The M4Markets mobile app routes its actual trading through a third-party MT5 WebTrader and keeps everything else — accounts, balances, funding, KYC and partner figures — behind a single login. That split matters. Trade records live on a MetaTrader 5 server; the money and identity records live on the broker's own back office. An integration that wants a complete account picture has to reach both and stitch them together, which is the work we do here.
M4Markets is operated across more than one regulated entity. Per its own in-app disclosure, EEA clients are served by Harindale Ltd under CySEC, license 301/16; international clients trade under Trinota Markets Global, regulated by the Seychelles FSA, with a separate Dubai (DFSA) arm. The route we would take is authorized protocol analysis of the app's own traffic under the account holder's consent — not a guess at any one published feed. Below is what is reachable, how we reach it, and what you receive.
Data surfaces inside the app
These are the surfaces the app itself describes. Granularity below is what an integrator can realistically expect from each.
| Domain | Where it originates | Granularity | Use for an integrator |
|---|---|---|---|
| Trading accounts | Back office, multi-account list | Per account: balance, equity, margin, account type | Portfolio aggregation across a client's accounts |
| Open & closed positions | MT5 WebTrader / MT5 server | Per ticket: symbol, volume, open/close price, P/L, time | Live exposure sync and reconciliation |
| Trade history | MT5 server, queried by account login | Deal-level, time-bounded | Performance analytics, tax and audit records |
| Funding | Back office payments module | Deposits, withdrawals, internal transfers, provider details | Cash-flow reconciliation against statements |
| KYC & profile | Back office registration / verification | Status, documents, personal and contact fields | Onboarding-state checks, compliance evidence |
| IB & partner ledger | Partner module | Referrals, custom links, commission flows, downstream metrics | Commission accounting and partner dashboards |
Reaching the data
Three routes apply here. We set up access with you during onboarding — a consenting account, a partner login, or a sandbox where one is available — so none of this is something you have to arrange before we start.
Consented protocol analysis of the app traffic
The mobile client authenticates and then talks to the M4Markets back office over HTTPS, while the trading view loads the MT5 WebTrader. We map that traffic — login, token handling, the calls that list accounts, fetch balances and pull funding — and rebuild it as a clean client. This reaches the widest set of surfaces and is what we would recommend for M4Markets, because the back office is where accounts, money and KYC actually live and there is no single export that covers all three.
MetaTrader 5 trade data
Trade and position data is MT5, not bespoke. MetaTrader 5 servers expose documented Manager and Web API surfaces that brokers and tooling use for account, deal and order data. Where the account holder authorizes it, this is a durable way to read positions and history without scraping the WebTrader front end. It pairs with route one rather than replacing it.
Native export as a fallback
MT5 itself can export deal and order history to file. It is the least connected option and misses funding, KYC and partner data entirely, but it is a sensible backstop for one-off history pulls or to validate what a live integration returns.
A worked request
Illustrative only — exact paths, field names and the auth scheme are confirmed during the build against the live app. The shape below reflects the back-office-then-MT5 split described above.
# 1) Authenticate against the M4Markets back office (entity-aware host)
POST /auth/login
{ "email": "...", "password": "...", "device": "..." }
# 2FA / biometric step handled per the consenting user's session
-> 200 { "access_token": "...", "refresh_token": "...", "entity": "CYSEC|FSA" }
# 2) List the client's trading accounts
GET /client/accounts Authorization: Bearer <token>
-> [ { "login": 51234567, "type": "Raw", "balance": 1840.55,
"equity": 1872.10, "currency": "USD", "platform": "MT5" } ]
# 3) Pull deal history for one MT5 login (MetaTrader 5 surface)
GET /mt5/history?login=51234567&from=2026-01-01&to=2026-05-31
-> { "deals": [ { "ticket": 99001, "symbol": "XAUUSD",
"volume": 0.10, "price": 2387.4, "profit": 12.6 } ] }
# Errors we handle: 401 token expiry -> refresh; 429 throttle -> backoff;
# entity mismatch -> re-route to the correct back-office host.
What lands in your repo
Everything is tied to the surfaces above, not a generic kit:
- Runnable source (Python or Node.js) for login, account listing, balance and funding reads, and MT5 history pulls.
- An OpenAPI / Swagger spec covering the endpoints we map, with the back-office and MT5 surfaces separated.
- A protocol and auth-flow report: the token and refresh chain, the 2FA touch point, and how the entity flag routes hosts.
- Automated tests against recorded responses so a front-end change shows up as a failing test, not a silent gap.
- Interface documentation plus data-retention and consent-handling guidance written for a regulated broker context.
