Webhooks

Webhooks let you receive real-time HTTP notifications when key events happen on the platform. Instead of polling the API, you register a URL and APIndicators pushes event data to it as soon as it occurs.

This is ideal for building automated trading bots, alerting systems, or integrating APIndicators signals into external workflows like Telegram bots, Discord channels, or custom dashboards.

Supported Events

You can subscribe to any combination of the following events:

  • signal.buy — Fired when the ML model generates a BUY signal that passes the production threshold.
  • signal.sell — Fired when the ML model generates a SELL signal that passes the production threshold.
  • backtest.run — Fired when a strategy backtest completes.
  • order.filled — Fired when a simulated position is filled (take profit or stop loss hit).

Creating a Webhook

You can create webhooks from the Webhooks page in your dashboard. Each webhook requires:

  • Name— A label to identify the webhook (e.g. "Telegram Bot").
  • URL — The HTTPS endpoint that will receive POST requests.
  • Events — Which events to subscribe to.

Once created, APIndicators generates a signing secret for the webhook. This secret is shown only once — copy it immediately. If you lose it, you must delete the webhook and create a new one.

Payload Format

When an event fires, APIndicators sends a POST request to your URL with a JSON payload:

POST https://your-endpoint.com/webhook
Content-Type: application/json
X-Webhook-Signature: sha256=<hmac_hex_digest>

{
  "event": "signal.buy",
  "timestamp": "2026-04-03T14:30:00Z",
  "data": {
    "pair": "BTCUSDT",
    "side": "buy",
    "score": 0.87,
    "market_type": "trending",
    "interval": "1h"
  }
}

Verifying Signatures

Every webhook request includes an X-Webhook-Signature header containing an HMAC-SHA256 signature of the request body. Always verify this signature to confirm the request came from APIndicators.

# Python
import hmac, hashlib

def verify(payload_body, signature_header, secret):
    expected = "sha256=" + hmac.new(
        secret.encode(), payload_body, hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(expected, signature_header)
// Node.js
const crypto = require("crypto");

function verify(body, signatureHeader, secret) {
  const expected =
    "sha256=" +
    crypto.createHmac("sha256", secret).update(body).digest("hex");
  return crypto.timingSafeEqual(
    Buffer.from(expected),
    Buffer.from(signatureHeader)
  );
}

Delivery & Retries

Each webhook delivery is logged with its status, response code, and response body. You can inspect delivery history in the dashboard under each webhook's detail page.

  • Deliveries have three statuses: pending, delivered (2xx response), or failed (non-2xx or timeout).
  • Your endpoint should respond with a 2xx status within 10 seconds.
  • If the request fails, the delivery is marked as failed. There are currently no automatic retries — monitor your delivery logs.

Plan Limits

The number of webhooks you can create depends on your plan:

Plan        Webhooks
────────────────────
Free        0
Starter     3
Pro         10
Business    Unlimited

Upgrade your plan in the Billing section of the dashboard to increase your webhook limit.

Best Practices

  • Always verify the HMAC signature before processing the payload.
  • Respond quickly (under 10s) and process the event asynchronously if needed.
  • Use HTTPS endpoints only — HTTP URLs are accepted but strongly discouraged.
  • Store the signing secret securely. If compromised, delete the webhook and create a new one.
  • Monitor delivery logs in the dashboard to catch failures early.

Next Steps

Head to the Webhooks page in your dashboard to create your first webhook. Combine webhooks with the AI Signal Explainer or API Playground to build a complete automated trading pipeline.