Authentication
Endpoints that establish the two authentication tokens. For how the schemes work and the base URLs, see Authentication of API calls.
Generate a Manager token
For API calls made by the broker's backend to the cTrader backend, append an authentication token to each request by placing ?token={token} at the end of each request URL.
| Method | URL |
|---|---|
POST | /webserv/managers/token |
Request body
| Key | Required? | Data type | Description |
|---|---|---|---|
hashedPassword | Yes | string | The MD5 of the manager's password. |
login | Yes | integer | The unique ID of the manager. |
Output
| Key | Data type | Description |
|---|---|---|
webservToken | string | A long-term token authenticating the manager. |
Expected response status code
200
Errors
See Error codes.
Request example
curl -X POST 'https://HOST:PORT/v2/webserv/managers/token' -H 'Accept:application/json' -H 'Content-Type: application/json' -d '{"hashedPassword": "0f94e246908667af85916300c57f74b6", "login": 2309}'
Response example
{
"webservToken": "04d95575-c9af-42fba72e-2f0ce93f01d4"
}
Authenticate the cTrader backend
The cTrader backend authenticates with the broker's CRM by exchanging a pre-generated password for a long-term authentication token.
| Method | URL |
|---|---|
POST | /oauth2/crmApiToken |
Request body
| Key | Required? | Data type | Description |
|---|---|---|---|
password | Yes | string | The password generated by the cTrader backend. |
Output
| Key | Data type | Description |
|---|---|---|
crmApiToken | string | A non-repeatable token authenticating the cTrader backend. After it is issued, it is placed in the memory storage of the cTrader backend. |
Expected response status code
200
Errors
See Error codes.
Request example
curl -X POST 'https://brokerCrmUrl.com/oauth2/crmApiToken' -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{"password": "af34mn0pphg2893nmaf26hmy"}'