Authorization & the rules around it
M4Markets is an investment firm under MiFID II through CySEC, not a payment account, so this is consent-based access to a client's own data rather than an open-banking payment flow. The dependable basis is the account holder's (or partner's) own authorization to act on their data. For EU clients that data is GDPR-covered; for Seychelles-booked clients the FSA framework and the firm's own terms apply. We work to the scope the consent grants — read-only unless you specify otherwise — keep consent and access records, minimize what we store to the fields you need, and sign an NDA where the engagement calls for it. Revocation is honored by design: when a session or consent ends, the integration stops.
Engineering notes specific to this app
Two things shape the build and we handle both:
- The MT5 / back-office seam. A position lives on the MetaTrader 5 server while the client identity and funding live on the M4Markets back office. We reconcile the two so each MT5 login maps to the correct client profile and currency — otherwise a unified statement double-counts or mislabels accounts.
- Multi-entity routing. A Harindale (CySEC) login and a Trinota (FSA) login can resolve to different back-office hosts and carry different obligations. We detect the entity from the session and route calls accordingly, so a build does not quietly point EU traffic at the wrong endpoint.
- Session sensitivity. Biometric, 2FA and PIN gates mean tokens are short-lived. We design the sync around the refresh window so a long-running pull does not drop mid-way.
Keeping it live
Broker front ends move. When M4Markets ships an app update or shifts the WebTrader embed, request shapes can drift. The test suite is the early-warning system: recorded-response checks fail loudly when a field or path changes, and a maintenance pass re-maps the affected calls. For trade data, MT5's versioned surfaces tend to be steadier than the bespoke back-office calls, which is one more reason we keep the two paths separate.
Screens from the listing
Comparable apps
If you are aggregating across brokers, these sit in the same MT4/MT5 retail-CFD space and present similar data shapes. Named for context, not ranked.
- Exness — multi-entity broker with its own terminal plus MT4/MT5; per-account balances and deal history behind login.
- XM — large MT4/MT5 broker; trading accounts, history and a partner program with commission data.
- FxPro — MT4/MT5 and cTrader; account, position and funding records similar in structure.
- Pepperstone — MT4/MT5/cTrader broker; raw-spread accounts with deal-level history.
- IC Markets — high-volume MT4/MT5/cTrader broker; positions, statements and IB ledgers.
- AvaTrade — MT4/MT5 plus its own app; account, trade and funding surfaces.
- CMC Markets — proprietary platform and MT4; portfolio and order data behind an authenticated account.
- Vantage — MT4/MT5 broker; multi-account balances, history and partner metrics.
- FP Markets — MT4/MT5/cTrader; deal history and funding records per account.
Questions integrators ask
Can you pull positions and history from the MT5 WebTrader the app uses, or only the M4Markets back office?
Both, and they are separate sources. Live and historical trade records sit on the MetaTrader 5 server reached through the app's third-party MT5 WebTrader, while balances, ledgers, funding and profile data sit on the M4Markets back office. We integrate against whichever the consenting account holder authorizes and link the two so an MT5 login maps to the right client record.
Which M4Markets entity and regulator covers the data we would be touching?
It depends on where the account was opened. EEA clients are served by Harindale Ltd under CySEC (license 301/16, per the app's own disclosure), and international clients by Trinota Markets Global under the Seychelles FSA. We confirm the entity behind a given login first because the back-office host and the data-protection obligations differ between them.
Do IB and partner commission flows come through the same integration as client trading accounts?
They are a distinct surface. The partner area exposes referrals, custom links, commission flows and downstream performance, which is a different back-office module from a client's own trading accounts. We can scope a build to client accounts only, the partner ledger only, or a combined feed, depending on which authorization you hold.
Source code lands in your repository inside one to two weeks; you pay from $300, and only after delivery once it works as described. Prefer not to host anything? The pay-per-call option runs on our endpoints with nothing upfront — you pay for the calls you make. Tell us it is M4Markets and what you need from its data over at our contact page and we take it from there.
How this was checked
Surfaces were read from the app's own Play listing and description; the regulatory picture and account structure were checked against the broker's public materials and independent reviews in May 2026. MT5 Manager/Web API behavior is from MetaQuotes' broker documentation and integration references. Primary sources: M4Markets license & regulation page, PR Newswire on the CySEC license, MetaTrader 5 for brokers, an independent M4Markets review.
Mapping by the OpenBanking Studio integration desk — May 2026.
App profile (factual recap)
M4Markets App is the mobile client for the M4Markets forex and CFD brokerage (package com.m4marketsclient.mobile, per its Play listing). It consolidates account management, registration and KYC, deposits, withdrawals and internal transfers, and an IB/partner area, while trading runs through a third-party MT5 WebTrader. Security features named by the app include biometric login, 2FA and PIN control. The group operates under CySEC (Harindale Ltd, license 301/16 for EEA clients, per its disclosure), the Seychelles FSA (Trinota Markets Global) and the DFSA in Dubai. CFDs are leveraged products that carry a high risk of loss.
Mapping checked 2026-05-31.