platform: Consistent experience across platforms
Content Standards
  • No cTrader ID: No mentions of 'cTrader ID' on any screens
  • No Other Platforms: No mentions of other trading platforms except cTrader
  • Correct Legal Entities: Display correct legal entities and jurisdictions
  • No Misleading Content: No misleading users about jurisdictions
User Interface Standards
  • No Pop-ups: No pop-up messages on any screen
  • Clean Organization: Neatly organized screens without unnecessary UI elements
  • No External Chat: No 'Chat' buttons in login/signup screen
  • Professional Design: Professional and clean design
Performance Standards
  • Loading Times: Screen loading times of three seconds or less
  • All Platforms: Performance across all platforms, hardware, and connections
  • Common Internet Speeds: Acceptable performance on common internet connections
  • Consistent Experience: Consistent performance across different conditions

Optional Testing

Optional Test Cases

The following test cases are optional and marked as such in their titles:

  • 6.2.3: Additional functionality testing
  • 6.2.4: Edge case testing
  • 6.2.5: Performance stress testing
  • 6.2.6: Security vulnerability testing

Test Results and Reporting

Test Status Categories

  • Pass: Test case passed successfully
  • Fail: Test case failed with identified issues
  • Warning: Test case passed with warnings or recommendations
  • Not Applicable: Test case not applicable to current implementation

Issue Classification

Critical Issues

  • Security Vulnerabilities: Any security-related issues
  • Data Integrity: Issues affecting data integrity
  • Core Functionality: Issues preventing core functionality
  • Compliance: Issues affecting regulatory compliance

Major Issues

  • Performance: Significant performance issues
  • User Experience: Major user experience problems
  • Integration: Integration-related issues
  • Reliability: System reliability issues

Minor Issues

  • UI/UX: Minor user interface issues
  • Documentation: Documentation-related issues
  • Optimization: Performance optimization opportunities
  • Recommendations: Improvement recommendations

Reporting Format

Test Summary

{
    "testSuite": "SSO OAuth Conformance Testing",
    "version": "1.0",
    "date": "2023-06-15T10:00:00Z",
    "broker": "Broker Name",
    "overallStatus": "Pass",
    "testResults": {
        "apiCalls": {
            "total": 18,
            "passed": 18,
            "failed": 0,
            "warnings": 0
        },
        "screens": {
            "total": 6,
            "passed": 6,
            "failed": 0,
            "warnings": 0
        },
        "optional": {
            "total": 4,
            "passed": 3,
            "failed": 1,
            "warnings": 0
        }
    },
    "issues": [
        {
            "id": "ISS-001",
            "severity": "Minor",
            "category": "UI/UX",
            "description": "Mobile layout could be improved for smaller screens",
            "recommendation": "Consider adjusting responsive breakpoints",
            "status": "Open"
        }
    ]
}

Detailed Test Results

{
    "testCase": "6.1.1 - The cTrader backend is authenticated",
    "status": "Pass",
    "executionTime": "2023-06-15T10:05:00Z",
    "duration": 1.2,
    "details": {
        "endpoint": "/oauth2/crmApiToken",
        "method": "POST",
        "expectedResult": "Successful authentication",
        "actualResult": "Authentication successful with valid token",
        "performance": {
            "responseTime": 245,
            "withinLimits": true
        }
    }
}

Preparation for Testing

Technical Preparation

  • Environment Access: Provide access to testing environment
  • API Endpoints: Ensure all API endpoints are accessible
  • Test Data: Provide test data and user accounts
  • Documentation: Provide current API documentation

Business Preparation

  • Contact Information: Designate technical contact person
  • Availability: Ensure availability during testing period
  • Issue Resolution: Process for resolving identified issues
  • Re-testing Schedule: Schedule for re-testing after fixes

Testing Environment

  • Stable Environment: Stable testing environment
  • Realistic Data: Realistic test data and scenarios
  • Network Conditions: Appropriate network conditions
  • Security Configuration: Proper security configuration

Issue Resolution Process

Issue Identification

  1. Spotware Identification: Issues identified during testing
  2. Documentation: Detailed issue documentation
  3. Classification: Issue severity and impact classification
  4. Communication: Issue communication to broker

Broker Response

  1. Issue Acknowledgment: Acknowledge receipt of issues
  2. Assessment: Assess impact and priority of issues
  3. Resolution Plan: Develop resolution plan and timeline
  4. Implementation: Implement fixes and improvements

Re-testing Process

  1. Fix Verification: Verify fixes are implemented correctly
  2. Re-testing Schedule: Schedule re-testing of fixed issues
  3. Validation: Validate fixes resolve identified issues
  4. Final Assessment: Final assessment of overall compliance

Continuous Compliance

Ongoing Requirements

  • Regular Testing: Periodic conformance testing
  • Update Testing: Testing after system updates
  • Change Management: Testing after significant changes
  • Monitoring: Continuous monitoring of compliance

Maintenance Requirements

  • Documentation Updates: Keep documentation current
  • Security Updates: Maintain security standards
  • Performance Monitoring: Monitor system performance
  • User Feedback: Collect and address user feedback

Best Practices

Preparation Best Practices

  • Early Planning: Plan testing well in advance
  • Environment Readiness: Ensure testing environment is ready
  • Team Coordination: Coordinate technical teams
  • Documentation: Maintain comprehensive documentation

Testing Best Practices

  • Comprehensive Coverage: Test all required functionality
  • Realistic Scenarios: Use realistic test scenarios
  • Performance Testing: Include performance testing
  • Security Testing: Include security testing

Issue Resolution Best Practices

  • Prompt Response: Respond promptly to issues
  • Thorough Analysis: Analyze issues thoroughly
  • Quality Fixes: Implement high-quality fixes
  • Prevention: Prevent similar issues in the future

Compliance Certification

Certification Criteria

  • All Critical Tests Pass: No critical test failures
  • Major Issues Resolved: All major issues resolved
  • Performance Standards: Performance meets standards
  • Security Standards: Security meets requirements

Certification Process

  1. Testing Completion: All testing completed
  2. Issue Resolution: All identified issues resolved
  3. Final Review: Final review of test results
  4. Certification Issued: Compliance certification issued

Certification Maintenance

  • Periodic Review: Regular review of compliance status
  • Update Requirements: Address update requirements
  • Continuous Improvement: Continuous improvement of systems
  • Re-certification: Re-certification as needed

This conformance testing framework ensures that SSO (OAuth) integrations meet all technical, security, and business requirements while maintaining high standards of quality and user experience.