Brokers overview - Glitch Trade

Glitch Trade integrates with four broker protocols today. Each has a different trust posture; the Track tile shows the badge per account so you always know what the platform holds.

cTrader

OAuth read-only. Most trust-friendly path.

TradeLocker

Username + password exchanged once for a refresh token, then discarded.

DXtrade

Same credentialed pattern as TradeLocker.

MT4 / MT5 via MetaApi

Cloud-bridged. MetaApi.cloud holds the password, never our servers.

Trust posture, side by side

Connection	Badge	What we hold	Worst case if our DB leaks
cTrader OAuth	🔐 OAuth (green)	Scoped refresh token, read-only by design	Read tape. Cannot trade or move funds.
TradeLocker / DXtrade	🔑 Creds (amber)	Encrypted refresh token only (password discarded)	Attacker would need to steal the refresh token AND our Fernet key
MT4 / MT5 via MetaApi	🌉 Cloud (blue)	Just the MetaApi accountId	Password is held encrypted at MetaApi, not on our servers

What we never do

We don’t trade on your behalf
We don’t custody funds
We don’t run automation server-side on customer accounts
We don’t share account data outside your own dashboard

Bots run on your machine (cTrader Desktop) or in your broker (when MetaApi-hosted execution lights up later for Pro Quant accounts). We make the tape legible — that’s it.

cTraderOAuth read-only. The trust-friendliest path.