Spotware’s SSO solution adheres to the following rules:
When a code request is made for SSO, the broker specifies a list of white labels (broker names) for the code. An authenticated session opened via this code will only have access to accounts belonging to the specified white labels.
The SSO flow does not register users in the cTrader backend. Before a broker uses the SSO solution to authenticate a trader in the cTrader platform, the broker must first use a WebServices API request to register a user. The broker will then receive a userId, which can be used to request a one-time code.
The SSO flow becomes available upon a broker’s request to support@spotware.com, provided that integration has been fully completed on the broker’s side and conformance testing has been performed by Spotware Systems.
The broker needs to adjust their Terms of Service for Spotware to comply with GDPR.
code
, e.g.: /widgets/copy?code=aSDf09SFd_asdXC01009mbH_BjMql4980154_asdlDQDq&lang=en&theme=light
, where
code
is the received codelang
is the user’s preferred languagetheme
is the UI theme (dark
or light
).The scheme below illustrates the authentication flow.
userId
in response.code
with the userId
and receives the code
.code
set as the URL path parameter.code
for a token and then sends an authentication request with the token to create an authenticated session.