5.4. User Authorization Via a Password
This flow only applies to users who have already registered on their broker’s CRM system and within the cTrader backend.
The user authorization flow includes the following stages,
The user launches the cTrader application.
The platform tries (and fails) to find an existing
Upon its failure to find a suitable
accessToken, the platform opens the custom login/signup screen. Please, see above for the list of the optional parameters that this URL can be opened with.
The user fills out the authorization form; upon success, they are authorized on their broker’s CRM system.
The CRM finds the stored
userIdand generates an OT token.
The user is redirected to the chosen success URL which also includes the OT token as a query parameter (
When the app detects that the user has visited the success URL, it closes the web browser/iframe and stores the
The application opens a new connection with the cTrader backend and sends an authorization request including the
tokenas a parameter.
The cTrader backend sends a POST-request via REST API to exchange the OT token for a long-term access token (API call 4.2.).
The broker’s CRM verifies the token and responds with
accessToken(*API call 4.2.).
The cTrader backend authorizes the session under the provided
userIdand returns the
accessTokento the application.
The platform stores the
accessTokenfor future usage.
The application starts authorized communications with the cTrader backend.