Changelog
Introduction

Sections

Changelog

Theme switcher

Single Sign-On (SSO) Integration Guide for External Applications

Single Sign-On (SSO) Process Between external applications and MTT Platform.

The SSO mechanism is designed for external application → MTT platform login flow, not the other way around. Both flows - new user registration (via /v1/accounts → retrieve oneTimeToken → /manager/login/co/with-token) and existing user login (via /manager/mtr-login → receive co-auth cookie) - follow the same pattern:

  1. The user starts in an external application (e.g., Client Office or CRM).
  2. The application sends a background API request to either create an account or log in.
  3. The response includes a token (either one-time or persistent).
  4. The user is redirected to the MTT platform with the co-auth cookie already set.
  5. The user is automatically logged in to the platform without re-entering credentials.

Flow for new user registrations:

1

Initiate the account creation process using the Broker-API /v1/accounts 'Create Account' endpoint.

CURL
curl --location 'https://broker-api-demo.match-trader.com/v1/accounts' \
--header 'Authorization: Provide you token here' \
--header 'Content-Type: application/json' \
--data '{
  "email": "",
  "password": "",
  "offerUuid": "",
  "clientType": "RETAIL",
  "createAsDepositedAccount": false,
  "personalDetails": {
    "firstname": "",
    "lastname": "",
    "dateOfBirth": "",
    "citizenship": "",
    "language": "",
    "maritalStatus": "",
    "passport": {
      "number": "",
      "country": ""
}'
2

Extract the "oneTimeToken" from the response received after successfully creating the account.

Upon successfully creating an account you'll receive information regarding newly created account, obtain the oneTimeToken from the response.

JSON
{
  "uuid": "",
  "oneTimeToken": "",
  "created": "",
  "updated": "",
  "email": "",
  "verificationStatus": "NEW",
  "type": "RETAIL",

}

3

Use the retrieved "oneTimeToken" to log in via the Platform-API 'Login with one time token' endpoint. Include the client's platform URL in the request and send the token as a body parameter.

Include the retrieved token as a header in below endpoint:

CURL
curl --location 'https://mtr-demo-prod.match-trader.com/manager/login/co/with-token' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{
  "token": "{token}"
}'

Make sure to replace the URL with your client platform address. As a response you'll receive the token: token : This token is used as a cookie in subsequent requests to maintain the session state. This token is passed as a Cookie in further API requests to maintain session authenticity.

4

Upon successful login, a new 'co-auth' cookie is stored in the user's browser. This cookie automatically authorizes the user upon redirection to the platform. External app and the MTT platform must be set up on the same domain (or sub-domains of the same domain) for this SSO process to work seamlessly, as cookies can only be shared within the same domain structure.

Flow for existing users:

1

Once the user logs into your CRM you should send Platform-API 'Login' request, including the user’s email, password, and brokerId in the request data.

CURL
curl --location 'https://mtr-demo-prod.match-trader.com/manager/mtr-login' \
--header 'Content-Type: application/json' \
--data '{
  "email": "",
  "password": "",
  "brokerId": ""
}'

Make sure to replace the URL with your client platform address. As a response you'll receive the token:

token : This token is used as a cookie in subsequent requests to maintain the session state. This token is passed as a Cookie in further API requests to maintain session authenticity.

2

Successful login results in storing the 'co-auth' token as a cookie. This allows automatic authorization when the user is redirected to the platform. External app and the MTT platform must be set up on the same domain (or sub-domains of the same domain) for this SSO process to work seamlessly, as cookies can only be shared within the same domain structure.

Maintaining the session: The co-auth token is valid for 15 minutes, in order to refresh the token you can send Platform-API ‘Refresh token’ request. By sending a POST request, users can obtain a new token, ensuring continued access to the platform without interruption, especially when the token is nearing expiration. The refresh token is included as a cookie to facilitate this process.

Important Note: External app and the MTT platform must be set up on the same domain (or sub-domains of the same domain) for this SSO process to work seamlessly, as cookies can only be shared within the same domain structure.

Was this section helpful?

What made this section unhelpful for you?

On this page
  • Single Sign-On (SSO) Integration Guide for External Applications