6.2. InApp Controls Conformance Testing
Test No. | Name | Required? | Test Justification |
---|---|---|---|
API Security and Access | |||
1 | All REST API calls are made to secure endpoints using the https protocol. | Yes | To ensure the safety of sensitive data (e.g., trader login IDs), all calls need to conform to the latest web security protocols. |
2 | All API calls are made to and from servers in possession of valid server certificates. | Yes | |
3 | The broker’s client area can successfully generate an authentication token for the cTrader backend. | Yes | To protect traders and brokers, only properly authenticated systems can send successful requests to brokers’ client areas. |
4 | The broker’s CRM system checks the validity of the authentication token used by the cTrader backend and can prevent access if the token is invalid. | Yes | |
InApp Flow Screens | |||
1 | The screens support different languages. | No | All users must be able to access the new flows regardless of their preferred display language. |
2 | The screens are neatly organized and do not contain any unnecessary UI elements. | Yes | To maximize conversion rates, all screens must conform to the UI standards of the native application. |
3 | The screens mention the correct legal entities. | Yes | To avoid user confusion, screens cannot mention any brands and/or legal entities unrelated to application branding. |
4 | No pop-up messages appear on any screen. | No | Pop-up messages disrupt the UX and may cause unforeseen technical issues. |
5 | The screens do not mention any other platforms. | Yes | To maximize conversion rates, all screens must conform to the UI standards of the native application. |
Backend Functionality | |||
1 | The OT token is correctly generated and exchanged as outlined in the user flows. | Yes | Without these processes working correctly, it will be impossible to ensure the correct deployment of the outlined InApp flows. |
2 | The OT token expires one minute after its generation. | Yes | |
3 | User authorization via access tokens works correctly. | Yes | |
4 | As per the relevant flow, users are correctly redirected to the chosen success URL. | Yes |
Last update: February 6, 2023