WebView plugin SDK vs Open API¶
When building web apps for WebView plugins, developers can use the WebView plugin SDK, Open API or both to enable communication between their web services and the cTrader platform. This guide will help you understand when to use each.
Overview¶
Both the WV plugin SDK and Open API offer powerful capabilities, but they serve different purposes in terms of scope, trust model and permitted operations.
| Attribute | WV plugin SDK | Open API |
|---|---|---|
| Context of use | Internal and embedded in cTrader. Used in web apps for WebView plugins. | External and public, not tied to any specific flow. Can be used by any service. |
| Authentication | Automatically authenticated inside cTrader. | Requires additional authentication or OAuth 2.0 tokens. |
| Permissions | Full capabilities including for sensitive operations. | Limited to non-sensitive data. |
| Performance | Excessive request volumes may affect the plugin. | Scales for large data queries and aggregation. |
Shared capabilities¶
For WebView plugins, some functionalities are available through both the WV plugin SDK and Open API. You can use either to do the following:
- Get historical data
- Get symbol information
- Subscribe to quotes
- Retrieve account data (balance and equity).
Implementing account data retrieval using the WV plugin SDK means seamless operations:
-
No token required from the user.
-
No separate login flow needed.
-
Authentication is handled automatically by cTrader.
When your web application runs inside cTrader as a WebView plugin, it inherits the user's authenticated session. This setup makes account data retrieval faster, safer and more user-friendly.
Note
The WV plugin SDK enables developers to create web apps for WebView plugins entirely with frontend technologies (JavaScript, HTML and CSS), or create WV plugins with AI. You would not have to implement or maintain a backend service.
Implementing account data retrieval using Open API in your web application means one or more of the following:
-
You must implement an OAuth 2.0 flow in your application.
-
Traders must log in to cTrader and authorise your app.
-
Traders must generate and provide a personal access token.
Warning
While Open API also supports the retrieval of certain account data, it comes with limitations for WV plugin developers. The extra authentication step complicates development, disrupts the user experience and may discourage adoption of your product.
Key differences¶
Web apps can perform various trading actions in cTrader using the WV plugin SDK, whereas Open API does not support these functionalities for WebView plugins.
| WV plugin operation | WV plugin SDK | Open API |
|---|---|---|
| Create new orders | Yes | No |
| Modify existing orders | Yes | No |
| Cancel orders | Yes | No |
| Close positions | Yes | No |
| Modify SL/TP protection | Yes | No |
| Navigate screens | Yes | No |
Warning
WebView plugins operate without accessing or transferring any personal user information, such as user names or account identifiers. While plugins can access limited account data (e.g., balance) when actively connected in the cTrader environment, they do not store cookies at any point.
cTrader limits sensitive operations to the platform environment, where:
-
The user has explicitly installed or enabled the plugin.
-
The platform can enforce extra confirmation flows.
-
Position limits, margin checks and risk rules run locally before the request is sent.
An external website using Open API cannot guarantee the same level of control and security; therefore, trade-related endpoints cannot be exposed there.
Summary¶
Use the WV plugin SDK in web apps that will be used to build a WebView plugin, especially if the web app needs to trade or deal with certain account data.
Use Open API in web apps that run outside cTrader and rely on public data.