5.6. Embedded cTrader Web

This OAuth flow only applies to users who, upon being authorized in their broker’s CRM system, want to launch cTrader Web inside this client area or in a separate tab from the broker’s backend. By allowing users to avoid inputting an additional set of credentials before starting trading, this flow eliminates disruptions to the UX.

Embedded Web Flow

The embedded cTrader web flow incorporates the following stages.

  1. The user is successfully authorized inside the broker’s CRM system.

  2. The user clicks to launch the cTrader Web platform while within the confines of the broker’s client area.

  3. The broker’s backend generates an OT token.

  4. cTrader Web is opened inside a separate iframe with token (the OT token) as a parameter. As an example, cTrader Web can be opened via the following URL: https://app.ctrader.com/info?source=web&token=f44bade2-2138-47c2-89e6-ce978bcca028&account=9023600&lang=en&theme=dark.

  5. cTrader Web takes the token and sends a request to the cTrader backend to authorize the corresponding user.

  6. The application opens a new connection with the cTrader backend and sends an authorization request including token as a parameter.

  7. The cTrader backend sends a POST-request via REST API to exchange the OT token for a long-term access token (API call 4.2.).

  8. The broker’s CRM verifies the token and responds with userId and accessToken (API call 4.2.).

  9. The cTrader backend authorizes the session under the provided userId and returns the accessToken to the application.

  10. The platform stores the accessToken for future usage.

  11. The application starts authorized communications with the cTrader backend.

Last update: February 6, 2023