5.3. User Creation
The following figure summarizes the OAuth user creation flow.
The user creation flows passes through the following stages.
-
The user launches the cTrader application.
-
The platform tries (and fails) to find an existing
accessToken
locally. -
Upon its failure to find a suitable
accessToken
, the platform opens the custom login/signup screen with thefirstLogin
parameter equallingtrue
. Please, see above for the list of the optional parameters that this URL can be opened with. -
The user interacts with the login/signup screen, fulfills their broker’s requirements, and successfully registers on the broker’s CRM.
-
The broker’s backend sends a user creation request to the cTrader backend via API call 3.2.
-
On success, the cTrader backend creates a new user and sends a response containing the
userId
API call 3.2. -
The broker’s client area stores the link between the ID of its internal user and the
userId
. -
Following successful user creation, the web browser automatically opens the custom account creation screen. After the account creation form is filled out, a corresponding request is sent to the broker’s backend.
-
As per API call 3.3., the broker’s CRM system submits a request for a trading account creation to the cTrader backend. On success, the cTrader backend sends a request containing the account
login
. -
The broker’s client area sends a request for account linkage; upon its fulfillment, the cTrader backend produces a confirmatory response (API call 3.4.).
-
A record of the new trading account is stored in the broker’s CRM system. Subsequently, the CRM system generates a corresponding OT token.
-
The user is redirected to the chosen success URL which also includes the OT token as a query parameter (
token
). -
As soon as the user visits the success URL, the application closes the web browser and stores the token.
-
The application opens a new connection with the cTrader backend and sends an authorization request including
token
as a parameter. -
The cTrader backend sends a POST-request via REST API to exchange the OT token for a long-term access token (API call 4.2.).
-
The broker’s CRM verifies the
token
and responds withuserId
andaccessToken
(API call 4.2.). -
The cTrader backend authorizes the session under the provided
userId
and returns theaccessToken
to the application. -
The platform stores the
accessToken
for future usage. -
The application starts authorized communications with the cTrader backend.