Auth Flow

1. Log in to the web console with your email and password.
2. Create one auth_token for one MT4 or MT5 terminal and set an expiry if you want one.
3. Paste that auth_token into the EA settings.
4. If the machine is new, complete the email verification step shown by the terminal or the web console.
5. Use the same auth_token in your external client when calling local /rpc or /ws.

The EA side and the external client side should use the same auth_token. This keeps the local gateway scoped to the terminal the user intentionally exposed.

Without this check, any process that can reach the local port could try to read account data or send trading requests. Matching the token on both sides narrows that access.

1. The terminal starts with the configured auth_token.
2. If the machine is already approved, the local API becomes available automatically.
3. If it is a new machine, you complete one email verification step.
4. After that, your application can use the same token to access local /rpc and /ws.

The dashboard login is only for account management. Users create the auth_token in the console, then put that token into the EA input fields and the external client configuration.

If the device has already been approved before, the terminal usually comes back without any extra action. If it is a new device, the user completes one email verification step and then continues.

1. Open the dashboard and check that the terminal appears as active.
2. Make sure the terminal no longer shows an auth or expiry error.
3. Send a simple request such as get_account_info with the same auth_token.
4. If you receive account data, the token and terminal are aligned correctly.

For more detail about token usage, see the dedicated Auth Token page.