5.6. Embedded cTrader Web
This OAuth flow only applies to users who, upon being authorized in their broker’s CRM system, want to launch cTrader Web inside this client area or in a separate tab from the broker’s backend. By allowing users to avoid inputting an additional set of credentials before starting trading, this flow eliminates disruptions to the UX.
The embedded cTrader web flow incorporates the following stages.
-
The user is successfully authorized inside the broker’s CRM system.
-
The user clicks to launch the cTrader Web platform while within the confines of the broker’s client area.
-
The broker’s backend generates an OT token.
-
cTrader Web is opened inside a separate iframe with
token
(the OT token) as a parameter. As an example, cTrader Web can be opened via the following URL: https://app.ctrader.com/info?source=web&token=f44bade2-2138-47c2-89e6-ce978bcca028&account=9023600&lang=en&theme=dark. -
cTrader Web takes the
token
and sends a request to the cTrader backend to authorize the corresponding user. -
The application opens a new connection with the cTrader backend and sends an authorization request including
token
as a parameter. -
The cTrader backend sends a POST-request via REST API to exchange the OT token for a long-term access token (API call 4.2.).
-
The broker’s CRM verifies the token and responds with
userId
andaccessToken
(API call 4.2.). -
The cTrader backend authorizes the session under the provided
userId
and returns theaccessToken
to the application. -
The platform stores the
accessToken
for future usage. -
The application starts authorized communications with the cTrader backend.