Node.jsintermediatenodejswebhookstradingviewautomation
TradingView Webhook Receiver
A minimal, signature-verified Express endpoint that safely receives TradingView alert webhooks in Node.js.
1 min
TradingView alerts can POST JSON to a webhook URL. This Express handler shows the defensive basics: a shared secret, body validation, and idempotency — the plumbing every automation needs before it touches anything important.
import express from "express";
import crypto from "node:crypto";
const app = express();
app.use(express.json({ limit: "16kb" }));
const SECRET = process.env.WEBHOOK_SECRET; // set this in your environment
const seen = new Set(); // simple in-memory idempotency
app.post("/webhook", (req, res) => {
// 1. Authenticate via a shared secret in the payload.
if (!SECRET || req.body?.secret !== SECRET) {
return res.status(401).json({ error: "unauthorized" });
}
// 2. Validate the shape you expect.
const { id, symbol, action } = req.body;
if (!id || !symbol || !["buy", "sell", "alert"].includes(action)) {
return res.status(422).json({ error: "invalid payload" });
}
// 3. Drop duplicates (TradingView may retry).
if (seen.has(id)) return res.status(200).json({ ok: true, duplicate: true });
seen.add(id);
// 4. Hand off to your own logic. Never block the response on slow work.
console.log("received", { symbol, action });
return res.status(200).json({ ok: true });
});
app.listen(8080, () => console.log("listening on :8080"));Notes
- Put the endpoint behind HTTPS and a reverse proxy; never expose secrets in client code.
- Swap the in-memory
seenset for Redis in production so idempotency survives restarts. - This receives and validates messages — it deliberately does not place any order. Connecting to execution is your responsibility and risk.
This snippet is educational infrastructure code, not a trading system or advice.