6.2. InApp Controls Conformance Testing

Test No. Name Required? Test Justification
API Security and Access
1 All REST API calls are made to secure endpoints using the https protocol. Yes To ensure the safety of sensitive data (e.g., trader login IDs), all calls need to conform to the latest web security protocols.
2 All API calls are made to and from servers in possession of valid server certificates. Yes
3 The broker’s client area can successfully generate an authentication token for the cTrader backend. Yes To protect traders and brokers, only properly authenticated systems can send successful requests to brokers’ client areas.
4 The broker’s CRM system checks the validity of the authentication token used by the cTrader backend and can prevent access if the token is invalid. Yes
InApp Flow Screens
1 The screens support different languages. No All users must be able to access the new flows regardless of their preferred display language.
2 The screens are neatly organized and do not contain any unnecessary UI elements. Yes To maximize conversion rates, all screens must conform to the UI standards of the native application.
3 The screens mention the correct legal entities. Yes To avoid user confusion, screens cannot mention any brands and/or legal entities unrelated to application branding.
4 No pop-up messages appear on any screen. No Pop-up messages disrupt the UX and may cause unforeseen technical issues.
5 The screens do not mention any other platforms. Yes To maximize conversion rates, all screens must conform to the UI standards of the native application.
Backend Functionality
1 The OT token is correctly generated and exchanged as outlined in the user flows. Yes Without these processes working correctly, it will be impossible to ensure the correct deployment of the outlined InApp flows.
2 The OT token expires one minute after its generation. Yes
3 User authorization via access tokens works correctly. Yes
4 As per the relevant flow, users are correctly redirected to the chosen success URL. Yes

Last update: September 26, 2022

Comments