Skip to main content

Conformance testing

Conformance testing is a mandatory process conducted entirely by Spotware to ensure compliance with SSO (OAuth) integration standards and requirements. This section outlines the testing procedures, validation criteria, and compliance requirements for successful deployment.

Overview

Conformance testing ensures:

  • Compliance: Adherence to all technical and business requirements
  • Quality: High-quality integration with reliable performance
  • Security: Secure implementation of all components
  • User Experience: Consistent and user-friendly experience
  • Operational Readiness: System readiness for production deployment

Testing Process

Testing Schedule

  • Initial Testing: Required before initial deployment
  • Regular Testing: Conducted periodically for continued operations
  • Update Testing: Required after significant updates or changes
  • Emergency Testing: May be required for critical issues

Testing Responsibility

  • Spotware Conducted: All conformance testing is conducted by Spotware
  • Broker Cooperation: Brokers must provide access and cooperation
  • Issue Resolution: Brokers must resolve identified issues
  • Re-testing: Re-testing required after issue resolution

Test Categories

API Calls Testing

The cTrader Backend Is Authenticated

  • API Call: SSO User creation and authorisation — API specifications
  • Validation: Successful authentication with valid credentials
  • Security: Proper handling of invalid credentials
  • Performance: Authentication response time within limits

The Broker's Backend Is Authenticated

  • API Call: Authentication of API calls — Manager Token
  • Validation: Successful token generation with valid credentials
  • Security: Proper handling of invalid credentials
  • Token Validation: Token format and structure validation

A User Is Created

  • API Call: SSO User creation and authorisation — API specifications
  • Validation: Successful user creation with valid data
  • Data Validation: Proper validation of user data
  • Error Handling: Appropriate error responses for invalid data

A Trader Is Created

  • API Call: SSO User creation and authorisation — API specifications
  • Validation: Successful trader creation with valid data
  • Account Setup: Proper account configuration
  • User Association: Correct user-trader association

A Trading Account Is Linked to a User

  • API Call: SSO User creation and authorisation — API specifications
  • Validation: Successful account linking
  • Data Integrity: Maintained data integrity
  • Error Handling: Proper error handling for invalid associations

A Trader's Balance Is Changed

  • API Call: In-app deposit/withdrawal — API specifications
  • Validation: Successful balance modification
  • Financial Accuracy: Accurate financial calculations
  • Audit Trail: Proper audit trail maintenance

A New Partner Identifier Is Set

  • API Call: cTrader Invite — API specifications
  • Validation: Successful partner identifier assignment
  • Data Consistency: Consistent partner data across systems
  • Attribution Accuracy: Accurate partner attribution

A Partner Identifier Is Read

  • API Call: cTrader Invite — API specifications
  • Validation: Successful partner identifier retrieval
  • Data Accuracy: Accurate partner data retrieval
  • Performance: Response time within acceptable limits

An Existing Partner Identifier Is Deleted

  • API Call: cTrader Invite — API specifications
  • Validation: Successful partner identifier deletion
  • Data Cleanup: Proper data cleanup after deletion
  • Error Handling: Appropriate error handling for invalid requests

A User's Email Is Changed

  • API Call: SSO User creation and authorisation — API specifications
  • Validation: Successful email change with valid data
  • Data Validation: Proper email format validation
  • Uniqueness: Email uniqueness validation

A User's Identifier Is Read by Email

  • API Call: SSO User creation and authorisation — API specifications
  • Validation: Successful user identifier retrieval
  • Data Accuracy: Accurate user data retrieval
  • Performance: Response time within acceptable limits

A User Is Logged Out from cTrader

  • API Call: SSO User creation and authorisation — API specifications
  • Validation: Successful user logout
  • Session Management: Proper session termination
  • Security: Complete session cleanup

User Agreement Is Confirmed

  • API Call: SSO User creation and authorisation — API specifications
  • Validation: Successful agreement confirmation
  • Legal Compliance: Proper legal compliance tracking
  • Audit Trail: Complete audit trail maintenance

An OT Token Is Verified and Exchanged

  • API Call: SSO User creation and authorisation — API specifications
  • Validation: Successful token verification and exchange
  • Security: Proper token validation and security
  • Performance: Response time within acceptable limits

A Long-Term Access Token Is Verified

  • API Call: SSO User creation and authorisation — API specifications
  • Validation: Successful token verification
  • Security: Proper token security measures
  • Session Management: Proper session validation

An OT Token Is Generated for an InApp Action

  • API Call: SSO User creation and authorisation — API specifications
  • Validation: Successful token generation
  • Security: Secure token generation
  • Context: Proper action context association

A User Is Logged Out from the CRM

  • API Call: SSO User creation and authorisation — API specifications
  • Validation: Successful user logout
  • Session Management: Proper session termination
  • Security: Complete session cleanup

A New InApp Control Is Created

  • API Call: In-app ribbons — API specifications
  • Validation: Successful control creation
  • Display: Proper control display and functionality
  • Targeting: Correct targeting and personalization

Screen Testing

Screen Validation Requirements

The following screens must be validated:

  1. The login/signup screen
  2. The deposit/withdrawal screen
  3. The 'Open New Account' screen
  4. The 'Change Password' screen
  5. The 'Change Email' screen

Content Display Requirements

All screens must conform to these requirements:

Content Standards
  • No cTrader ID: No mentions of 'cTrader ID' on any screens
  • No Other Platforms: No mentions of other trading platforms except cTrader
  • Correct Legal Entities: Display correct legal entities and jurisdictions
  • No Misleading Content: No misleading users about jurisdictions
User Interface Standards
  • No Pop-ups: No pop-up messages on any screen
  • Clean organisation: Neatly organised screens without unnecessary UI elements
  • No External Chat: No 'Chat' buttons in login/signup screen
  • Professional Design: Professional and clean design