WebAPI

Brief

The CPlugin Cloud WebAPI is a JSON API that lets you manage MT4/MT5 servers from any HTTP-enabled client. It has two faces sharing the same authentication: a RESTful interface for request/response calls and a realtime SignalR endpoint (Web Sockets, Long Polling and other transports) for streaming data — quotes, margin updates, online users and open orders as they happen.

The WebAPI runs on top of MetaQuotes' Manager API, so you need a manager account on your MT4/MT5 server.

The service is hosted at cloud.mywebapi.com.

Start in minutes with the SDK

The fastest way to get going is the official public SDK: it handles OAuth2 (token discovery, caching and refresh), retries and typing for you, so you can skip the raw HTTP plumbing entirely.

JavaScript / TypeScript SDK

The JS SDK is early-access (v0.1.x) — pin the exact version in production.

Install it:

bun add @mywebapi.com/sdk

Then construct the client and make your first call. The client exposes two namespaces — client.mt4 and client.mt5 — and is configured with an environment plus your API-client credentials:

import { CPluginWebApiClient } from '@mywebapi.com/sdk'

const client = new CPluginWebApiClient({
  env: 'prod', // or 'staging'
  clientId: 'your-client-id',
  clientSecret: process.env.CPLUGIN_WEBAPI_CLIENT_SECRET!,
})

const tp = 'your-tradeplatform-uuid'
const time = await client.mt4.getServerTime(tp)
console.log('MT4 server time:', time.data.timestamp)

The env field accepts 'prod', 'staging', or a custom { baseUrl, authUrl } object. Errors are thrown as ApiError, which carries code, description and activityId to help you diagnose failures.

Authentication

The WebAPI uses OAuth2 (Client Credentials flow): you exchange an API-client id and secret for a bearer token at auth.cplugin.net, then present that token on every REST call and SignalR connection. Create the client under ToolboxWebAPIAPI Clients (the secret is shown only once). The SDK does this for you; if you call the API directly, see Authorization for the full flow.

Each MT4/MT5 server you register is identified by a unique trade platform id (Toolbox → Trade Platforms), where you also choose its type so the WebAPI uses the correct MetaQuotes Manager API. Pass this id where a method requires it.

REST

The RESTful interface is a standard JSON API rooted at https://cloud.mywebapi.com. Every request carries the bearer token in the Authorization header; methods that target a specific server take the trade platform id in the path.

The full method catalogue — with request/response schemas and a "try it" console — lives in the Swagger reference. You can feed that spec to swagger-codegen to generate a client, though this is optional.

A minimal authenticated call to read a user record:

curl https://cloud.mywebapi.com/api/MT4/{tradePlatform}/UserRecordGet/{login} \
  -H "Authorization: Bearer $ACCESS_TOKEN"
The most basic things to request are your Organizations, the list of available TradePlatforms, and a connection check (ping) to any of them — all under those sections in Swagger.

Realtime

Realtime data uses SignalR over Web Sockets (with Long Polling and other transports as fallback): a two-way connection to the server so updates arrive automatically once you subscribe — no polling. You can stream quotes, clients' margin updates, the online-user list and open orders in real time.

Connect to a versioned hub (test, mt4 or mt5) and provide the same bearer token via accessTokenFactory:

const connection = new signalR.HubConnectionBuilder()
  .withUrl('https://cloud.mywebapi.com/hubs/mt4/v1', {
    accessTokenFactory: () => access_token,
  })
  .build()

await connection.start()

// subscribe to a symbol, then receive ticks as they happen
await connection.invoke('SubscribeToTicks', tradePlatform, 'EURUSD')
connection.on('onTick', (tp, tick) => console.log(tick))

Live demos

View source on the working Test hub (no auth) and MT4 hub demos for full client code.

Typed interface

Download the up-to-date hub/method/event definitions as CPlugin.WebAPI.Realtime.ts.

Environments & pricing

There are two environments; the free Sandbox is the staging environment — a full-featured copy of production with no billing and no SLA. Build and test as long as you need; billing starts only when you connect to production.

Point the SDK at the Sandbox with env: 'staging' (which targets pre.mywebapi.com) while you build, then switch to env: 'prod' for production. See Pricing and terms for what you pay on production.

Firewall settings

Whitelist the source IP addresses below in your MT4/MT5 firewall settings so the WebAPI can reach your servers without being blocked:

IPDNS
116.203.101.91m2.mywebapi.com
142.132.146.30m3.mywebapi.com
157.90.214.22m4.mywebapi.com
5.223.43.1m9.mywebapi.com
88.99.65.181pre.mywebapi.com

Cloud

We run a swarm of WebAPI instances to minimise latency, increase uptime and spread load. A DNS traffic manager resolves cloud.mywebapi.com to the instance closest to you (lowest ping); if any instance goes down you are automatically routed to another within a second. We regularly analyse usage and can spin up an additional server in the region of any customer who would benefit.