The WebServices API is only available when calls are sent from whitelisted IP addresses, the list of which is created by Spotware’s service assurance team during the onboarding process.
The WebServices API is authenticated under the same manager credentials that are used to log into the cBroker application.
The usage of the API requires the inclusion of an authentication token with each request by appending ?token={token} to the end of each request URL. To generate the authentication token, use the following API call. Its URL is relative to https://HOST:PORT/v2, the value of HOST:PORT is provided by Spotware’s service assurance team as part of the onboarding process.
| HTTP Method | URL |
|---|---|
POST |
/webserv/managers/token |
Request Body
| Key | Required? | Data Type | Description |
|---|---|---|---|
login |
Yes | integer | Your cBroker manager login. |
hashedPassword |
Yes | string | The MD5 of your cBroker manager password. |
Output
| Key | Data Type | Description |
|---|---|---|
webservToken |
An authentication token for the WebServices API. |
Request Example
curl -X POST "https://HOST:PORT/v2/webserv/managers/token" -H "accept: application/json" -H "Content-Type: application/json" -d '{"hashedPassword": "0f94e246908667af85916300c57f74b6", "login": 9017800}'
Response Example
{
"webservToken": "1dd4ef40-c5b3-61c0-0689-b1b40c97fadc"
}
Note that a manager’s token does not have an expiration time. However, it may become invalidated in certain cases, most notably when a manager’s password is changed. In these cases, a new token must be requested from the same endpoint. As long as the
hashedPasswordparameter is different in the request body, you should receive a new token.
Expected Status Code
200
Note that some actions may be impossible to perform via the Web Services API depending on your managerial permissions.
Manager permissions are separated by account groups as well as on a per-broker basis via the brokerName parameter. To have access to a specific account or a related server entity (e.g., an order object that was originated by this account), a manager needs to have access to the group to which the account is assigned as well as the brokerName under which the account is registered.
Each manager also has the
disabledBrokerNamearray listing allbrokerNamesto which this manager does not have access. For a manager to have access to an account and related entities, the correspondingbrokerNamemust not be included in thedisabledBrokerNamearray of said manager.
When integrating with the Web Services API using this technical documentation, note the following.
volume parameter is always defined in 10^2 of base asset units. E.g., volume=234512 equals to 2345.12 of base asset units.moneyDigits, where moneyDigits is a separate customizable parameters. E.g., if moneyDigits=2 and balance=234512, the account balance is 2345.12 deposit currency units.PUT/POST/DELETE requests in case abnormal API usage is detected. Request limiters do not apply to GET requests.There are several request body parameters the values of which are broker-specific and, as such, are provided by Spotware’s service assurance team as part of the onboarding process.
| Parameter | Data Type | Description |
|---|---|---|
brokerName |
string | A unique name denoting a specific broker (including White Labels). |
environmentName |
string | A unique name of a specific trading environment. |
All API callls made as part of the WebService API accept both XML and JSON content types for request bodies and responses.