6.2. InApp Controls Conformance Testing
| Test No. | Name | Required? | Test Justification |
|---|---|---|---|
| API Security and Access | |||
| 1 | All REST API calls are made to secure endpoints using the https protocol. | Yes | To ensure the safety of sensitive data (e.g., trader login IDs), all calls need to conform to the latest web security protocols. |
| 2 | All API calls are made to and from servers in possession of valid server certificates. | Yes | |
| 3 | The broker’s client area can successfully generate an authentication token for the cTrader backend. | Yes | To protect traders and brokers, only properly authenticated systems can send successful requests to brokers’ client areas. |
| 4 | The broker’s CRM system checks the validity of the authentication token used by the cTrader backend and can prevent access if the token is invalid. | Yes | |
| InApp Flow Screens | |||
| 1 | The screens support different languages. | No | All users must be able to access the new flows regardless of their preferred display language. |
| 2 | The screens are neatly organized and do not contain any unnecessary UI elements. | Yes | To maximize conversion rates, all screens must conform to the UI standards of the native application. |
| 3 | The screens mention the correct legal entities. | Yes | To avoid user confusion, screens cannot mention any brands and/or legal entities unrelated to application branding. |
| 4 | No pop-up messages appear on any screen. | No | Pop-up messages disrupt the UX and may cause unforeseen technical issues. |
| 5 | The screens do not mention any other platforms. | Yes | To maximize conversion rates, all screens must conform to the UI standards of the native application. |
| Backend Functionality | |||
| 1 | The OT token is correctly generated and exchanged as outlined in the user flows. | Yes | Without these processes working correctly, it will be impossible to ensure the correct deployment of the outlined InApp flows. |
| 2 | The OT token expires one minute after its generation. | Yes | |
| 3 | User authorization via access tokens works correctly. | Yes | |
| 4 | As per the relevant flow, users are correctly redirected to the chosen success URL. | Yes |
Last update: September 26, 2022