¶ Integration
¶ Rules
Spotware’s SSO solution adheres to the following rules:
- A broker may use both methods of authorisation:
- SSO (described in this document)
- Native cTrader ID authorisation for users through any branded cTrader application.
When a code request is made for SSO, the broker specifies a list of white labels (broker names) for the code. An authenticated session opened via this code will only have access to accounts belonging to the specified white labels.
-
The SSO flow does not register users in the cTrader backend. Before a broker uses the SSO solution to authenticate a trader in the cTrader platform, the broker must first use a WebServices API request to register a user. The broker will then receive a userId, which can be used to request a one-time code.
-
The SSO flow becomes available upon a broker’s request to support@spotware.com, provided that integration has been fully completed on the broker’s side and conformance testing has been performed by Spotware Systems.
-
The broker needs to adjust their Terms of Service for Spotware to comply with GDPR.
¶ Requirements for the Broker’s CRM
- Support request to register a user.
- Support request to get code for the user.
- Support redirect to the cTrader platform with
code, e.g.:/widgets/copy?code=aSDf09SFd_asdXC01009mbH_BjMql4980154_asdlDQDq&lang=en&theme=light, wherecodeis the received codelangis the user’s preferred languagethemeis the UI theme (darkorlight).
¶ Flow Steps
The scheme below illustrates the authentication flow.
- A user authenticates into the broker’s CRM.
- If the user is not registered in the cTrader platform, the broker’s CRM sends a request to register the user and receives a
userIdin response. - The broker’s CRM sends a request for
codewith theuserIdand receives thecode. - The broker’s CRM redirects the user to the cTrader application with the
codeset as the URL path parameter. - The cTrader application exchanges the
codefor a token and then sends an authentication request with the token to create an authenticated session.