General Provisions
The WebServices API is only available when calls are sent from whitelisted IP addresses, the list of which is created by Spotware's service assurance team during the onboarding process.
Authentication Provisions
The WebServices API is authenticated under the same manager credentials that are used to log into the cTrader Admin application.
The usage of the API requires the inclusion of an authentication token with each request by appending ?token={token} to the end of each request URL. To generate the authentication token, use the following API call. Its URL is relative to https://HOST:PORT/v2, the value of HOST:PORT is provided by Spotware's service assurance team as part of the onboarding process.
| HTTP Method | URL |
|---|---|
POST | /webserv/managers/token |
Request Body
| Key | Required? | Data Type | Description |
|---|---|---|---|
login | Yes | integer | Your cTrader Admin manager login. |
hashedPassword | Yes | string | The MD5 of your cTrader Admin manager password. |
Output
| Key | Data Type | Description |
|---|---|---|
webservToken | string | An authentication token for the WebServices API. |
Request Example
curl -X POST "https://HOST:PORT/v2/webserv/managers/token" -H "accept: application/json" -H "Content-Type: application/json" -d '{"hashedPassword": "0f94e246908667af85916300c57f74b6", "login": 9017800}'
Response Example
{
"webservToken": "1dd4ef40-c5b3-61c0-0689-b1b40c97fadc"
}
Note that a manager's token does not have an expiration time. However, it may become invalidated in certain cases, most notably when a manager's password is changed. In these cases, a new token must be requested from the same endpoint. As long as the hashedPassword parameter is different in the request body, you should receive a new token.
Expected Status Code
200
Manager Permissions
Note that some actions may be impossible to perform via the Web Services API depending on your managerial permissions.
Manager permissions are separated by account groups as well as on a per-broker basis via the brokerName parameter. To have access to a specific account or a related server entity (e.g., an order object that was originated by this account), a manager needs to have access to the group to which the account is assigned as well as the brokerName under which the account is registered.
Each manager also has the disabledBrokerName array listing all brokerNames to which this manager does not have access. For a manager to have access to an account and related entities, the corresponding brokerName must not be included in the disabledBrokerName array of said manager.
Denominations of Finance-Related Parameters
When integrating with the Web Services API using this technical documentation, note the following.
- The value of the
volumeparameter is always defined in 10^2 of base asset units. E.g.,volume=234512equals to 2345.12 of base asset units. - The values of all parameters related to finance (account balance, commissions, etc.) are always defined in 10^
moneyDigits, wheremoneyDigitsis a separate customizable parameters. E.g., ifmoneyDigits=2andbalance=234512, the account balance is 2345.12 deposit currency units. - Spotware reserves the right to implement request limiters for all new
PUT/POST/DELETErequests in case abnormal API usage is detected. Request limiters do not apply toGETrequests.
Broker-Specific Parameters
There are several request body parameters the values of which are broker-specific and, as such, are provided by Spotware's service assurance team as part of the onboarding process.
| Parameter | Data Type | Description |
|---|---|---|
brokerName | string | A unique name denoting a specific broker (including white labels). |
environmentName | string | A unique name of a specific trading environment. |
Content Types
All API callls made as part of the WebService API accept both XML and JSON content types for request bodies and responses.