Every live M4Markets account resolves to a MetaTrader 5 server record. That is where the balance, equity, open positions, and closed-deal history come from, and it is the surface any integration has to reach. The mobile app and the browser-based MT5 WebTrader are two windows onto the same server-side ledger; what a third party wants — a trader's running P&L, a dated history of fills, a partner's commission flow — is held there and behind the M4Markets Client Area, not in the phone.
So the build leans on the MT5 side first. We hand over a small Python and Node.js client that signs in with the trader's consent, holds the WebTrader session open, and pulls account state and deal history into records you can store. The slower paperwork — an OpenAPI description, the auth-flow writeup — follows from that working code rather than leading it.
What the app holds
Mapped from the app's own description and the M4Markets Client Area, the surfaces worth syncing break down like this.
| Data domain | Where it originates | Granularity | What an integrator does with it |
|---|---|---|---|
| Balance, equity, free margin | MT5 server, via the app and WebTrader | Per account, live | Portfolio dashboards, margin-call monitoring |
| Closed-deal history | MT5 Account History | Per deal, timestamped with ticket | Tax and accounting reconciliation, performance analytics |
| Open positions & pending orders | MT5 terminal state | Per-position snapshot | Risk monitoring, copy/mirror tooling |
| Profile & KYC status | Client Area profile section | Per user | CRM sync, onboarding state checks |
| Deposits, withdrawals, internal transfers | Client Area payments | Per transaction | Ledger reconciliation, payout audit |
| IB referrals & commission flows | Partner area | Per referral, near real time | Partner CRM, commission and payout automation |
| Notifications & legal agreements | App settings / back office | Per event / per document | Compliance archiving, consent records |
Account tiers differ — Standard, Raw Spreads, and Premium among them — but they all resolve to the same MT5 record shape, so one client model covers them once entity routing is in place.
Routes in
Three routes genuinely apply here, and they layer rather than compete.
Authorized interface integration of the MT5 WebTrader and Client Area
We analyse the traffic between the app, the WebTrader, and secure.m4markets.com, then drive the same authenticated session under the trader's own login. This reaches balances, positions, orders, deal history, and profile. Effort is moderate; durability is tied to the WebTrader session and token model, which is why we keep that logic isolated. Access is arranged with you during onboarding — a consenting demo or live account, or read-only investor credentials. This is the route we build the spine on.
MT5 Manager / Gateway surface, where the broker grants it
For an IB or institutional engagement where M4Markets issues manager-level credentials, the MT5 Manager API exposes server-side account operations and history calls such as deal and order lookups by date. Durability is high because it is MetaTrader's own integration surface; we set this up together with the broker relationship rather than around it.
Native MT5 export as a fallback
MT5 itself can save an account-history report. That covers a one-off pull or a reconciliation check, but it is not an automation path — we treat it as a backstop, not the feed.
What you get back
The headline deliverable is runnable code, not a document.
- A Python and Node.js client wrapping the M4Markets / MT5 session: sign-in, session refresh, and typed calls for balance, open positions, and dated deal history.
- Sync design — a one-time backfill plus an incremental pull keyed on deal ticket and close time, so a scheduled run only fetches what is new.
- A poller or webhook handler for fresh deals and margin events, wired into whatever queue or callback you run.
- An automated test harness with recorded fixtures from a demo account, so a change in the upstream session flow shows up as a failing assertion before it reaches your data.
- An OpenAPI/Swagger description of the normalized endpoints we expose.
- A protocol and auth-flow report covering the session, token, and cookie chain as it behaves on this app.
- Interface documentation and data-retention guidance for the records you keep.
A history pull, in practice
The shape of the client we hand over, against the deal-history surface specifically:
# Illustrative — field names confirmed during the build,
# not transcribed from any published M4Markets document.
from m4m_client import M4MarketsSession
s = M4MarketsSession(entity="harindale") # CySEC / EEA endpoint
s.login(login_id, investor_password) # read-only investor creds, with the trader's consent
s.refresh_if_stale() # re-establish the WebTrader session inside its window
deals = s.history_deals(
account="1024xxxx",
since_ticket=98421007, # last ticket stored; 0 means a full backfill
to_time="2026-06-07T00:00:00Z",
)
# -> [{ "ticket": 98421033, "symbol": "XAUUSD", "side": "sell",
# "volume": 0.50, "price_open": 2381.40, "price_close": 2376.10,
# "profit": -26.50, "commission": -3.50, "swap": 0.0,
# "time_close": "2026-06-06T15:02:11Z" }, ... ]
On a first run since_ticket is zero and the call walks the full history; on every later run it carries the last ticket we stored, so the sync stays cheap.
Normalized record
Account and deal data land in a flat shape that does not assume MetaTrader downstream:
{
"account": {
"login": "1024xxxx",
"entity": "harindale-cysec",
"currency": "USD",
"balance": 5120.44,
"equity": 5098.10,
"margin_free": 4760.22
},
"deal": {
"ticket": 98421033,
"symbol": "XAUUSD",
"side": "sell",
"volume": 0.50,
"profit": -26.50,
"closed_at": "2026-06-06T15:02:11Z"
}
}Consent & regulators
M4Markets runs as a group of regulated entities rather than one. EEA clients are served by Harindale Ltd, authorized and regulated by the Cyprus Securities and Exchange Commission under licence number 301/16 per the app's own description and the broker's licence page; that entity operates under MiFID II, so client funds sit in segregated accounts. The group also holds a DFSA licence in Dubai and an FSA Seychelles licence held by Trinota Markets (Global) Limited (licence SD035, per the FSA Seychelles register listing). The exact entity an account belongs to shapes which rules and which endpoint apply.
