5.3. User Creation

The following figure summarizes the OAuth user creation flow.

The user creation flows passes through the following stages.

  1. The user launches the cTrader application.

  2. The platform tries (and fails) to find an existing accessToken locally.

  3. Upon its failure to find a suitable accessToken, the platform opens the custom login/signup screen with the firstLogin parameter equalling true. Please, see above for the list of the optional parameters that this URL can be opened with.

  4. The user interacts with the login/signup screen, fulfills their broker’s requirements, and successfully registers on the broker’s CRM.

  5. The broker’s backend sends a user creation request to the cTrader backend via API call 3.2.

  6. On success, the cTrader backend creates a new user and sends a response containing the userId API call 3.2.

  7. The broker’s client area stores the link between the ID of its internal user and the userId.

  8. Following successful user creation, the web browser automatically opens the custom account creation screen. After the account creation form is filled out, a corresponding request is sent to the broker’s backend.

  9. As per API call 3.3., the broker’s CRM system submits a request for a trading account creation to the cTrader backend. On success, the cTrader backend sends a request containing the account login.

  10. The broker’s client area sends a request for account linkage; upon its fulfillment, the cTrader backend produces a confirmatory response (API call 3.4.).

  11. A record of the new trading account is stored in the broker’s CRM system. Subsequently, the CRM system generates a corresponding OT token.

  12. The user is redirected to the chosen success URL which also includes the OT token as a query parameter (token).

  13. As soon as the user visits the success URL, the application closes the web browser and stores the token.

  14. The application opens a new connection with the cTrader backend and sends an authorization request including token as a parameter.

  15. The cTrader backend sends a POST-request via REST API to exchange the OT token for a long-term access token (API call 4.2.).

  16. The broker’s CRM verifies the token and responds with userId and accessToken (API call 4.2.).

  17. The cTrader backend authorizes the session under the provided userId and returns the accessToken to the application.

  18. The platform stores the accessToken for future usage.

  19. The application starts authorized communications with the cTrader backend.

Last update: February 6, 2023