Authorization

The family of cloud-based products use the OpenID and OAuth protocols to authenticate users through Single Sign-On.

The family of cloud-based products use the OpenID and OAuth protocols to authenticate users through Single Sign-On.

Different kinds of clients use different approaches — for example, the website itself uses OpenID, while the WebAPI uses OAuth.

To authenticate against the authentication server from your application, follow the routine below.

This uses the Client Credentials flow, so the request looks like this:

POST https://auth.cplugin.net/connect/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&scope=webapi&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET

Replace YOUR_CLIENT_ID and YOUR_CLIENT_SECRET with your own client id and secret, which you obtain by registering a new API client in Toolbox → Clients section (toolbox.cplugin.com).

Once you authenticate successfully, you receive an access token that you can use for subsequent calls.

{
  "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjE0M2U4MjljMmI1NzQ4OTk2OTc1M2JhNGY4MjA1OTc5ZGYwZGE5ODhjNjQwY2ZmYTVmMWY0ZWRhMWI2ZTZhYTQiLCJ0eXAiOiJKV1QifQ......",
  "expires_in": 3600,
  "token_type": "Bearer"
}

The WebAPI has two different features — RESTful and WebSockets — and each one has its own way to pass this token within every call to maintain authorization between calls. See the WebAPI docs for details.

The most basic things you can request are:

  • Organizations you participate in.
  • The list of available trade platforms.
  • A connection check (ping) to any of your trade platforms.

These are available in the Cloud WebAPI Swagger UI under the Organizations and TradePlatforms sections.