The dependable basis for our work is the trader's own authorization over their account — explicit consent, read-only credentials where they fit, and a record of what was granted. We work authorized, logged, and data-minimized: we pull only the domains a project needs, keep consent and access records, and sign an NDA where the engagement calls for one. Compliance here is how the desk operates, not a gate you clear before we begin.
Things we plan around
Two specifics on this app drive most of the build.
Three regulated entities, three endpoints. A login can resolve to Harindale (CySEC), Trinota (FSA), or the DFSA entity, each with its own host and session behaviour. We detect the entity at sign-in and route every later request to match, so an EEA account and an offshore account both sync correctly instead of one silently failing against the wrong host.
WebTrader is a third-party browser terminal. The in-app trading runs through the MT5 WebTrader, which carries its own session lifetime. We model that lifetime and re-establish the session inside its window, so a long backfill does not drop halfway through. Partner and commission data updates on a different rhythm than trader accounts, so we keep IB ingestion on its own schedule rather than forcing it into the per-account sync.
What the screens show
Store screenshots, for reference while mapping surfaces. Select to enlarge.
Brokers in the same shape
A unified integration usually has to cover more than one broker. These sit in the same MetaTrader-backed CFD category and present comparable account and trade data.
- Exness — large retail forex broker on MT4/MT5; account balances, positions, and deal history map to the same record shape.
- XM — MT4/MT5 broker with a comparable client area holding account, transaction, and trade-history data.
- IC Markets — ECN-style broker on MT4, MT5, and cTrader; wide instrument set, similar position and order surfaces.
- Pepperstone — multi-platform broker (MT4, MT5, cTrader, TradingView) with account and trade data behind a client portal.
- FxPro — MT4/MT5/cTrader broker exposing equivalent balance, order, and history records per account.
- Axi — MetaTrader-based broker with a client area covering accounts, payments, and trade history.
- FP Markets — MT4/MT5/cTrader broker with per-account deal and position data.
- FOREX.COM — multi-asset broker holding account statements, transactions, and trade history behind login.
Questions integrators ask
Where does the trade data actually live — in the M4Markets app or somewhere else?
On the MetaTrader 5 server behind the account. The mobile app and the MT5 WebTrader are views onto that server, so the balances, positions, orders, and closed deals we sync are pulled from the MT5 record the login resolves to, not from local app storage.
How do you keep a trade-history sync current instead of re-pulling everything each run?
We backfill the full deal history once, then sync incrementally by deal ticket and close time — each later run asks only for deals after the last ticket we stored. The client we hand over exposes both the one-time backfill and the incremental pull as separate calls.
Does it matter which M4Markets entity my account sits under?
Yes. An account can sit under Harindale Ltd (CySEC, for EEA clients), Trinota Markets Global (FSA Seychelles), or the DFSA entity, and the login resolves to a different endpoint for each. We detect the entity at sign-in and route requests so an EEA account and an offshore account are both handled correctly.
Can you also pull IB and partner commission figures, not just trader accounts?
Yes. Referral lists, custom-link performance, and commission flows live in the partner area and update close to real time, so we ingest them on their own schedule, separate from the per-account trade sync.
Getting a build started
A first working M4Markets client — sign-in, a live balance read, and a dated trade-history query — comes back inside one to two weeks. You can take it two ways. Source-code delivery starts at $300: you get the runnable Python/Node.js client, the sync design, tests, and interface docs, and you pay after delivery once it works for you. Or run against our hosted endpoints and pay per call, with no upfront fee. Tell us the account context and what you want out of its data — access and the compliance paperwork are arranged with you as part of the work. Start the conversation here.
App profile — factual recap
The M4Markets Mobile App (package com.m4marketsclient.mobile) is the mobile client for the M4Markets Group, a retail forex and CFD broker. It consolidates account management, registration and KYC, deposits, withdrawals and internal transfers, profile and notification settings, and trading through a third-party MT5 WebTrader, plus an IB/partner area for referrals and commission tracking. Security features described include biometric login, 2FA, and PIN control. EEA clients are served by Harindale Ltd, authorized and regulated by CySEC under licence 301/16; the group also holds DFSA (Dubai) and FSA (Seychelles) licences. CFDs carry a high risk of rapid loss due to margin trading; this page is about data integration, not trading advice.
Sources & method
Checked in June 2026 against the app's store description and primary broker and regulator pages: the data domains from the app's own feature list and the M4Markets Client Area; the MT5 platform and account types from the broker's platform pages; the regulatory entities from the licence page and the FSA Seychelles register. The MT5 surfaces (history deals, positions, account state) reflect MetaTrader's documented integration model. Primary references:
- M4Markets — licence and regulations (Harindale Ltd, CySEC 301/16)
- M4Markets — MT5 platform and account types
- FSA Seychelles — regulated capital-markets entities
- M4Markets — App Store listing
Compiled from the OpenFinance Lab integration engineering notes · 2026-06-07.