Authentication
Endpoints that establish the two authentication tokens. For how the schemes work and the base URLs, see Authentication of API calls.
The two schemes use different credentials, which is why the password fields are named differently. The Manager token is obtained with the MD5 hash of the manager's password (hashedPassword), whereas the CRM API token is obtained with a pre-generated password issued by the cTrader backend (password), which is sent as-is rather than hashed.
Generate a Manager token
For API calls made by the broker's backend to the cTrader backend, append an authentication token to each request by placing ?token={token} at the end of each request URL.
| Method | URL |
|---|---|
POST | /webserv/managers/token |
Request body
| Key | Required? | Data type | Description |
|---|---|---|---|
hashedPassword | Yes | string | The MD5 of the manager's password. |
login | Yes | integer | The unique ID of the manager. |
Output
| Key | Data type | Description |
|---|---|---|
webservToken | string | A long-term token authenticating the manager. |
Expected response status code
200
Errors
See Error codes.
Request example
curl -X POST 'https://HOST:PORT/v2/webserv/managers/token' -H 'Accept:application/json' -H 'Content-Type: application/json' -d '{"hashedPassword": "0f94e246908667af85916300c57f74b6", "login": 2309}'
Response example
{
"webservToken": "04d95575-c9af-42fba72e-2f0ce93f01d4"
}
Authenticate the cTrader backend
The cTrader backend authenticates with the broker's CRM by exchanging a pre-generated password for a long-term authentication token.
| Method | URL |
|---|---|
POST | /oauth2/crmApiToken |
Request body
| Key | Required? | Data type | Description |
|---|---|---|---|
password | Yes | string | The password generated by the cTrader backend. |
Output
| Key | Data type | Description |
|---|---|---|
crmApiToken | string | A non-repeatable token authenticating the cTrader backend. After it is issued, it is placed in the memory storage of the cTrader backend. |
Expected response status code
200
Errors
See Error codes.
Request example
curl -X POST 'https://brokerCrmUrl.com/oauth2/crmApiToken' -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{"password": "af34mn0pphg2893nmaf26hmy"}'