WebAPI
Brief
The CPlugin Cloud WebAPI is a JSON API that lets you manage MT4/MT5 servers from any HTTP-enabled client. It has two faces sharing the same authentication: a RESTful interface for request/response calls and a realtime SignalR endpoint (Web Sockets, Long Polling and other transports) for streaming data — quotes, margin updates, online users and open orders as they happen.
The service is hosted at cloud.mywebapi.com.
Start in minutes with the SDK
The fastest way to get going is the official public SDK: it handles OAuth2 (token discovery, caching and refresh), retries and typing for you, so you can skip the raw HTTP plumbing entirely.
JavaScript / TypeScript SDK
npm: @mywebapi.com/sdk · repo: CPlugin/mywebapi.com-sdk-js
Python SDK
Install it:
bun add @mywebapi.com/sdk
Then construct the client and make your first call. The client exposes two namespaces — client.mt4 and client.mt5 — and is configured with an environment plus your API-client credentials:
import { CPluginWebApiClient } from '@mywebapi.com/sdk'
const client = new CPluginWebApiClient({
env: 'prod', // or 'staging'
clientId: 'your-client-id',
clientSecret: process.env.CPLUGIN_WEBAPI_CLIENT_SECRET!,
})
const tp = 'your-tradeplatform-uuid'
const time = await client.mt4.getServerTime(tp)
console.log('MT4 server time:', time.data.timestamp)
The env field accepts 'prod', 'staging', or a custom { baseUrl, authUrl } object. Errors are thrown as ApiError, which carries code, description and activityId to help you diagnose failures.
Authentication
The WebAPI uses OAuth2 (Client Credentials flow): you exchange an API-client id and secret for a bearer token at auth.cplugin.net, then present that token on every REST call and SignalR connection. Create the client under Toolbox → WebAPI → API Clients (the secret is shown only once). The SDK does this for you; if you call the API directly, see Authorization for the full flow.
Each MT4/MT5 server you register is identified by a unique trade platform id (Toolbox → Trade Platforms), where you also choose its type so the WebAPI uses the correct MetaQuotes Manager API. Pass this id where a method requires it.
REST
The RESTful interface is a standard JSON API rooted at https://cloud.mywebapi.com. Every request carries the bearer token in the Authorization header; methods that target a specific server take the trade platform id in the path.
The full method catalogue — with request/response schemas and a "try it" console — lives in the Swagger reference. You can feed that spec to swagger-codegen to generate a client, though this is optional.
A minimal authenticated call to read a user record:
curl https://cloud.mywebapi.com/api/MT4/{tradePlatform}/UserRecordGet/{login} \
-H "Authorization: Bearer $ACCESS_TOKEN"
Realtime
Realtime data uses SignalR over Web Sockets (with Long Polling and other transports as fallback): a two-way connection to the server so updates arrive automatically once you subscribe — no polling. You can stream quotes, clients' margin updates, the online-user list and open orders in real time.
Connect to a versioned hub (test, mt4 or mt5) and provide the same bearer token via accessTokenFactory:
const connection = new signalR.HubConnectionBuilder()
.withUrl('https://cloud.mywebapi.com/hubs/mt4/v1', {
accessTokenFactory: () => access_token,
})
.build()
await connection.start()
// subscribe to a symbol, then receive ticks as they happen
await connection.invoke('SubscribeToTicks', tradePlatform, 'EURUSD')
connection.on('onTick', (tp, tick) => console.log(tick))
Typed interface
Download the up-to-date hub/method/event definitions as CPlugin.WebAPI.Realtime.ts.
Environments & pricing
There are two environments; the free Sandbox is the staging environment — a full-featured copy of production with no billing and no SLA. Build and test as long as you need; billing starts only when you connect to production.
| Component | Sandbox (staging) | Production |
|---|---|---|
| Toolbox | pre.toolbox.cplugin.com | toolbox.cplugin.com |
| WebAPI | pre.mywebapi.com | cloud.mywebapi.com |
Point the SDK at the Sandbox with env: 'staging' (which targets pre.mywebapi.com) while you build, then switch to env: 'prod' for production. See Pricing and terms for what you pay on production.
Firewall settings
Whitelist the source IP addresses below in your MT4/MT5 firewall settings so the WebAPI can reach your servers without being blocked:
| IP | DNS |
|---|---|
116.203.101.91 | m2.mywebapi.com |
142.132.146.30 | m3.mywebapi.com |
157.90.214.22 | m4.mywebapi.com |
5.223.43.1 | m9.mywebapi.com |
88.99.65.181 | pre.mywebapi.com |
Cloud
We run a swarm of WebAPI instances to minimise latency, increase uptime and spread load. A DNS traffic manager resolves cloud.mywebapi.com to the instance closest to you (lowest ping); if any instance goes down you are automatically routed to another within a second. We regularly analyse usage and can spin up an additional server in the region of any customer who would benefit.

