/
etoro-sso-identity
Cursor Rule
Identity rules for eToro SSO / OAuth integration — `gcid` vs `realCid` vs `demoCid`, why never to use the OIDC `sub` claim as a user key, the `cidList` vs `gcid` data-leak trap, refresh-token rotation, and detecting dead sessions (`invalid_grant`). Apply when implementing "Sign in with eToro", exchanging or refreshing access tokens, calling `/api/v1/me` or `/user-info/people?cidList=`, persisting eToro user records, looking up other users, or handling 401 / refresh failures / "Reconnect to eToro" flows.
eToro API integration for Cursor — rules, skills, and live API documentation for building on the eToro Public API. Covers OAuth SSO, market data, trading, account-snapshot calculations, agent-portfolios (with bulk, rebalance, and conditional-rule flows), and social features.
Rules4
etoro-account-snapshotHow to read and compute eToro account data — balance, available cash, total invested, equity, profit/loss, P&L, open positions, holdings, copy-trading mirrors, pending orders. All sourced from a single endpoint (`/trading/info/{env}/pnl`, response object `clientPortfolio`) that returns the entire account state despite its URL implying P&L only. Apply when building portfolio dashboards, calculating equity or available cash, displaying positions, summing fees, computing P&L, or handling per-position values (native-currency `openRate`, leveraged-position margin via `amount/units`, fees blended with dividends, mirror-position double-array deduplication).
etoro-api-conventionsEnforces eToro Public API request/response conventions — hosts, headers, authentication, casing, rate limits, and per-endpoint quirks.
etoro-id-resolutionResolve eToro instrument IDs from symbols (e.g. AAPL, MSFT, BTC) and user CIDs from usernames. Apply when looking up instruments by symbol or ticker, searching for users / popular investors / copy-trading targets, building watchlists, populating positions for display, fetching instrument metadata (display name, logos, exchange, instrument type), or any external-reference → eToro-numeric-ID lookup via `/market-data/search`, `/market-data/instruments`, or `/user-info/people`.
etoro-sso-identityIdentity rules for eToro SSO / OAuth integration — `gcid` vs `realCid` vs `demoCid`, why never to use the OIDC `sub` claim as a user key, the `cidList` vs `gcid` data-leak trap, refresh-token rotation, and detecting dead sessions (`invalid_grant`). Apply when implementing "Sign in with eToro", exchanging or refreshing access tokens, calling `/api/v1/me` or `/user-info/people?cidList=`, persisting eToro user records, looking up other users, or handling 401 / refresh failures / "Reconnect to eToro" flows.
Skills5
building-etoro-api-clientDeveloper playbook for building a robust HTTP client for the eToro Public API and SSO/STS — request shape, retry strategy by HTTP error class, error-class hierarchy, and 401-then-refresh-once recovery. Use when a developer is writing or refactoring server-side code that calls eToro endpoints (TypeScript / Python / Go / etc.).
etoro-appsFor developers building apps and integrations on top of the eToro API — covers OAuth SSO authentication flows, common patterns for trading bots, portfolio dashboards, and social trading tools. Use when starting a new eToro-backed app or extending an existing one with new endpoint coverage.
handling-etoro-session-expiryDeveloper playbook for detecting and recovering from eToro SSO session expiry — distinguish refresh-token revocation from transient 401s, and surface a "Reconnect to eToro" flow instead of looping on dead tokens. Use when wiring the error-handling layer of an app or designing the frontend's "session expired" UI.
implementing-etoro-ssoDeveloper playbook for implementing eToro OAuth SSO in a server-side app — auth-code grant with PKCE, token exchange, atomic refresh-token rotation, and identity resolution via /api/v1/me. Use when adding "Sign in with eToro" to an app or hardening an existing SSO integration.
resolving-etoro-instrumentsDeveloper playbook for building a robust instrument-resolver — symbol→ID search, batched metadata lookups with adaptive 413/414 sizing, image-variant selection, and background straggler retries. Use when writing the resolution / enrichment layer of a server-side app, populating a watchlist or portfolio UI, or bulk-enriching trade-history rows.