Screen URL conventions and query parameters
Standardized URL patterns and query parameters ensure consistent behavior across all SSO (OAuth) screens and InApp actions. This section defines the conventions for URL structure, parameter handling, and screen integration.
URL Structure Standards
Base URL Requirements
All SSO (OAuth) screens must be hosted at consistent endpoints relative to the broker's CRM URL:
- Base Pattern:
https://brokerCrmUrl.com/ - Consistency: Avoid mixing domains (e.g.,
broker.comandmy.broker.com) - SSL Required: All URLs must use HTTPS protocol
Screen URL Patterns
Login/Signup Screen
https://brokerCrmUrl.com/auth/login
Trading Account Creation
https://brokerCrmUrl.com/account/create
InApp Action Screens
https://brokerCrmUrl.com/inapp/{action}
Success/Callback URLs
https://brokerCrmUrl.com/callback/success
Mandatory query parameters
Core Parameters
| Parameter | Screen(s) | Required? | Data Type | Description |
|---|---|---|---|---|
token | InApp actions | Yes | string | The OT token required for authorisation. |
account | InApp actions | Yes (deposits/withdrawals); No (others) | integer | The number of a specific trading account linked to the user. |
Optional query parameters
Display and behaviour parameters
| Parameter | Screen(s) | Required? | Data Type | Description |
|---|---|---|---|---|
lang | All screens | No | string | The language of the device OS. Takes Alpha-2 (ISO 369-2) codes. |
source | All screens | No | string | Application type: "Web", "Android", "iOS", "MacOS", "Desktop". |
theme | All screens | No | string | Preferred colour scheme: "light" or "dark". |
firstLogin | Login/signup | No | boolean | Flag for first login attempt on current device. |
partnerId | Login/signup | No | string | Email assigned as partner identifier to user/account. |
UTM tracking parameters
| Parameter | Screen(s) | Required? | Data Type | Description |
|---|---|---|---|---|
utm_source | All screens | No | string | Source channel for user transfer to OAuth screen. |
utm_medium | All screens | No | string | Content type that encouraged user to click link. |
utm_campaign | All screens | No | string | Marketing campaign name for user transfer. |
utm_term | All screens | No | string | Keyword that user engaged with for transfer. |
utm_gclid | All screens | No | string | Google Click identifier for transferred user. |
Parameter implementation guidelines
Language parameter (lang)
- Format: Alpha-2 (ISO 369-2) codes (e.g.,
en,es,fr) - Usage: Display forms and screens in appropriate language
- Fallback: Use default broker language if parameter invalid
- Storage: Store user language preference in CRM for future sessions
Source parameter (source)
- Values:
"Web","Android","iOS","MacOS","Desktop" - Usage: Adjust screen design for different device types
- Responsive Design: Implement mobile-first responsive layouts
- Feature Detection: Adapt UI capabilities based on source platform
Theme parameter (theme)
- Values:
"light","dark" - Usage: Maintain consistent design with trading application
- CSS Variables: Implement theme switching via CSS custom properties
- Persistence: Store theme preference in user profile
First login parameter (firstLogin)
- Values:
true,false - Usage: Differentiate between user creation and login flows
- Routing: Route to appropriate page (signup vs login form)
- Analytics: Track new user acquisition vs returning users
Partner ID parameter (partnerId)
- Format: Email address or partner identifier string
- Usage: Attribute users to specific partners/IBs
- Validation: Validate partner ID against broker's partner database
- Attribution: Store partner attribution for commission tracking
URL Examples
Login screen with parameters
https://brokerCrmUrl.com/auth/login?lang=en&source=Web&theme=light&firstLogin=true&partnerId=partner@example.com
Mobile login screen
https://brokerCrmUrl.com/auth/login?lang=es&source=iOS&theme=dark&firstLogin=false
InApp Deposit Screen
https://brokerCrmUrl.com/inapp/deposit?token=abc123&account=123456&lang=en&source=Android
KYC Screen with UTM Tracking
https://brokerCrmUrl.com/inapp/kyc?token=xyz789&lang=fr&utm_source=email&utm_campaign=kyc_reminder
Screen Requirements
Frontend Implementation
- Browser Controls: Screens must not include browser navigation controls
- Responsive Design: Must work on mobile and desktop layouts
- Loading Performance: Screen loading times ≤ 3 seconds on common connections
- Error Handling: Graceful handling of missing or invalid parameters
Content Requirements
- Platform References: No mentions of other trading platforms except cTrader
- Legal Entities: Display correct legal entities and jurisdictions
- No Pop-ups: Avoid pop-up messages on any screen
- Clean UI: Organised layout without unnecessary UI elements
Integration Requirements
- Parameter Acceptance: All screens must accept required and optional parameters
- Content Adaptation: Modify page content based on parameter values
- Callback Handling: Implement proper success/failure callback mechanisms
- Token Validation: Validate OT tokens for InApp actions
Error Handling
Missing Parameters
- Response: HTTP 400 Bad Request
- User Action: Display appropriate error message with guidance
- Fallback: Use default values for non-critical parameters
Invalid Parameters
- Response: HTTP 400 Bad Request
- User Action: Show validation error with correction guidance
- Logging: Log invalid parameter attempts for security monitoring
Token Issues
- Invalid Token: HTTP 401 Unauthorized
- Expired Token: HTTP 401 Unauthorized with specific message
- Used Token: HTTP 401 Unauthorized indicating one-time usage