Skip to main content

API Documentation

Everything you need to integrate StockAlert.pro into your applications

Webhooks

Receive real-time HTTP notifications when events occur in your account

Overview

Webhooks allow your application to receive real-time notifications when certain events occur in your StockAlert.pro account. Instead of polling the API for changes, webhooks push data to your endpoint as soon as an event happens.

How it works

  1. Register a webhook endpoint URL in your account
  2. Select the events you want to be notified about
  3. When an event occurs, we send an HTTP POST request to your URL
  4. Your endpoint acknowledges receipt by returning a 2xx status code

Tip: You can have up to 5 webhook endpoints per account, allowing you to send different events to different services.

Webhook Events

EventDescriptionStatus
alert.triggeredAlert condition has been met and notification sentAvailable
alert.createdNew alert created via API or dashboardComing Soon
alert.updatedAlert settings changed (paused/reactivated)Coming Soon
alert.deletedAlert permanently removedComing Soon

Note: Additional events will be added based on user demand. Let us know which events you'd like to see!

Event Payload Example

{
  "event": "alert.triggered",
  "timestamp": "2025-01-01T12:00:00.000Z",
  "data": {
    "alert": {
      "id": "a5d7e3f0-1234-4d8a-9c2b-111111111111",
      "symbol": "AAPL",
      "condition": "price_above",
      "threshold": 200,
      "status": "triggered"
    },
    "stock": {
      "symbol": "AAPL",
      "price": 201.5,
      "change": 2.3,
      "change_percent": 1.15
    }
  }
}

Webhook Endpoints

List Webhooks

GET/api/v1/webhooks

Get a list of all configured webhooks.

Example Response
{
  "success": true,
  "data": [
    {
      "id": "wh_1234567890",
      "url": "https://your-app.com/webhook",
      "events": ["alert.triggered"],
      "is_active": true,
      "created_at": "2024-01-01T00:00:00Z"
    }
  ],
  "meta": {
    "rate_limit": { "limit": 1000, "remaining": 999, "reset": 1736180400000 }
  }
}

Get Webhook

GET/api/v1/webhooks/{id}

Get a single webhook by its id.

Example Request
curl -X GET https://stockalert.pro/api/v1/webhooks/wh_1234567890 \
  -H "X-API-Key: sk_your_api_key"
Example Response
{
  "success": true,
  "data": {
    "id": "wh_1234567890",
    "url": "https://example.com/webhook",
    "events": ["alert.triggered"],
    "is_active": true,
    "created_at": "2024-01-01T00:00:00Z"
  },
  "meta": {
    "rate_limit": { "limit": 1000, "remaining": 999, "reset": 1736180400000 }
  }
}

Create Webhook

POST/api/v1/webhooks

Register a new webhook endpoint.

Request Body
{
  "url": "https://your-app.com/webhook",
  "events": ["alert.triggered"]  // Currently the only available event
}
Parameters
  • url - The HTTPS endpoint that will receive webhook events
  • events - Array of event types to subscribe to

Delete Webhook

DELETE/api/v1/webhooks/{id}

Remove a webhook endpoint.

Example Request
curl -X DELETE https://stockalert.pro/api/v1/webhooks/wh_1234567890 \
  -H "X-API-Key: sk_your_api_key"

Test Webhook

POST/api/v1/webhooks/test

Send a test event to your webhook URL. Slack URLs get a Slack-formatted payload without signature.

Request Body
{
  "url": "https://example.com/webhook",
  "secret": "your-webhook-secret"
}
Example Request
curl -X POST https://stockalert.pro/api/v1/webhooks/test \
  -H "X-API-Key: sk_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://example.com/webhook",
    "secret": "your-webhook-secret"
  }'
Example Response
{
  "success": true,
  "data": {
    "status": 200,
    "statusText": "OK",
    "response": "ok"
  },
  "meta": {
    "rate_limit": { "limit": 5, "remaining": 4, "reset": 1736180400000 }
  }
}

Webhook Security

Signature Verification

Every webhook request includes a signature that you should verify to ensure the request came from StockAlert.pro.

Request Headers
X-StockAlert-Signature: a1b2c3d4e5f6...
X-StockAlert-Event: alert.triggered
X-StockAlert-Timestamp: 2024-01-05T10:30:00Z

The signature is the lowercase hex digest of the JSON payload, calculated with HMAC‑SHA256 using your webhook secret.

Verification Examples

Node.js / JavaScript
const crypto = require('crypto');

function verifyWebhookSignature(payload, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(payload, 'utf8')
    .digest('hex');
  
  return signature && crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
}

// Express.js example
app.post('/webhook', express.raw({type: 'application/json'}), (req, res) => {
  const signature = req.headers['x-stockalert-signature'];
  const payload = req.body;
  
  if (!verifyWebhookSignature(payload, signature, process.env.WEBHOOK_SECRET)) {
    return res.status(401).send('Invalid signature');
  }
  
  // Process webhook...
  res.status(200).send('OK');
});
Python
import hmac
import hashlib

def verify_webhook_signature(payload, signature, secret):
    expected = hmac.new(
        secret.encode('utf-8'),
        payload.encode('utf-8'),
        hashlib.sha256
    ).hexdigest()
    
    return hmac.compare_digest(signature or '', expected)

# Flask example
@app.route('/webhook', methods=['POST'])
def webhook():
    signature = request.headers.get('X-StockAlert-Signature')
    payload = request.get_data(as_text=True)
    
    if not verify_webhook_signature(payload, signature, os.environ['WEBHOOK_SECRET']):
        return 'Invalid signature', 401
    
    # Process webhook...
    return 'OK', 200

Best Practices

  • Always verify signatures - Never process webhooks without verification
  • Use HTTPS endpoints - Webhooks are only sent to secure HTTPS URLs
  • Respond quickly - Return a 2xx status within 5 seconds
  • Handle retries - Failed webhooks are retried up to 3 times
  • Process asynchronously - Queue webhook data for processing to avoid timeouts

Testing Webhooks

During development, you can use services like ngrok or webhook.site to test webhook deliveries:

Using ngrok

# 1. Start your local server
npm run dev  # Runs on http://localhost:3000

# 2. Expose it with ngrok
ngrok http 3000

# 3. Use the HTTPS URL from ngrok as your webhook endpoint
https://abc123.ngrok.io/api/webhook

Note: Webhook endpoints must use HTTPS. HTTP URLs will be rejected for security reasons.

Webhooks - API Documentation | StockAlert.pro